[erlang-bugs] erlang:decode_packet - wrong parsing of Sec-WebSock-Accept header
Sverker Eriksson
sverker.eriksson@REDACTED
Tue Jan 29 17:32:19 CET 2013
Loïc Hoguin wrote:
> On 01/29/2013 03:06 PM, Sverker Eriksson wrote:
>>> Two, the character S in WebSocket is parsed as lowercase instead of the
>>> uppercase it is in the parsed string.
>>>
>> Header names are case insensitive according to HTTP. To ease matching we
>> always return unrecognized strings on a format with capital letters only
>> first and after hyphen, like "Sec-Websocket-Accept".
>
> Not exactly true.
>
> 3> erlang:decode_packet(httph_bin, <<"sec-websocket-version:
> abc\r\n\r\n">>, []).
> {ok,{http_header,0,<<"sec-websocket-version">>,undefined,
> <<"abc">>},
> <<"\r\n">>}
> 4> erlang:decode_packet(httph_bin, <<"sec-websocket-versio:
> abc\r\n\r\n">>, []).
> {ok,{http_header,0,<<"Sec-Websocket-Versio">>,undefined,
> <<"abc">>},
> <<"\r\n">>}
>
> Past a certain number of characters, erlang:decode_packet do not
> attempt that. Problem is this header is used in the wild and
> standardized. You should consider increasing that limit slightly.
>
Deja vu. I thought we fixed this, apparently not.
The limiting factor is an internal buffer with a static size of 20
characters. I guess increasing the buffer to... say 50 characters would
do as a pragmatic solution.
/Sverker
More information about the erlang-bugs
mailing list