incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Smith (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COUCHDB-815) Non-standard HTTP methods for view handlers (AKA WebDAV is b0rken) [PATCH]
Date Mon, 05 Jul 2010 05:35:50 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jason Smith updated COUCHDB-815:
--------------------------------

    Attachment: bad_allow_any_http_method.patch

This patch provides a good unit test. Its solution is wrong but instructive.

The simplest way to pass the test is to use to_atom instead of to_existing_atom. Unfortunately,
this allows a denial of service. A buggy client or DOS attacker could hit the server with
random HTTP methods and fill up the atom table, presumably leaking memory and probably crashing
the VM when the OS kills it.

So, how can handle_request_int allow any HTTP method (at least if it is destined for _show,
_list, _update) without creating an atom per method?

> Non-standard HTTP methods for view handlers (AKA WebDAV is b0rken) [PATCH]
> --------------------------------------------------------------------------
>
>                 Key: COUCHDB-815
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-815
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 1.0
>            Reporter: Jason Smith
>            Priority: Minor
>         Attachments: bad_allow_any_http_method.patch
>
>
> CouchDB prevents the new view server handler methods, _show, _update, etc. from handling
unknown HTTP methods. This prevents Couch apps from being able to implement extensions to
the HTTP specification or to add application-specific methods to HTTP, violating the spirit
of _show and _update.
> For example, it is not possible to make a CouchApp WebDAV server because _show and _list
must support the PROPFIND method.
> In couch_httpd:handle_request_int/5, the response from Mochi is coerced to an atom if
and only if the atom already exists (using couch_util:to_existing_atom/1). That is an odd
whitelist, to say the least:
>     $ curl localhost:5984 -X PROPFIND # Crashes mochiweb when to_existing_atom throws
badarg
>     curl: (52) Empty reply from server
>     $ curl localhost:5984 -X list_to_binary # Any atom works
>     {"error":"method_not_allowed","reason":"Only GET,HEAD allowed"}
> Considering the cURL commands above, I filed this as a bug, not a feature. I will explore
some options and submit patches.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message