[erlang-questions] gen_tcp and large HTTP headers

Steve Vinoski <>
Wed Jun 22 22:19:39 CEST 2011


IMO this is really a bug in the http packet parser. Setting recbuf
might work for this example but if you get a larger URI then it will
obviously fail, as you can't set it large enough.

For this case the packet parser must realize the http request line is
incomplete and complete the parsing only once the whole request line
arrives. Getting this completely right might well require allowing a
way for the application to control how long a URI it wants to allow,
since if the parser just keeps reading in packets to find the end of
the request line someone could deny service by just sending request
packets that contain a really really long URI.

--steve

On Wed, Jun 22, 2011 at 3:53 PM, Roberto Ostinelli <> wrote:
> additional information: this can be solved simply by setting:
> {recbuf, 2000}
>
> any reasons for keeping this value to minimum sizes?
>
>
> 2011/6/22 Roberto Ostinelli <>
>>
>> dear list,
>>
>> i'm using gen_tcp in {packet, http} and {active, once} modes to receive
>> HTTP requests.
>>
>> whenever i use a very large GET header, like such:
>>
>> http://localhost:8080/foo?var=foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
>>
>> the controlling process receives from the socket the message:
>> {SocketMode, Sock,
>>     {http_error, "oobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
>> HTTP/1.1\r\n"}}
>>
>> this looks to me like a MTU issue: the GET header is larger than the MTU,
>> and thus the erlang:decode_packet/3 returns the error of a badly formed HTTP
>> header since it is not complete.
>>
>> since i'm in active mode, my loop looks like this:
>>
>> headers(Sock, H) ->
>>     gen_tcp:setopts(Sock, [{active, once}]),
>>     receive
>>         {SocketMode, Sock, {http_header, _, Header, _, Val} = _Head} ->
>>             headers(Sock, [{Header, Val}|H]);
>>
>>         ...
>>
>>     end.
>>
>> thus, should i use an accumulator? but then should i manually trigger the
>> erlang:decode_packet/3 function?
>>
>> thank you for any insights on this.
>>
>> r.
>
>
>
> --
> -------------------------------------------------------------------
> Roberto Ostinelli
> CTO, WideTag Inc. - Realtime, Social, Green
> widetag.com
> skype: rostinelli
> twitter: ostinelli
> mobile: +39 335 6 100 22 6
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>



More information about the erlang-questions mailing list