[erlang-questions] [BUG] in inets/http_uri.erl

karol skocik karol.skocik@REDACTED
Wed Aug 27 00:10:37 CEST 2008 

I have tried to encode '/' in the CidrIp parameter, but then the
signature computed on the amazon side did not match, which is a PITA.
I have solved the problem with exporting handle_request/6 from
inets/http and calling it directly, avoiding http_uri:parse_uri_rest.
That's not very pretty however, I would prefer to use exported
http:request but it won't work. When I construct that what
http_uri:parse_uri_rest should do (being relaxed to this amazon bug in
their ec2 API) everything works fine.

Karol

On Tue, Aug 26, 2008 at 11:54 PM, Gleb Peregud <gleber.p@REDACTED> wrote:
> According to RFC.
>
>   An HTTP URL takes the form:
>      http://<host>:<port>/<path>?<searchpart>
>   ...
>   Within the <path> and <searchpart> components, "/", ";", "?" are
>   reserved.
>
> and
>
>   Octets must be encoded if they have no corresponding graphic
>   character within the US-ASCII coded character set, if the use of the
>   corresponding character is unsafe, or if the corresponding character
>   is reserved for some other interpretation within the particular URL
>   scheme.
>
> This means that this URL is definitely incorrect. The "/" in
> <searchpart> are not encoded. And there is no "/" separating <host>
> and <path>. If the latter is corrected http_uri will work as expected:
>
> 3> http_uri:parse("http://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D").
> {http,[],"ec2.amazonaws.com",80,"/",
>      "?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D"}
>
> Are you able to correct these URIs/URLs in your system (by adding
> separating "/" beetween <host> and <path>)? If yes, your problem is
> solved
>
> BR
>
> On Tue, Aug 26, 2008 at 11:41 PM, karol skocik <karol.skocik@REDACTED> wrote:
>>
>> Well, ok, I am no URI expert. They might be correct, but the fact is
>> that python http client can work with them and do ec2
>> AuthorizeSecurityGroupIngress requests, and they unfortunately have
>> '/' as a part of the parameter value. The question is, what to do
>> about that. Erlang already has an HTTPOption 'relaxed' in
>> http:request. This case might be a good candidate for inclusion in the
>> bag along with other irregularities allowed with 'relaxed' option.
>>
>> Cheers,
>>  Karol
>>
>> On Tue, Aug 26, 2008 at 11:23 PM, Gleb Peregud <gleber.p@REDACTED> wrote:
>> > On Tue, Aug 26, 2008 at 11:10 PM, karol skocik <karol.skocik@REDACTED>
>> > wrote:
>> >>
>> >> Hi,
>> >>  there is a bug in inets/http_uri.erl in function parse_uri_rest,
>> >> which first looks for '/' and then for '?' to get hostname and query
>> >> params.
>> >> This is not very good since some requests can have '/' after '?',
>> >> which messes up the hostname.
>> >> Example:
>> >>
>> >> (netskin@REDACTED)15>
>> >>
>> >> http_uri:parse("http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D").
>> >> {http,[],"ec2.amazonaws.com",80,"/",
>> >>
>> >>  "?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}
>> >>
>> >> which is ok, hostname is "ec2.amazonaws.com", but now:
>> >>
>> >> (netskin@REDACTED)29>
>> >>
>> >> http_uri:parse("http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D").
>> >> {http,[],
>> >>
>> >>  "ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0",
>> >>      80,
>> >>
>> >>  "/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
>> >>      []}
>> >>
>> >> here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
>> >> access to, with '/'. This results to {error, nxdomain} from
>> >> http:request.
>> >>
>> >> Karol
>> >> _______________________________________________
>> >> erlang-questions mailing list
>> >> erlang-questions@REDACTED
>> >> http://www.erlang.org/mailman/listinfo/erlang-questions
>> >
>> > According to RFC [1] these URLs are incorrect. Hostname and url-path have to
>> > be separated with "/". Hence there is no bug here
>> >
>> > 1: http://www.ietf.org/rfc/rfc1738.txt
>> >
>> > P.S. Karol, sorry for previous incomplete mail, I've hit "Send" by
>> > mistake...
>> >
>> > --
>> > Gleb Peregud
>> > http://gleber.pl/
>> >
>> > Every minute is to be grasped.
>> > Time waits for nobody.
>> > -- Inscription on a Zen Gong
>> >
>
>
>
> --
> Gleb Peregud
> http://gleber.pl/
>
> Every minute is to be grasped.
> Time waits for nobody.
> -- Inscription on a Zen Gong
>

More information about the erlang-questions mailing list