diff options
| author | Garrett D'Amore <garrett@damore.org> | 2024-12-22 12:18:33 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2024-12-22 12:18:33 -0800 |
| commit | 10f6fc5141a15e368dac813a38942cb66d5ddef4 (patch) | |
| tree | d6ebd5663b2aeb876840e5e2560cae77264d1abc /docs | |
| parent | 497b8e22047fb0efa3397289d23656d6483fdd6d (diff) | |
| download | nng-10f6fc5141a15e368dac813a38942cb66d5ddef4.tar.gz nng-10f6fc5141a15e368dac813a38942cb66d5ddef4.tar.bz2 nng-10f6fc5141a15e368dac813a38942cb66d5ddef4.zip | |
HTTP handler: limit host names to 256 bytes (RFC 1035 specifies 253.)
This also makes `nng_http_handler_set_host` never fail (API break).
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/man/nng_http_handler_set_host.3http.adoc | 15 | ||||
| -rw-r--r-- | docs/ref/migrate/nng1.md | 13 |
2 files changed, 16 insertions, 12 deletions
diff --git a/docs/man/nng_http_handler_set_host.3http.adoc b/docs/man/nng_http_handler_set_host.3http.adoc index 0deae488..3f25172f 100644 --- a/docs/man/nng_http_handler_set_host.3http.adoc +++ b/docs/man/nng_http_handler_set_host.3http.adoc @@ -1,6 +1,6 @@ = nng_http_handler_set_host(3http) // -// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2024 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This document is supplied under the terms of the MIT License, a @@ -20,7 +20,7 @@ nng_http_handler_set_host - set host for HTTP handler #include <nng/nng.h> #include <nng/supplemental/http/http.h> -int nng_http_handler_set_host(nng_http_handler *handler, const char *host); +void nng_http_handler_set_host(nng_http_handler *handler, const char *host); ---- == DESCRIPTION @@ -41,15 +41,8 @@ ports, the port number can be elided. The matching test only considers the hostname or IP address, and ignores any trailing port number. -== RETURN VALUES - -This function returns 0 on success, and non-zero otherwise. - -== ERRORS - -[horizontal] -`NNG_ENOMEM`:: Insufficient free memory to perform the operation. -`NNG_ENOTSUP`:: No support for HTTP in the library. +NOTE: This should not be used with an IP address normally, as `Host:` header +is used with virtual hosts in HTTP/1.1, and not supported for HTTP/1.0. == SEE ALSO diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md index 8a1af631..544f15b6 100644 --- a/docs/ref/migrate/nng1.md +++ b/docs/ref/migrate/nng1.md @@ -221,8 +221,19 @@ accessors functions are provided: ## HTTP API -- [`nng_http_req_set_method`] no longer returns a value. It never fails, but it may truncate an unreasonably long value. +A few limits on string lengths of certain values are now applied, which allows us to preallocate values +and eliminate certain unreasonable error paths. If values longer than these are supplied in certain APIs +they may be silently truncated to the limit: + +- Hostnames are limited per RFC 1035 to 253 characters (not including terminating "." or zero byte.) +- HTTP Method names are limited to 32 bytes (the longest IANA registered method is currently 18 bytes, used for WebDAV.) +- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes. + +The following API changes are present: + +- [`nng_http_req_set_method`] no longer returns a value, and cannot fail. - [`nng_http_res_set_status`] no longer returns a value, and cannot fail. +- [`nng_http_handler_set_host`] no longer returns a value and cannot fail. ## Security Descriptors (Windows Only) |