Reply with 400 on if*-match parsing crash

src/cowboy_http.erl

@@ -668,7 +668,9 @@ token(<< C, Rest/binary >>, Fun, Case, Acc) ->
 
 -spec quoted_string(binary(), fun()) -> any().
 quoted_string(<< $", Rest/binary >>, Fun) ->
-	quoted_string(Rest, Fun, <<>>).
+	quoted_string(Rest, Fun, <<>>);
+quoted_string(_, _Fun) ->
+    {error, badarg}.
 
 -spec quoted_string(binary(), fun(), binary()) -> any().
 quoted_string(<<>>, _Fun, _Acc) ->

src/cowboy_rest.erl

@@ -523,13 +523,17 @@ resource_exists(Req, State) ->
 
 if_match_exists(Req, State) ->
 	State2 = State#state{exists=true},
-	case cowboy_req:parse_header(<<"if-match">>, Req) of
+	try cowboy_req:parse_header(<<"if-match">>, Req) of
 		{ok, undefined, Req2} ->
 			if_unmodified_since_exists(Req2, State2);
 		{ok, '*', Req2} ->
 			if_unmodified_since_exists(Req2, State2);
 		{ok, ETagsList, Req2} ->
-			if_match(Req2, State2, ETagsList)
+			if_match(Req2, State2, ETagsList);
+		{error, badarg} ->
+			respond(Req, State2, 400)
+	catch Class:Reason ->
+		error_terminate(Req, State2, Class, Reason, if_match)
 	end.
 
 if_match(Req, State, EtagsList) ->
@@ -573,13 +577,17 @@ if_unmodified_since(Req, State, IfUnmodifiedSince) ->
 	end.
 
 if_none_match_exists(Req, State) ->
-	case cowboy_req:parse_header(<<"if-none-match">>, Req) of
+	try cowboy_req:parse_header(<<"if-none-match">>, Req) of
 		{ok, undefined, Req2} ->
 			if_modified_since_exists(Req2, State);
 		{ok, '*', Req2} ->
 			precondition_is_head_get(Req2, State);
 		{ok, EtagsList, Req2} ->
-			if_none_match(Req2, State, EtagsList)
+			if_none_match(Req2, State, EtagsList);
+		{error, badarg} ->
+			respond(Req, State, 400)
+	catch Class:Reason ->
+		error_terminate(Req, State, Class, Reason, if_none_match)
 	end.
 
 if_none_match(Req, State, EtagsList) ->