You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by "Jason Smith (JIRA)" <ji...@apache.org> on 2010/07/05 07:35:50 UTC

[jira] Updated: (COUCHDB-815) Non-standard HTTP methods for view handlers (AKA WebDAV is b0rken) [PATCH]

     [ https://issues.apache.org/jira/browse/COUCHDB-815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Smith updated COUCHDB-815:
--------------------------------

    Attachment: bad_allow_any_http_method.patch

This patch provides a good unit test. Its solution is wrong but instructive.

The simplest way to pass the test is to use to_atom instead of to_existing_atom. Unfortunately, this allows a denial of service. A buggy client or DOS attacker could hit the server with random HTTP methods and fill up the atom table, presumably leaking memory and probably crashing the VM when the OS kills it.

So, how can handle_request_int allow any HTTP method (at least if it is destined for _show, _list, _update) without creating an atom per method?

> Non-standard HTTP methods for view handlers (AKA WebDAV is b0rken) [PATCH]
> --------------------------------------------------------------------------
>
>                 Key: COUCHDB-815
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-815
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 1.0
>            Reporter: Jason Smith
>            Priority: Minor
>         Attachments: bad_allow_any_http_method.patch
>
>
> CouchDB prevents the new view server handler methods, _show, _update, etc. from handling unknown HTTP methods. This prevents Couch apps from being able to implement extensions to the HTTP specification or to add application-specific methods to HTTP, violating the spirit of _show and _update.
> For example, it is not possible to make a CouchApp WebDAV server because _show and _list must support the PROPFIND method.
> In couch_httpd:handle_request_int/5, the response from Mochi is coerced to an atom if and only if the atom already exists (using couch_util:to_existing_atom/1). That is an odd whitelist, to say the least:
>     $ curl localhost:5984 -X PROPFIND # Crashes mochiweb when to_existing_atom throws badarg
>     curl: (52) Empty reply from server
>     $ curl localhost:5984 -X list_to_binary # Any atom works
>     {"error":"method_not_allowed","reason":"Only GET,HEAD allowed"}
> Considering the cURL commands above, I filed this as a bug, not a feature. I will explore some options and submit patches.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.