[erlang-bugs] httpc_handler crash on malformed content-length

Magnus Mueller magnus.mueller@REDACTED
Tue Feb 18 11:24:32 CET 2014


Hello List.

httpc_handler crashes hard when the supplied content-length is not parseable with list_to_integer.

== Steps to reproduce ==

1) Use netcat to listen at a specific port (nc -l 30100)
2) Open an Erlang shell, start inets and perform a httpc request
3) After httpc sent its request, write the following into stdin of netcat (followed by two newlines):

    HTTP/1.1 200 OK
    content-length: die!

=== httpc in repl ===

(repl_1@REDACTED)1> inets:start().
ok
(repl_1@REDACTED)2> httpc:request("http://localhost:30100").
{error,
    {badarg,
        [{erlang,list_to_integer,["die!"],[]},
         {httpc_handler,handle_http_body,2,
             [{file,"httpc_handler.erl"},{line,1143}]},
         {httpc_handler,handle_info,2,
             [{file,"httpc_handler.erl"},{line,462}]},
         {gen_server,handle_msg,5,
             [{file,"gen_server.erl"},{line,604}]},
         {proc_lib,init_p_do_apply,3,
             [{file,"proc_lib.erl"},{line,239}]}]}}
(repl_1@REDACTED)3> 
=ERROR REPORT==== 18-Feb-2014::11:16:52 ===
** Generic server <0.55.0> terminating 
** Last message in was {tcp,#Port<0.3049>,<<"\n">>}
** When Server state == {state,
                            {request,#Ref<0.0.0.90>,<0.41.0>,0,http,
                                {"localhost",30100},
                                "/",[],get,
                                {http_request_h,undefined,"keep-alive",
                                    undefined,undefined,undefined,undefined,
                                    undefined,undefined,undefined,undefined,
                                    undefined,undefined,undefined,undefined,
                                    undefined,undefined,"localhost:30100",
                                    undefined,undefined,undefined,undefined,
                                    undefined,undefined,undefined,undefined,
                                    undefined,[],undefined,undefined,
                                    undefined,undefined,"0",undefined,
                                    undefined,undefined,undefined,undefined,
                                    undefined,[]},
                                {[],[]},
                                {http_options,"HTTP/1.1",infinity,true,
                                    {essl,[]},
                                    undefined,false,infinity,false},
                                "http://localhost:30100",[],none,[],
                                1392718605743,undefined,undefined,false},
                            {session,
                                {{"localhost",30100},<0.55.0>}, 
                                false,http,#Port<0.3049>,ip_comm,1,keep_alive,
                                false},
                            undefined,undefined,undefined,
                            {httpc_response,parse_headers,
                                [<<"\r\n">>,"!eid :htgnel-tnetnoc",[],nolimit,
                                 ["OK",200,"HTTP/1.1"],
                                 false]},
                            {[],[]},
                            {[],[]},
                            new,[],nolimit,nolimit,
                            {options,
                                {undefined,[]},
                                {undefined,[]},
                                0,2,5,120000,2,disabled,false,inet,default,
                                default,[]},
                            {timers,[],undefined},
                            httpc_manager,inactive}
** Reason for termination == 
** {badarg,[{erlang,list_to_integer,["die!"],[]},
            {httpc_handler,handle_http_body,2,
                           [{file,"httpc_handler.erl"},{line,1143}]},
            {httpc_handler,handle_info,2,
                           [{file,"httpc_handler.erl"},{line,462}]},
            {gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,604}]},
            {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]}



More information about the erlang-bugs mailing list