Overview

File 0242-inets-Gracefully-handle-bad-headers.patch of Package erlang

From daba7e0abe4a5642543676e966298b08dee83eb9 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 12 Apr 2018 14:24:08 +0200
Subject: [PATCH] inets: Gracefully handle bad headers

max_headers operated on the individual header length instead of
the total length of all headers. Also headers with empty keys are
now discarded.
---
 lib/inets/src/http_lib/http_request.erl     | 6 ++++--
 lib/inets/src/http_server/httpd_request.erl | 6 +++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/inets/src/http_lib/http_request.erl b/lib/inets/src/http_lib/http_request.erl
index f68b233e10..8ca1542164 100644
--- a/lib/inets/src/http_lib/http_request.erl
+++ b/lib/inets/src/http_lib/http_request.erl
@@ -27,10 +27,12 @@
 
 key_value(KeyValueStr) ->
     case lists:splitwith(fun($:) -> false; (_) -> true end, KeyValueStr) of
-	{Key, [$: | Value]} ->
+	{Key, [$: | Value]} when Key =/= [] ->
 	    {http_util:to_lower(string:strip(Key)),  string:strip(Value)};
 	{_, []} -> 
-	    undefined
+	    undefined;
+        _ ->
+            undefined 
     end.
 %%-------------------------------------------------------------------------
 %% headers(HeaderList, #http_request_h{}) -> #http_request_h{}
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 007d272323..e513eb8a3a 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -259,17 +259,17 @@ parse_headers(<<?LF, Octet, Rest/binary>>, Header, Headers, Current, Max,
     %% If ?CR is is missing RFC2616 section-19.3 
     parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, Current, Max,
 		  Options, Result); 
-parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, _, Max,
+parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, Current, Max,
 	      Options, Result) ->
     case http_request:key_value(lists:reverse(Header)) of
 	undefined -> %% Skip headers with missing :
 	    parse_headers(Rest, [Octet], Headers, 
-			  0, Max, Options, Result);
+			  Current, Max, Options, Result);
 	NewHeader ->
 	    case check_header(NewHeader, Options) of 
 		ok ->
 		    parse_headers(Rest, [Octet], [NewHeader | Headers], 
-				  0, Max, Options, Result);
+				  Current, Max, Options, Result);
 		{error, Reason} ->
 		    HttpVersion = lists:nth(3, lists:reverse(Result)),
 		    {error, Reason, HttpVersion}
-- 
2.16.3
openSUSE Build Service is sponsored by
Places