From d4b4f35a0ecff8fdad416a7f3bab85a2b7a7e375 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Tue, 27 Sep 2016 23:22:30 +0200 Subject: [PATCH] ejabberd_http: Handle missing POST data gracefully Return a "bad request" error instead of crashing if receiving POST/PUT data fails. --- src/ejabberd_http.erl | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl index 31f80be78..e6e49d9b2 100644 --- a/src/ejabberd_http.erl +++ b/src/ejabberd_http.erl @@ -396,18 +396,21 @@ extract_path_query(#state{request_method = Method, socket = _Socket} = State) when (Method =:= 'POST' orelse Method =:= 'PUT') andalso is_integer(Len) -> - {NewState, Data} = recv_data(State, Len), - ?DEBUG("client data: ~p~n", [Data]), - case catch url_decode_q_split(Path) of - {'EXIT', _} -> {NewState, false}; - {NPath, _Query} -> - LPath = normalize_path([NPE - || NPE <- str:tokens(path_decode(NPath), <<"/">>)]), - LQuery = case catch parse_urlencoded(Data) of - {'EXIT', _Reason} -> []; - LQ -> LQ - end, - {NewState, {LPath, LQuery, Data}} + case recv_data(State, Len) of + error -> {State, false}; + {NewState, Data} -> + ?DEBUG("client data: ~p~n", [Data]), + case catch url_decode_q_split(Path) of + {'EXIT', _} -> {NewState, false}; + {NPath, _Query} -> + LPath = normalize_path([NPE + || NPE <- str:tokens(path_decode(NPath), <<"/">>)]), + LQuery = case catch parse_urlencoded(Data) of + {'EXIT', _Reason} -> []; + LQ -> LQ + end, + {NewState, {LPath, LQuery, Data}} + end end; extract_path_query(State) -> {State, false}. @@ -525,7 +528,7 @@ recv_data(State, Len, Acc) -> recv_data(State, Len - byte_size(Data), <>); Err -> ?DEBUG("Cannot receive HTTP data: ~p", [Err]), - <<"">> + error end; _ -> Trail = (State#state.trail),