mirror/guile
mirror/guile
1
Fork 0
mirror of https://git.savannah.gnu.org/git/guile.git synced 2025-05-20 19:50:24 +02:00
Code Activity

Avoid regexp ranges in HTTP inter-protocol exploitation check.

Browse source 
* module/system/repl/server.scm (permissive-http-request-line?): Avoid
character ranges in regexp.
This commit is contained in:
Mark H Weaver 2019-06-18 08:59:47 -04:00
parent 73cde5ed72
commit 78b261d376
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
module/system/repl/server.scm
View file

@ -230,7 +230,7 @@ and then close it. Return the drained input as a string."
(string-append (string-append
"^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
"[^ ]+ " "[^ ]+ "
"HTTP/[0-9]+.[0-9]+$")))) "HTTP/[0123456789]+.[0123456789]+$"))))
(lambda (line) (lambda (line)
"Return true if LINE might plausibly be an HTTP request-line, "Return true if LINE might plausibly be an HTTP request-line,
otherwise return #f." otherwise return #f."