[erlang-questions] [BUG] in inets/http_uri.erl

karol skocik <>
Tue Aug 26 23:41:56 CEST 2008


Well, ok, I am no URI expert. They might be correct, but the fact is
that python http client can work with them and do ec2
AuthorizeSecurityGroupIngress requests, and they unfortunately have
'/' as a part of the parameter value. The question is, what to do
about that. Erlang already has an HTTPOption 'relaxed' in
http:request. This case might be a good candidate for inclusion in the
bag along with other irregularities allowed with 'relaxed' option.

Cheers,
  Karol

On Tue, Aug 26, 2008 at 11:23 PM, Gleb Peregud <> wrote:
> On Tue, Aug 26, 2008 at 11:10 PM, karol skocik <>
> wrote:
>>
>> Hi,
>>  there is a bug in inets/http_uri.erl in function parse_uri_rest,
>> which first looks for '/' and then for '?' to get hostname and query
>> params.
>> This is not very good since some requests can have '/' after '?',
>> which messes up the hostname.
>> Example:
>>
>> ()15>
>>
>> http_uri:parse("http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D").
>> {http,[],"ec2.amazonaws.com",80,"/",
>>
>>  "?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}
>>
>> which is ok, hostname is "ec2.amazonaws.com", but now:
>>
>> ()29>
>>
>> http_uri:parse("http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D").
>> {http,[],
>>
>>  "ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0",
>>      80,
>>
>>  "/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
>>      []}
>>
>> here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
>> access to, with '/'. This results to {error, nxdomain} from
>> http:request.
>>
>> Karol
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://www.erlang.org/mailman/listinfo/erlang-questions
>
> According to RFC [1] these URLs are incorrect. Hostname and url-path have to
> be separated with "/". Hence there is no bug here
>
> 1: http://www.ietf.org/rfc/rfc1738.txt
>
> P.S. Karol, sorry for previous incomplete mail, I've hit "Send" by
> mistake...
>
> --
> Gleb Peregud
> http://gleber.pl/
>
> Every minute is to be grasped.
> Time waits for nobody.
> -- Inscription on a Zen Gong
>



More information about the erlang-questions mailing list