[erlang-questions] [BUG] in inets/http_uri.erl

Edwin Fine erlang-questions_efine@REDACTED
Wed Aug 27 21:59:25 CEST 2008 

I love standards - there are SO many of them ;-)

2008/8/26 Benjamin Tolputt <btolputt@REDACTED>

>  Hi,
>
> Whilst the RFC is pretty explicit on this, most other languages & libraries
> can handle this "problem". I often come across URI/URL strings that include
> another URL in parameters and hence generally have a '/' after the '?'.
> Given all browsers I have used (the primary users of HTTP) and most other
> libraries I have come across handle this correctly - I would suggest this is
> something that Erlang would do better to have as well (even if through some
> "relaxed" interface). It would not be hard to find other areas of the
> library that go beyond the RFC because the rest of the world does, it's the
> nature of an actively developed system after all.
>
> --Ben
>
>
> Gleb Peregud wrote:
>
> On Tue, Aug 26, 2008 at 11:10 PM, karol skocik <karol.skocik@REDACTED>wrote:
>
>> Hi,
>>  there is a bug in inets/http_uri.erl in function parse_uri_rest,
>> which first looks for '/' and then for '?' to get hostname and query
>> params.
>> This is not very good since some requests can have '/' after '?',
>> which messes up the hostname.
>> Example:
>>
>> (netskin@REDACTED)15>
>> http_uri:parse("
>> http://ec2.amazonaws.com?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D
>> ").
>> {http,[],"ec2.amazonaws.com",80,"/",
>>
>>  "?Action=DescribeInstances&AWSAccessKeyId=XXX&SignatureVersion=1&Timestamp=2008-08-26T20:22:24&Version=2007-08-29&Signature=z%2FVynmrFTFe4dHtJlsPifSRtTLw%3D"}
>>
>> which is ok, hostname is "ec2.amazonaws.com", but now:
>>
>> (netskin@REDACTED)29>
>> http_uri:parse("
>> http://ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D
>> ").
>> {http,[],
>>      "
>> ec2.amazonaws.com?Action=AuthorizeSecurityGroupIngress&AWSAccessKeyId=XXX&CidrIp=0.0.0.0
>> ",
>>      80,
>>
>>  "/6&FromPort=0&GroupName=test&IpProtocol=tcp&SignatureVersion=1&Timestamp=2008-08-26T19:41:13&ToPort=65535&Version=2007-08-29&Signature=ClTihgpBO3%2BsMIlEDRem9AcZ6%2F0%3D",
>>      []}
>>
>> here, parameter CidrIp=0.0.0.0/6 denotes ip range you want to allow
>> access to, with '/'. This results to {error, nxdomain} from
>> http:request.
>>
>> Karol
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://www.erlang.org/mailman/listinfo/erlang-questions
>>
>
> According to RFC [1] these URLs are incorrect. Hostname and url-path have
> to be separated with "/". Hence there is no bug here
>
> 1: http://www.ietf.org/rfc/rfc1738.txt
>
> P.S. Karol, sorry for previous incomplete mail, I've hit "Send" by
> mistake...
>
> --
> Gleb Peregud
> http://gleber.pl/
>
> Every minute is to be grasped.
> Time waits for nobody.
> -- Inscription on a Zen Gong
>
> ------------------------------
>
> _______________________________________________
> erlang-questions mailing listerlang-questions@REDACTED://www.erlang.org/mailman/listinfo/erlang-questions
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
>



-- 
For every expert there is an equal and opposite expert - Arthur C. Clarke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20080827/1ccff0d3/attachment.htm>

More information about the erlang-questions mailing list