From: Mark H Weaver <mhw@netris.org>
Date: Tue, 18 Jun 2019 12:59:47 +0000 (-0400)
Subject: Avoid regexp ranges in HTTP inter-protocol exploitation check.
X-Git-Tag: v2.2.5~12
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=78b261d376520c02173ea4310efd61855acec9ed;p=platform%2Fupstream%2Fguile.git

Avoid regexp ranges in HTTP inter-protocol exploitation check.

* module/system/repl/server.scm (permissive-http-request-line?): Avoid
character ranges in regexp.
---

diff --git a/module/system/repl/server.scm b/module/system/repl/server.scm
index 725eb4eda..e6c18962f 100644
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@@ -230,7 +230,7 @@ and then close it.  Return the drained input as a string."
              (string-append
               "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
               "[^ ]+ "
-              "HTTP/[0-9]+.[0-9]+$"))))
+              "HTTP/[0123456789]+.[0123456789]+$"))))
     (lambda (line)
       "Return true if LINE might plausibly be an HTTP request-line,
 otherwise return #f."