[erlang-questions] [BUG] in inets/http_uri.erl
Gleb Peregud
gleber.p@REDACTED
Tue Aug 26 23:23:11 CEST 2008
On Tue, Aug 26, 2008 at 11:10 PM, karol skocik <karol.skocik@REDACTED>wrote:
> Hi,
> there is a bug in inets/http_uri.erl in function parse_uri_rest,
> which first looks for '/' and then for '?' to get hostname and query
> params.
> This is not very good since some requests can have '/' after '?',
> which messes up the hostname.
> Example:
>
> (netskin@REDACTED)15>
> http_uri:parse("
> http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D
> ").
> {http,[],"ec2.amazonaws.com",80,"/",
>
> "?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}
>
> which is ok, hostname is "ec2.amazonaws.com", but now:
>
> (netskin@REDACTED)29>
> http_uri:parse("
> http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D
> ").
> {http,[],
> "
> ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0
> ",
> 80,
>
> "/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
> []}
>
> here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
> access to, with '/'. This results to {error, nxdomain} from
> http:request.
>
> Karol
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
>
According to RFC [1] these URLs are incorrect. Hostname and url-path have to
be separated with "/". Hence there is no bug here
1: http://www.ietf.org/rfc/rfc1738.txt
P.S. Karol, sorry for previous incomplete mail, I've hit "Send" by
mistake...
--
Gleb Peregud
http://gleber.pl/
Every minute is to be grasped.
Time waits for nobody.
-- Inscription on a Zen Gong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20080826/b281d28f/attachment.htm>
More information about the erlang-questions
mailing list