[ https://issues.apache.org/jira/browse/COUCHDB-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Paul Joseph Davis updated COUCHDB-235: -------------------------------------- Skill Level: Regular Contributors Level (Easy to Medium) > Doesn't gracefully handle malformed URLs > ---------------------------------------- > > Key: COUCHDB-235 > URL: https://issues.apache.org/jira/browse/COUCHDB-235 > Project: CouchDB > Issue Type: Improvement > Components: HTTP Interface > Affects Versions: 0.9 > Environment: CentOS 5.2, Ubuntu Hardy > couchdb - Apache CouchDB 0.9.0a739811-incubating > Reporter: Brian Candler > Priority: Minor > > This one took me a while to track down, and Couchdb could have helped me more :-) > If you use curl to submit a request which includes a space, couchdb drops the connection on the floor: no response whatsoever, and nothing in logs. e.g. > $ curl 'http://localhost:5984/test_suite_db/_a_view/foo/bar?key="one two"' > curl: (52) Empty reply from server > When you check with tcpdump, it turns out that curl is not URL-encoding the space, but passing it straight through: > ... > 0x0030: 0e38 b57c 4745 5420 2f74 6573 745f 7375 .8.|GET./test_su > 0x0040: 6974 655f 6462 2f5f 615f 7669 6577 2f66 ite_db/_a_view/f > 0x0050: 6f6f 2f62 6172 3f6b 6579 3d22 6f6e 6520 oo/bar?key="one. > 0x0060: 7477 6f22 2048 5454 502f 312e 310d 0a55 two".HTTP/1.1..U > 0x0070: 7365 722d 4167 656e 743a 2063 7572 6c2f ser-Agent:.curl/ > 0x0080: 372e 3135 2e35 2028 6936 3836 2d72 6564 7.15.5.(i686-red > 0x0090: 6861 742d 6c69 6e75 782d 676e 7529 206c hat-linux-gnu).l > ... > This happens with both versions of curl I tried (7.15.5 from CentOS 5.2, and 7.18.0 from Ubuntu Hardy) > This is arguably a bug in curl: it should either encode the space or reject the whole URL. > However, I wonder if couchdb could be a little more forgiving in this case, and at least return some sort of error to the client, like a 400 Bad Request. > For comparison: under the same circumstances, Apache (2.2.8) actually accepts and processes the request, just giving a 404 if the document isn't found. > The BNF in RFC 2616 says: > Request-Line = Method SP Request-URI SP HTTP-Version CRLF > RFC 1738 says that space is unsafe, and unsafe characters MUST be encoded in URLs. So Couchdb is within its rights to reject it - it would just be helpful if it could give an error. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.