From ad3a83fb9169899226ce12a61c16b5bf4d03c482 Mon Sep 17 00:00:00 2001 From: jhwz <52683873+jhwz@users.noreply.github.com> Date: Wed, 13 Jul 2022 06:23:55 +1200 Subject: admin: expect quoted ETags (#4879) * expect quoted etags * admin: Minor refactor of etag facilities Co-authored-by: Matthew Holt --- caddy.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'caddy.go') diff --git a/caddy.go b/caddy.go index 0c6dfcd00..98ee5b39b 100644 --- a/caddy.go +++ b/caddy.go @@ -145,8 +145,16 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force defer currentCfgMu.Unlock() if ifMatchHeader != "" { + // expect the first and last character to be quotes + if len(ifMatchHeader) < 2 || ifMatchHeader[0] != '"' || ifMatchHeader[len(ifMatchHeader)-1] != '"' { + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed If-Match header; expect quoted string"), + } + } + // read out the parts - parts := strings.Fields(ifMatchHeader) + parts := strings.Fields(ifMatchHeader[1 : len(ifMatchHeader)-1]) if len(parts) != 2 { return APIError{ HTTPStatus: http.StatusBadRequest, -- cgit v1.2.3