[Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploi

guile-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploi

From:	Mark H. Weaver
Subject:	[Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploitation check.
Date:	Tue, 18 Jun 2019 09:07:35 -0400 (EDT)

mhw pushed a commit to branch stable-2.2
in repository guile.

commit 78b261d376520c02173ea4310efd61855acec9ed
Author: Mark H Weaver <address@hidden>
Date:   Tue Jun 18 08:59:47 2019 -0400

    Avoid regexp ranges in HTTP inter-protocol exploitation check.
    
    * module/system/repl/server.scm (permissive-http-request-line?): Avoid
    character ranges in regexp.
---
 module/system/repl/server.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/module/system/repl/server.scm b/module/system/repl/server.scm
index 725eb4e..e6c1896 100644
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@@ -230,7 +230,7 @@ and then close it.  Return the drained input as a string."
              (string-append
               "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
               "[^ ]+ "
-              "HTTP/[0-9]+.[0-9]+$"))))
+              "HTTP/[0123456789]+.[0123456789]+$"))))
     (lambda (line)
       "Return true if LINE might plausibly be an HTTP request-line,
 otherwise return #f."

[Prev in Thread]

Current Thread

[Next in Thread]

[Guile-commits] branch stable-2.2 updated (73cde5e -> 78b261d), Mark H. Weaver, 2019/06/18
- [Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploitation check., Mark H. Weaver <=

Prev by Date: [Guile-commits] 01/01: web: Add support for HTTP header continuation lines.
Next by Date: [Guile-commits] branch stable-2.2 updated (73cde5e -> 78b261d)
Previous by thread: [Guile-commits] branch stable-2.2 updated (73cde5e -> 78b261d)
Next by thread: [Guile-commits] branch stable-2.2 updated (78b261d -> 4c1901b)
Index(es):
- Date
- Thread