umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-14 20:30:23 +00:00
Code Issues Wiki Activity

Avoid crashing in cowboy_req on invalid Accept-Encoding header

Browse source 
Certain clients send malformed Accept-Encoding headers, which causes
cowboy_req to crash is compression is enabled.
This commit is contained in:
Ali Sabil 2013-06-10 15:22:05 +02:00
parent a55c20c4ef
commit ba1eca6b97
1 changed files with 30 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

55
src/cowboy_req.erl
View file

@ -1021,31 +1021,36 @@ reply(Status, Headers, Body, Req=#http_req{
reply_may_compress(Status, Headers, Body, Req, reply_may_compress(Status, Headers, Body, Req,
RespHeaders, HTTP11Headers, Method) -> RespHeaders, HTTP11Headers, Method) ->
BodySize = iolist_size(Body), BodySize = iolist_size(Body),
{ok, Encodings, Req2} = parse_header(<<"accept-encoding">>, Req), case parse_header(<<"accept-encoding">>, Req) of
CanGzip = (BodySize > 300) {ok, Encodings, Req2} ->
andalso (false =:= lists:keyfind(<<"content-encoding">>, CanGzip = (BodySize > 300)
1, Headers)) andalso (false =:= lists:keyfind(<<"content-encoding">>,
andalso (false =:= lists:keyfind(<<"content-encoding">>, 1, Headers))
1, RespHeaders)) andalso (false =:= lists:keyfind(<<"content-encoding">>,
andalso (false =:= lists:keyfind(<<"transfer-encoding">>, 1, RespHeaders))
1, Headers)) andalso (false =:= lists:keyfind(<<"transfer-encoding">>,
andalso (false =:= lists:keyfind(<<"transfer-encoding">>, 1, Headers))
1, RespHeaders)) andalso (false =:= lists:keyfind(<<"transfer-encoding">>,
andalso (Encodings =/= undefined) 1, RespHeaders))
andalso (false =/= lists:keyfind(<<"gzip">>, 1, Encodings)), andalso (Encodings =/= undefined)
case CanGzip of andalso (false =/= lists:keyfind(<<"gzip">>, 1, Encodings)),
true -> case CanGzip of
GzBody = zlib:gzip(Body), true ->
{_, Req3} = response(Status, Headers, RespHeaders, [ GzBody = zlib:gzip(Body),
{<<"content-length">>, integer_to_list(byte_size(GzBody))}, {_, Req3} = response(Status, Headers, RespHeaders, [
{<<"content-encoding">>, <<"gzip">>}, {<<"content-length">>, integer_to_list(byte_size(GzBody))},
{<<"date">>, cowboy_clock:rfc1123()}, {<<"content-encoding">>, <<"gzip">>},
{<<"server">>, <<"Cowboy">>} {<<"date">>, cowboy_clock:rfc1123()},
|HTTP11Headers], {<<"server">>, <<"Cowboy">>}
case Method of <<"HEAD">> -> <<>>; _ -> GzBody end, |HTTP11Headers],
Req2), case Method of <<"HEAD">> -> <<>>; _ -> GzBody end,
Req3; Req2),
false -> Req3;
false ->
reply_no_compress(Status, Headers, Body, Req,
RespHeaders, HTTP11Headers, Method, BodySize)
end;
{error, badarg} ->
reply_no_compress(Status, Headers, Body, Req, reply_no_compress(Status, Headers, Body, Req,
RespHeaders, HTTP11Headers, Method, BodySize) RespHeaders, HTTP11Headers, Method, BodySize)
end. end.