Avoid regexp ranges in HTTP inter-protocol exploitation check.

* module/system/repl/server.scm (permissive-http-request-line?): Avoid character ranges in regexp.
2025-05-20 11:40:18 +02:00 · 2019-06-18 08:59:47 -04:00 · 2019-06-18 08:59:47 -04:00 · 78b261d376
commit 78b261d376
parent 73cde5ed72
1 changed files with 1 additions and 1 deletions
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@ -230,7 +230,7 @@ and then close it.  Return the drained input as a string."
             (string-append
              "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
              "[^ ]+ "
-              "HTTP/[0-9]+.[0-9]+$"))))
+              "HTTP/[0123456789]+.[0123456789]+$"))))
    (lambda (line)
      "Return true if LINE might plausibly be an HTTP request-line,
 otherwise return #f."