You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by dc...@apache.org on 2014/03/07 01:18:09 UTC
[26/50] [abbrv] couchdb commit: updated
refs/heads/2041-update-ibrowse to 948e7d9
Allow optional max_uri_length server setting
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/f7ca266b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/f7ca266b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/f7ca266b
Branch: refs/heads/2041-update-ibrowse
Commit: f7ca266b41a6fb8dd8e8167b8c8d44df00a1907f
Parents: 3ce13c5
Author: Robert Newson <rn...@apache.org>
Authored: Mon Feb 17 13:30:52 2014 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Mon Feb 17 21:53:27 2014 +0000
----------------------------------------------------------------------
etc/couchdb/default.ini.tpl.in | 2 ++
src/couchdb/couch_httpd.erl | 18 ++++++++++++++++++
2 files changed, 20 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/f7ca266b/etc/couchdb/default.ini.tpl.in
----------------------------------------------------------------------
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 3267001..fd953c2 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -52,6 +52,8 @@ allow_jsonp = false
;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
log_max_chunk_size = 1000000
enable_cors = false
+; CouchDB can optionally enforce a maximum uri length;
+; max_uri_length = 8000
[ssl]
port = 6984
http://git-wip-us.apache.org/repos/asf/couchdb/blob/f7ca266b/src/couchdb/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index f00fdd0..7ee3e3a 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -310,6 +310,7 @@ handle_request_int(MochiReq, DefaultFun,
{ok, Resp} =
try
+ check_request_uri_length(RawUri),
case couch_httpd_cors:is_preflight_request(HttpReq) of
#httpd{} ->
case authenticate_request(HttpReq, AuthHandlers) of
@@ -343,6 +344,8 @@ handle_request_int(MochiReq, DefaultFun,
send_error(HttpReq, {bad_otp_release, ErrorReason});
exit:{body_too_large, _} ->
send_error(HttpReq, request_entity_too_large);
+ exit:{uri_too_long, _} ->
+ send_error(HttpReq, request_uri_too_long);
throw:Error ->
Stack = erlang:get_stacktrace(),
?LOG_DEBUG("Minor error in HTTP request: ~p",[Error]),
@@ -369,6 +372,19 @@ handle_request_int(MochiReq, DefaultFun,
couch_stats_collector:increment({httpd, requests}),
{ok, Resp}.
+check_request_uri_length(Uri) ->
+ check_request_uri_length(Uri, couch_config:get("httpd", "max_uri_length")).
+
+check_request_uri_length(_Uri, undefined) ->
+ ok;
+check_request_uri_length(Uri, MaxUriLen) when is_list(MaxUriLen) ->
+ case length(Uri) > list_to_integer(MaxUriLen) of
+ true ->
+ throw(request_uri_too_long);
+ false ->
+ ok
+ end.
+
% Try authentication handlers in order until one sets a user_ctx
% the auth funs also have the option of returning a response
% move this to couch_httpd_auth?
@@ -826,6 +842,8 @@ error_info(file_exists) ->
"created, the file already exists.">>};
error_info(request_entity_too_large) ->
{413, <<"too_large">>, <<"the request entity is too large">>};
+error_info(request_uri_too_long) ->
+ {414, <<"too_long">>, <<"the request entity is too long">>};
error_info({bad_ctype, Reason}) ->
{415, <<"bad_content_type">>, Reason};
error_info(requested_range_not_satisfiable) ->