couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COUCHDB-708) Newlines in document locations break header parsing
Date Wed, 24 Mar 2010 12:36:27 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tim updated COUCHDB-708:
------------------------

    Description: 
Newlines in document locations break header parsing. Potential header injection issues?

$ curl -X DELETE http://localhost:5984/testdb
{"ok":true}
$ curl -X PUT http://localhost:5984/testdb
{"ok":true}
$ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
HTTP/1.1 201 Created
Server: CouchDB/0.10.1 (Erlang OTP/R13B)
Location: http://localhost:5984/testdb/docid

Etag: "1-967a00dff5e02add41819138abb3284d"
Date: Wed, 24 Mar 2010 12:33:25 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 70
Cache-Control: must-revalidate

{"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}


  was:
Newlines in document locations break header parsing. Potential header injection issues?

curl -X DELETE http://localhost:5984/testdb
curl -X PUT http://localhost:5984/testdb
curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'


> Newlines in document locations break header parsing
> ---------------------------------------------------
>
>                 Key: COUCHDB-708
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-708
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 0.10.1
>         Environment: ubuntu
>            Reporter: Tim
>            Priority: Critical
>
> Newlines in document locations break header parsing. Potential header injection issues?
> $ curl -X DELETE http://localhost:5984/testdb
> {"ok":true}
> $ curl -X PUT http://localhost:5984/testdb
> {"ok":true}
> $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
> HTTP/1.1 201 Created
> Server: CouchDB/0.10.1 (Erlang OTP/R13B)
> Location: http://localhost:5984/testdb/docid
> Etag: "1-967a00dff5e02add41819138abb3284d"
> Date: Wed, 24 Mar 2010 12:33:25 GMT
> Content-Type: text/plain;charset=utf-8
> Content-Length: 70
> Cache-Control: must-revalidate
> {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message