incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Candler (JIRA)" <j...@apache.org>
Subject [jira] Created: (COUCHDB-235) Doesn't gracefully handle malformed URLs
Date Wed, 04 Feb 2009 12:53:59 GMT
Doesn't gracefully handle malformed URLs
----------------------------------------

                 Key: COUCHDB-235
                 URL: https://issues.apache.org/jira/browse/COUCHDB-235
             Project: CouchDB
          Issue Type: Improvement
          Components: HTTP Interface
    Affects Versions: 0.9
         Environment: CentOS 5.2, Ubuntu Hardy

couchdb - Apache CouchDB 0.9.0a739811-incubating
            Reporter: Brian Candler
            Priority: Minor


This one took me a while to track down, and Couchdb could have helped me more :-)

If you use curl to submit a request which includes a space, couchdb drops the connection on
the floor: no response whatsoever, and nothing in logs. e.g.

$ curl 'http://localhost:5984/test_suite_db/_a_view/foo/bar?key="one two"'
curl: (52) Empty reply from server

When you check with tcpdump, it turns out that curl is not URL-encoding the space, but passing
it straight through:

...
        0x0030:  0e38 b57c 4745 5420 2f74 6573 745f 7375  .8.|GET./test_su
        0x0040:  6974 655f 6462 2f5f 615f 7669 6577 2f66  ite_db/_a_view/f
        0x0050:  6f6f 2f62 6172 3f6b 6579 3d22 6f6e 6520  oo/bar?key="one.
        0x0060:  7477 6f22 2048 5454 502f 312e 310d 0a55  two".HTTP/1.1..U
        0x0070:  7365 722d 4167 656e 743a 2063 7572 6c2f  ser-Agent:.curl/
        0x0080:  372e 3135 2e35 2028 6936 3836 2d72 6564  7.15.5.(i686-red
        0x0090:  6861 742d 6c69 6e75 782d 676e 7529 206c  hat-linux-gnu).l
...

This happens with both versions of curl I tried (7.15.5 from CentOS 5.2, and 7.18.0 from Ubuntu
Hardy)

This is arguably a bug in curl: it should either encode the space or reject the whole URL.

However, I wonder if couchdb could be a little more forgiving in this case, and at least return
some sort of error to the client, like a 400 Bad Request.

For comparison: under the same circumstances, Apache (2.2.8) actually accepts and processes
the request, just giving a 404 if the document isn't found.

The BNF in RFC 2616 says:
  Request-Line = Method SP Request-URI SP HTTP-Version CRLF

RFC 1738 says that space is unsafe, and unsafe characters MUST be encoded in URLs.  So Couchdb
is within its rights to reject it - it would just be helpful if it could give an error.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message