[erlang-questions] gen_tcp and large HTTP headers

Roberto Ostinelli <>
Wed Jun 22 22:25:54 CEST 2011


hi steve,

it does look so indeed. i actually do receive the http_request message:

{http, Sock, {http_request, Method, Path, Version}}

even though the GET request has obviously been shortened, so that the
remaining part of the GET request gets passed over and then generates the
http_error message while parsing headers.

i guess i actually should not receive the http_request message, since the
GET header is incomplete.


2011/6/22 Steve Vinoski <>

> IMO this is really a bug in the http packet parser. Setting recbuf
> might work for this example but if you get a larger URI then it will
> obviously fail, as you can't set it large enough.
>
> For this case the packet parser must realize the http request line is
> incomplete and complete the parsing only once the whole request line
> arrives. Getting this completely right might well require allowing a
> way for the application to control how long a URI it wants to allow,
> since if the parser just keeps reading in packets to find the end of
> the request line someone could deny service by just sending request
> packets that contain a really really long URI.
>
> --steve
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110622/4b864ce4/attachment.html>


More information about the erlang-questions mailing list