[erlang-bugs] erlang:decode_packet - wrong parsing of Sec-WebSock-Accept header
Loïc Hoguin
essen@REDACTED
Tue Jan 29 16:59:03 CET 2013
On 01/29/2013 03:06 PM, Sverker Eriksson wrote:
>> Two, the character S in WebSocket is parsed as lowercase instead of the
>> uppercase it is in the parsed string.
>>
> Header names are case insensitive according to HTTP. To ease matching we
> always return unrecognized strings on a format with capital letters only
> first and after hyphen, like "Sec-Websocket-Accept".
Not exactly true.
3> erlang:decode_packet(httph_bin, <<"sec-websocket-version:
abc\r\n\r\n">>, []).
{ok,{http_header,0,<<"sec-websocket-version">>,undefined,
<<"abc">>},
<<"\r\n">>}
4> erlang:decode_packet(httph_bin, <<"sec-websocket-versio:
abc\r\n\r\n">>, []).
{ok,{http_header,0,<<"Sec-Websocket-Versio">>,undefined,
<<"abc">>},
<<"\r\n">>}
Past a certain number of characters, erlang:decode_packet do not attempt
that. Problem is this header is used in the wild and standardized. You
should consider increasing that limit slightly.
Also, although probably not having any impact in real applications:
6> erlang:decode_packet(httph_bin, <<"sec-websocket--ver:
abc\r\n\r\n">>, []). {ok,{http_header,0,<<"Sec-Websocket--ver">>,undefined,
<<"abc">>},
<<"\r\n">>}
If you got two -- the next word do not get capitalized. Minor oddity.
--
Loïc Hoguin
Erlang Cowboy
Nine Nines
http://ninenines.eu
More information about the erlang-bugs
mailing list