Avoid regexp ranges in HTTP inter-protocol exploitation check.

* module/system/repl/server.scm (permissive-http-request-line?): Avoid character ranges in regexp.
author: Mark H Weaver <mhw@netris.org> 2019-06-18 08:59:47 -0400
committer: Mark H Weaver <mhw@netris.org> 2019-06-18 08:59:47 -0400
commit: 78b261d376520c02173ea4310efd61855acec9ed (patch)
tree: caf90cd29cdb30c1d47a69d91397bbc1aac5282a /module/system/repl/server.scm
parent: 73cde5ed7218a090ecee888870908af5445796f0 (diff)
download: guile-78b261d376520c02173ea4310efd61855acec9ed.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/module/system/repl/server.scm b/module/system/repl/server.scm
index 725eb4eda..e6c18962f 100644
--- a/module/system/repl/server.scm
+++ b/module/system/repl/server.scm
@@ -230,7 +230,7 @@ and then close it.  Return the drained input as a string."
              (string-append
               "^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) "
               "[^ ]+ "
-              "HTTP/[0-9]+.[0-9]+$"))))
+              "HTTP/[0123456789]+.[0123456789]+$"))))
     (lambda (line)
       "Return true if LINE might plausibly be an HTTP request-line,
 otherwise return #f."
author	Mark H Weaver <mhw@netris.org>	2019-06-18 08:59:47 -0400
committer	Mark H Weaver <mhw@netris.org>	2019-06-18 08:59:47 -0400
commit	78b261d376520c02173ea4310efd61855acec9ed (patch)
tree	caf90cd29cdb30c1d47a69d91397bbc1aac5282a /module/system/repl/server.scm
parent	73cde5ed7218a090ecee888870908af5445796f0 (diff)
download	guile-78b261d376520c02173ea4310efd61855acec9ed.tar.gz