http: limit handler uri to 1K

This is just the part of the tree that will be matched when looking
up a handler.  Requests may come in with very much longer URIs, and
be matched to the handler as a "subdirectory".

This approach makes it possible to avoid a dynamic allocation on the
handler, at the cost of pre-allocating 1KB with the handler object.

This size can be overridden using a NNG_HTTP_MAX_URI at compile time.

3 files changed, 14 insertions, 7 deletions

diff --git a/docs/man/nng_http_handler_alloc.3http.adoc b/docs/man/nng_http_handler_alloc.3http.adoc
index c7d4699f..7795bbf5 100644
--- a/docs/man/nng_http_handler_alloc.3http.adoc
+++ b/docs/man/nng_http_handler_alloc.3http.adoc
@@ -51,6 +51,12 @@ by the _path_ argument.
 Only the path component of the Request URI is
 considered when determining whether the handler should be called.
 
+This implementation limits the _path_ length to 1024 bytes, including the
+zero termination byte.  This does not prevent requests with much longer
+URIs from being supported, doing so will require setting the handler
+to matching a parent path in the tree using
+xref:nng_http_handler_set_tree.3http.adoc[`nng_http_handler_set_tree`()].
+
 Additionally each handler has a method it is registered to handle
 (the default is `GET`, see
 xref:nng_http_handler_set_method.3http.adoc[`nng_http_handler_set_method()`]), and
diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
index 4390de24..0d6ae86d 100644
--- a/docs/ref/migrate/nng1.md
+++ b/docs/ref/migrate/nng1.md
@@ -227,7 +227,8 @@ they may be silently truncated to the limit:
 
 - Hostnames are limited per RFC 1035 to 253 characters (not including terminating "." or zero byte.)
 - HTTP Method names are limited to 32 bytes (the longest IANA registered method is currently 18 bytes, used for WebDAV.)
-- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes.
+- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes. (Longer URIs may be accepted
+  by using [`nng_http_handler_set_tree`] and matching a parent of the directory component.)
 
 The following API calls have changed so that they are `void` returns, and cannot fail.
 They may silently truncate data.
diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c
index 82f11eac..e068ae98 100644
--- a/src/supplemental/http/http_server.c
+++ b/src/supplemental/http/http_server.c
@@ -22,9 +22,13 @@
 
 #include "http_api.h"
 
+#ifndef NNG_HTTP_MAX_URI
+#define NNG_HTTP_MAX_URI 1024
+#endif
+
 struct nng_http_handler {
 	nni_list_node   node;
-	char           *uri;
+	char            uri[NNG_HTTP_MAX_URI];
 	char            method[32];
 	char            host[256]; // RFC 1035
 	nng_sockaddr    host_addr;
@@ -114,10 +118,7 @@ nni_http_handler_init(
 	if ((uri == NULL) || (strlen(uri) == 0) || (strcmp(uri, "/") == 0)) {
 		uri = "";
 	}
-	if ((h->uri = nni_strdup(uri)) == NULL) {
-		nni_http_handler_fini(h);
-		return (NNG_ENOMEM);
-	}
+	(void) snprintf(h->uri, sizeof(h->uri), "%s", uri);
 	NNI_LIST_NODE_INIT(&h->node);
 	h->cb             = cb;
 	h->data           = NULL;
@@ -143,7 +144,6 @@ nni_http_handler_fini(nni_http_handler *h)
 	if (h->dtor != NULL) {
 		h->dtor(h->data);
 	}
-	nni_strfree(h->uri);
 	NNI_FREE_STRUCT(h);
 }