diff options
author | Robert Newson <rnewson@apache.org> | 2014-02-17 13:30:52 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2014-02-17 21:53:27 +0000 |
commit | f7ca266b41a6fb8dd8e8167b8c8d44df00a1907f (patch) | |
tree | 5b9ad978be41731f76bd0ae2ddddb0f9df2d1d90 | |
parent | 3ce13c52bc0a01395bd3a77fbebc8cdddf84fc80 (diff) | |
download | couchdb-f7ca266b41a6fb8dd8e8167b8c8d44df00a1907f.tar.gz |
Allow optional max_uri_length server setting
-rw-r--r-- | etc/couchdb/default.ini.tpl.in | 2 | ||||
-rw-r--r-- | src/couchdb/couch_httpd.erl | 18 |
2 files changed, 20 insertions, 0 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in index 3267001ae..fd953c2fc 100644 --- a/etc/couchdb/default.ini.tpl.in +++ b/etc/couchdb/default.ini.tpl.in @@ -52,6 +52,8 @@ allow_jsonp = false ;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}] log_max_chunk_size = 1000000 enable_cors = false +; CouchDB can optionally enforce a maximum uri length; +; max_uri_length = 8000 [ssl] port = 6984 diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index f00fdd068..7ee3e3acc 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -310,6 +310,7 @@ handle_request_int(MochiReq, DefaultFun, {ok, Resp} = try + check_request_uri_length(RawUri), case couch_httpd_cors:is_preflight_request(HttpReq) of #httpd{} -> case authenticate_request(HttpReq, AuthHandlers) of @@ -343,6 +344,8 @@ handle_request_int(MochiReq, DefaultFun, send_error(HttpReq, {bad_otp_release, ErrorReason}); exit:{body_too_large, _} -> send_error(HttpReq, request_entity_too_large); + exit:{uri_too_long, _} -> + send_error(HttpReq, request_uri_too_long); throw:Error -> Stack = erlang:get_stacktrace(), ?LOG_DEBUG("Minor error in HTTP request: ~p",[Error]), @@ -369,6 +372,19 @@ handle_request_int(MochiReq, DefaultFun, couch_stats_collector:increment({httpd, requests}), {ok, Resp}. +check_request_uri_length(Uri) -> + check_request_uri_length(Uri, couch_config:get("httpd", "max_uri_length")). + +check_request_uri_length(_Uri, undefined) -> + ok; +check_request_uri_length(Uri, MaxUriLen) when is_list(MaxUriLen) -> + case length(Uri) > list_to_integer(MaxUriLen) of + true -> + throw(request_uri_too_long); + false -> + ok + end. + % Try authentication handlers in order until one sets a user_ctx % the auth funs also have the option of returning a response % move this to couch_httpd_auth? @@ -826,6 +842,8 @@ error_info(file_exists) -> "created, the file already exists.">>}; error_info(request_entity_too_large) -> {413, <<"too_large">>, <<"the request entity is too large">>}; +error_info(request_uri_too_long) -> + {414, <<"too_long">>, <<"the request entity is too long">>}; error_info({bad_ctype, Reason}) -> {415, <<"bad_content_type">>, Reason}; error_info(requested_range_not_satisfiable) -> |