[erlang-questions] gen_tcp and large HTTP headers

Loïc Hoguin <>
Wed Jun 22 23:17:40 CEST 2011


More info here:
  https://github.com/extend/cowboy/issues/3

We just switched to calling decode_packet directly. It's a bug in
gen_tcp when in HTTP mode, not decode_packet, so it works fine now. I
haven't had the time to find the exact source of this bug but it's on my
todo list.

Cheers.

On 06/22/2011 10:25 PM, Roberto Ostinelli wrote:
> hi steve,
> 
> it does look so indeed. i actually do receive the http_request message:
> 
> {http, Sock, {http_request, Method, Path, Version}}
> 
> even though the GET request has obviously been shortened, so that the
> remaining part of the GET request gets passed over and then generates
> the http_error message while parsing headers.
> 
> i guess i actually should not receive the http_request message, since
> the GET header is incomplete.
> 
> 
> 2011/6/22 Steve Vinoski < <mailto:>>
> 
>     IMO this is really a bug in the http packet parser. Setting recbuf
>     might work for this example but if you get a larger URI then it will
>     obviously fail, as you can't set it large enough.
> 
>     For this case the packet parser must realize the http request line is
>     incomplete and complete the parsing only once the whole request line
>     arrives. Getting this completely right might well require allowing a
>     way for the application to control how long a URI it wants to allow,
>     since if the parser just keeps reading in packets to find the end of
>     the request line someone could deny service by just sending request
>     packets that contain a really really long URI.
> 
>     --steve
> 
> 
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions


-- 
Loïc Hoguin
Dev:Extend



More information about the erlang-questions mailing list