Avoid regexp ranges in HTTP inter-protocol exploitation check.

author Mark H Weaver <mhw@netris.org>

Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)

committer Mark H Weaver <mhw@netris.org>

Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)
author Mark H Weaver <mhw@netris.org>
Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)
committer Mark H Weaver <mhw@netris.org>
Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)
diff --git a/module/system/repl/server.scm b/module/system/repl/server.scm

index 725eb4edac4a7e2cce03c9039063a6aa2d73f5c0..e6c18962f60812c197e0bf5f9609dfd3b50e1e33 100644 (file)
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@@ -230,7 +230,7 @@ and then close it.  Return the drained input as a string."
               (string-append
                "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
                "[^ ]+ "
-              "HTTP/[0-9]+.[0-9]+$"))))
+              "HTTP/[0123456789]+.[0123456789]+$"))))
      (lambda (line)
        "Return true if LINE might plausibly be an HTTP request-line,
  otherwise return #f."
author	Mark H Weaver <mhw@netris.org>
	Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)
committer	Mark H Weaver <mhw@netris.org>
	Tue, 18 Jun 2019 12:59:47 +0000 (08:59 -0400)