[erlang-bugs] Too strict HTTP Status Line parsing

Sverker Eriksson <>
Thu Jun 3 11:38:19 CEST 2010


Alexander Zhuravlev wrote:
> On Wed, Jun 2, 2010 at 14:09, Sverker Eriksson <> wrote:
>   
>> Alexander Zhuravlev wrote:
>>     
>>> Hello,
>>>
>>> I've tried to use lhttpc library (http://bitbucket.org/etc/lhttpc) to
>>> fetch
>>> a resource (http://www.qype.com/review/1376848) and got the following
>>> error:
>>>
>>> {{http_error,"HTTP/1.1 200\r\n"},
>>>        [{lhttpc_client,read_response,5},
>>>        {lhttpc_client,execute,8},
>>>        {lhttpc_client,request,9}]}
>>> I've checked lhttpc source code and found out that to receive and parse an
>>> HTTP
>>> response it uses _standard_ erlang module gen_tcp on a socket in
>>> {packet, http} mode. So it looks like the {http_error,"HTTP/1.1 200\r\n"}
>>> error was
>>> in fact generated by erlang's http packet parsing code.
>>>
>>> I found the following code in packet_parse_http function from
>>> erts/emulator/beam/packet_parser.c file:
>>>
>>> ...
>>> p0 = ptr;
>>> while (n && SP(ptr)) {
>>>        ptr++; n--;
>>> }
>>> if (ptr==p0) return -1;
>>> ...
>>>
>>>
>>>       
>> A change to
>>
>> if (ptr==p0 && n>0) return -1;
>>
>> would do it, right?
>>     
>
> Yes, probably. But I suppose that fact that the string does not have a
> phrase string may cause
> other issues with this call in the packet_parse_http function:
>
> return pcb->http_response(arg, major, minor, status,
>                                       ptr, n);
>
> ptr will point to the end of the string and n will be equal to 0

No, that will work. You will get an empty phrase string as part of the 
http_response-tuple.


/Sverker, Erlang/OTP



More information about the erlang-bugs mailing list