Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:20
erlang
0898-erts-Do-not-allow-whitespace-in-http-heade...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0898-erts-Do-not-allow-whitespace-in-http-header-at-all.patch of Package erlang
From 2407480445e6f8f34c886b1bdad2f38034e62a9f Mon Sep 17 00:00:00 2001 From: Lukas Larsson <lukas@erlang.org> Date: Fri, 8 Nov 2019 13:31:48 +0100 Subject: [PATCH] erts: Do not allow whitespace in http header at all In RFC 7230 headers must not include any whitespaces because of security reasons. This change returns a http_error when a header ends with a whitespace. i.e. The below is no longer allowed: Host : localhost:8000 --- erts/emulator/beam/packet_parser.c | 3 --- erts/emulator/test/decode_packet_SUITE.erl | 12 +++++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/erts/emulator/beam/packet_parser.c b/erts/emulator/beam/packet_parser.c index 4b526887b5..c0937aa5f2 100644 --- a/erts/emulator/beam/packet_parser.c +++ b/erts/emulator/beam/packet_parser.c @@ -816,9 +816,6 @@ int packet_parse_http(const char* buf, int len, int* statep, ptr++; if (--n == 0) return -1; } - while (n && SP(ptr)) { /* Skip white space before ':' */ - ptr++; n--; - } if (*ptr != ':') { return -1; } diff --git a/erts/emulator/test/decode_packet_SUITE.erl b/erts/emulator/test/decode_packet_SUITE.erl index ef13b515fb..d0f46167e4 100644 --- a/erts/emulator/test/decode_packet_SUITE.erl +++ b/erts/emulator/test/decode_packet_SUITE.erl @@ -330,6 +330,15 @@ http(Config) when is_list(Config) -> %% Response with empty phrase {ok,{http_response,{1,1},200,[]},<<>>} = decode_pkt(http, <<"HTTP/1.1 200\r\n">>, []), {ok,{http_response,{1,1},200,<<>>},<<>>} = decode_pkt(http_bin, <<"HTTP/1.1 200\r\n">>, []), + + + %% Test error cases + {ok,{http_error,"Host\t: localhost:8000\r\n"},<<"a">>} = + decode_pkt(httph, <<"Host\t: localhost:8000\r\na">>, []), + {ok,{http_error,"Host : localhost:8000\r\n"},<<"a">>} = + decode_pkt(httph, <<"Host : localhost:8000\r\na">>, []), + {ok,{http_error," : localhost:8000\r\n"},<<"a">>} = + decode_pkt(httph, <<" : localhost:8000\r\na">>, []), ok. http_with_bin(http) -> @@ -366,9 +375,6 @@ http_request(Msg) -> {"Connection: close\r\n", {http_header,2,'Connection',undefined, "close"}, {http_header,2,'Connection',undefined,<<"close">>}}, - {"Host\t : localhost:8000\r\n", % white space before : - {http_header,14,'Host',undefined, "localhost:8000"}, - {http_header,14,'Host',undefined,<<"localhost:8000">>}}, {"User-Agent: perl post\r\n", {http_header,24,'User-Agent',undefined, "perl post"}, {http_header,24,'User-Agent',undefined,<<"perl post">>}}, -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor