[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploi
From: |
Mark H. Weaver |
Subject: |
[Guile-commits] 01/01: Avoid regexp ranges in HTTP inter-protocol exploitation check. |
Date: |
Tue, 18 Jun 2019 09:07:35 -0400 (EDT) |
mhw pushed a commit to branch stable-2.2
in repository guile.
commit 78b261d376520c02173ea4310efd61855acec9ed
Author: Mark H Weaver <address@hidden>
Date: Tue Jun 18 08:59:47 2019 -0400
Avoid regexp ranges in HTTP inter-protocol exploitation check.
* module/system/repl/server.scm (permissive-http-request-line?): Avoid
character ranges in regexp.
---
module/system/repl/server.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/module/system/repl/server.scm b/module/system/repl/server.scm
index 725eb4e..e6c1896 100644
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@@ -230,7 +230,7 @@ and then close it. Return the drained input as a string."
(string-append
"^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
"[^ ]+ "
- "HTTP/[0-9]+.[0-9]+$"))))
+ "HTTP/[0123456789]+.[0123456789]+$"))))
(lambda (line)
"Return true if LINE might plausibly be an HTTP request-line,
otherwise return #f."