From c445c62b4d6488ddeefb27e587d3684f7b94e49b Mon Sep 17 00:00:00 2001
From: Dan Goodliffe <dan@randomdan.homeip.net>
Date: Thu, 17 Dec 2020 19:23:14 +0000
Subject: Bail early if accept header is empty or all WS

---
 icespider/core/ihttpRequest.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/icespider/core/ihttpRequest.cpp b/icespider/core/ihttpRequest.cpp
index 75b050a..025509f 100644
--- a/icespider/core/ihttpRequest.cpp
+++ b/icespider/core/ihttpRequest.cpp
@@ -37,6 +37,10 @@ namespace IceSpider {
 	Accepted
 	IHttpRequest::parseAccept(const std::string_view & acceptHdr)
 	{
+		if (acceptHdr.empty()
+				|| std::find_if_not(acceptHdr.begin(), acceptHdr.end(), std::iswspace) == acceptHdr.end()) {
+			throw Http400_BadRequest();
+		}
 		auto accept = std::unique_ptr<FILE, decltype(&fclose)>(
 				fmemopen(const_cast<char *>(acceptHdr.data()), acceptHdr.length(), "r"), &fclose);
 		Accepted accepts;
-- 
cgit v1.2.3