CouchDB
  1. CouchDB
  2. COUCHDB-708

Newlines in document locations break header parsing

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 0.10.1
    • Fix Version/s: None
    • Component/s: Database Core
    • Labels:
      None
    • Environment:

      ubuntu

    • Skill Level:
      New Contributors Level (Easy)

      Description

      Newlines in document locations break header parsing. Potential header injection issues?

      $ curl -X DELETE http://localhost:5984/testdb

      {"ok":true}

      $ curl -X PUT http://localhost:5984/testdb

      {"ok":true}

      $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
      HTTP/1.1 201 Created
      Server: CouchDB/0.10.1 (Erlang OTP/R13B)
      Location: http://localhost:5984/testdb/docid

      Etag: "1-967a00dff5e02add41819138abb3284d"
      Date: Wed, 24 Mar 2010 12:33:25 GMT
      Content-Type: text/plain;charset=utf-8
      Content-Length: 70
      Cache-Control: must-revalidate

      {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}

        Activity

        Tim created issue -
        Tim made changes -
        Field Original Value New Value
        Description Newlines in document locations break header parsing. Potential header injection issues?

        curl -X DELETE http://localhost:5984/testdb
        curl -X PUT http://localhost:5984/testdb
        curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
        Newlines in document locations break header parsing. Potential header injection issues?

        $ curl -X DELETE http://localhost:5984/testdb
        {"ok":true}
        $ curl -X PUT http://localhost:5984/testdb
        {"ok":true}
        $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
        HTTP/1.1 201 Created
        Server: CouchDB/0.10.1 (Erlang OTP/R13B)
        Location: http://localhost:5984/testdb/docid

        Etag: "1-967a00dff5e02add41819138abb3284d"
        Date: Wed, 24 Mar 2010 12:33:25 GMT
        Content-Type: text/plain;charset=utf-8
        Content-Length: 70
        Cache-Control: must-revalidate

        {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}
        Hide
        Sean Bartell added a comment -

        Patch: properly urlencode this and other Location: headers.

        Show
        Sean Bartell added a comment - Patch: properly urlencode this and other Location: headers.
        Sean Bartell made changes -
        Attachment couchdb-urlencode-location.patch [ 12444840 ]
        Paul Joseph Davis made changes -
        Skill Level New Contributors Level (Easy)
        Hide
        Petr Běhan added a comment -

        Still a problem in current couchdb version (1.0.1 and svn head r1065575). I can confirm that the attached patch fixes the issue (after trivial rebase).

        Show
        Petr Běhan added a comment - Still a problem in current couchdb version (1.0.1 and svn head r1065575). I can confirm that the attached patch fixes the issue (after trivial rebase).
        Hide
        Jan Lehnardt added a comment -

        Looks good and simple, only needs a simple test case and this is ready to go.

        Show
        Jan Lehnardt added a comment - Looks good and simple, only needs a simple test case and this is ready to go.

          People

          • Assignee:
            Unassigned
            Reporter:
            Tim
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development