umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-14 20:30:23 +00:00
Code Issues Wiki Activity

Reject whitespace before/after HTTP/1.1 header names properly

Browse source
This commit is contained in:
Loïc Hoguin 2017-11-29 18:01:16 +01:00
parent bec9a43d50
commit aea172857f
No known key found for this signature in database
GPG key ID: 8A9DF795F6FED764
1 changed files with 5 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/cowboy_http.erl
View file

@ -490,19 +490,14 @@ parse_hd_name(<< $:, Rest/bits >>, State, H, SoFar) ->
parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, <<>>) when ?IS_WS(C) ->
error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
{connection_error, protocol_error,
'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2)'});
parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) when ?IS_WS(C) ->
parse_hd_name_ws(Rest, State, H, SoFar);
'Whitespace is not allowed before the header name. (RFC7230 3.2)'});
parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, _) when ?IS_WS(C) ->
error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
{connection_error, protocol_error,
'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2.4)'});
parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) ->
?LOWER(parse_hd_name, Rest, State, H, SoFar).
parse_hd_name_ws(<< C, Rest/bits >>, S, H, Name) ->
case C of
$\s -> parse_hd_name_ws(Rest, S, H, Name);
$\t -> parse_hd_name_ws(Rest, S, H, Name);
$: -> parse_hd_before_value(Rest, S, H, Name)
end.
parse_hd_before_value(<< $\s, Rest/bits >>, S, H, N) ->
parse_hd_before_value(Rest, S, H, N);
parse_hd_before_value(<< $\t, Rest/bits >>, S, H, N) ->