<div dir="ltr">On Tue, Aug 26, 2008 at 11:10 PM, karol skocik <span dir="ltr"><<a href="mailto:karol.skocik@gmail.com">karol.skocik@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>
there is a bug in inets/http_uri.erl in function parse_uri_rest,<br>
which first looks for '/' and then for '?' to get hostname and query<br>
params.<br>
This is not very good since some requests can have '/' after '?',<br>
which messes up the hostname.<br>
Example:<br>
<br>
(netskin@mars)15><br>
http_uri:parse("<a href="http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D" target="_blank">http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D</a>").<br>
{http,[],"<a href="http://ec2.amazonaws.com" target="_blank">ec2.amazonaws.com</a>",80,"/",<br>
"?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}<br>
<br>
which is ok, hostname is "<a href="http://ec2.amazonaws.com" target="_blank">ec2.amazonaws.com</a>", but now:<br>
<br>
(netskin@mars)29><br>
http_uri:parse("<a href="http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D" target="_blank">http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D</a>").<br>
{http,[],<br>
"<a href="http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0" target="_blank">ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0</a>",<br>
80,<br>
"/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",<br>
[]}<br>
<br>
here, parameter CidrIp=<a href="http://0.0.0.0/6" target="_blank">0.0.0.0/6</a> denotes ip range you want to allow<br>
access to, with '/'. This results to {error, nxdomain} from<br>
http:request.<br>
<br>
Karol<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://www.erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div><br>According to RFC [1] these URLs are incorrect. Hostname and url-path have to be separated with "/". Hence there is no bug here<br><br>1: <a href="http://www.ietf.org/rfc/rfc1738.txt" target="_blank">http://www.ietf.org/rfc/rfc1738.txt</a><br clear="all">
<br>P.S. Karol, sorry for previous incomplete mail, I've hit "Send" by mistake...<br><br>-- <br>Gleb Peregud<br><a href="http://gleber.pl/">http://gleber.pl/</a><br><br>Every minute is to be grasped.<br>Time waits for nobody.<br>
-- Inscription on a Zen Gong<br>
</div>