[erlang-questions] [BUG] in inets/http_uri.erl
karol skocik
karol.skocik@REDACTED
Tue Aug 26 23:10:50 CEST 2008
Hi,
there is a bug in inets/http_uri.erl in function parse_uri_rest,
which first looks for '/' and then for '?' to get hostname and query
params.
This is not very good since some requests can have '/' after '?',
which messes up the hostname.
Example:
(netskin@REDACTED)15>
http_uri:parse("http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D").
{http,[],"ec2.amazonaws.com",80,"/",
"?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}
which is ok, hostname is "ec2.amazonaws.com", but now:
(netskin@REDACTED)29>
http_uri:parse("http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D").
{http,[],
"ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0",
80,
"/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
[]}
here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
access to, with '/'. This results to {error, nxdomain} from
http:request.
Karol
More information about the erlang-questions
mailing list