[erlang-questions] [BUG] in inets/http_uri.erl

karol skocik <>
Tue Aug 26 23:10:50 CEST 2008


Hi,
  there is a bug in inets/http_uri.erl in function parse_uri_rest,
which first looks for '/' and then for '?' to get hostname and query
params.
This is not very good since some requests can have '/' after '?',
which messes up the hostname.
Example:

()15>
http_uri:parse("http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D").
{http,[],"ec2.amazonaws.com",80,"/",
      "?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}

which is ok, hostname is "ec2.amazonaws.com", but now:

()29>
http_uri:parse("http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D").
{http,[],
      "ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0",
      80,
      "/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
      []}

here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
access to, with '/'. This results to {error, nxdomain} from
http:request.

Karol



More information about the erlang-questions mailing list