From a24b4f11799806e08638162901039fd23efe48be Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sun, 22 Dec 2024 12:57:19 -0800 Subject: http: limit handler uri to 1K This is just the part of the tree that will be matched when looking up a handler. Requests may come in with very much longer URIs, and be matched to the handler as a "subdirectory". This approach makes it possible to avoid a dynamic allocation on the handler, at the cost of pre-allocating 1KB with the handler object. This size can be overridden using a NNG_HTTP_MAX_URI at compile time. --- docs/man/nng_http_handler_alloc.3http.adoc | 6 ++++++ docs/ref/migrate/nng1.md | 3 ++- src/supplemental/http/http_server.c | 12 ++++++------ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/man/nng_http_handler_alloc.3http.adoc b/docs/man/nng_http_handler_alloc.3http.adoc index c7d4699f..7795bbf5 100644 --- a/docs/man/nng_http_handler_alloc.3http.adoc +++ b/docs/man/nng_http_handler_alloc.3http.adoc @@ -51,6 +51,12 @@ by the _path_ argument. Only the path component of the Request URI is considered when determining whether the handler should be called. +This implementation limits the _path_ length to 1024 bytes, including the +zero termination byte. This does not prevent requests with much longer +URIs from being supported, doing so will require setting the handler +to matching a parent path in the tree using +xref:nng_http_handler_set_tree.3http.adoc[`nng_http_handler_set_tree`()]. + Additionally each handler has a method it is registered to handle (the default is `GET`, see xref:nng_http_handler_set_method.3http.adoc[`nng_http_handler_set_method()`]), and diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md index 4390de24..0d6ae86d 100644 --- a/docs/ref/migrate/nng1.md +++ b/docs/ref/migrate/nng1.md @@ -227,7 +227,8 @@ they may be silently truncated to the limit: - Hostnames are limited per RFC 1035 to 253 characters (not including terminating "." or zero byte.) - HTTP Method names are limited to 32 bytes (the longest IANA registered method is currently 18 bytes, used for WebDAV.) -- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes. +- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes. (Longer URIs may be accepted + by using [`nng_http_handler_set_tree`] and matching a parent of the directory component.) The following API calls have changed so that they are `void` returns, and cannot fail. They may silently truncate data. diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c index 82f11eac..e068ae98 100644 --- a/src/supplemental/http/http_server.c +++ b/src/supplemental/http/http_server.c @@ -22,9 +22,13 @@ #include "http_api.h" +#ifndef NNG_HTTP_MAX_URI +#define NNG_HTTP_MAX_URI 1024 +#endif + struct nng_http_handler { nni_list_node node; - char *uri; + char uri[NNG_HTTP_MAX_URI]; char method[32]; char host[256]; // RFC 1035 nng_sockaddr host_addr; @@ -114,10 +118,7 @@ nni_http_handler_init( if ((uri == NULL) || (strlen(uri) == 0) || (strcmp(uri, "/") == 0)) { uri = ""; } - if ((h->uri = nni_strdup(uri)) == NULL) { - nni_http_handler_fini(h); - return (NNG_ENOMEM); - } + (void) snprintf(h->uri, sizeof(h->uri), "%s", uri); NNI_LIST_NODE_INIT(&h->node); h->cb = cb; h->data = NULL; @@ -143,7 +144,6 @@ nni_http_handler_fini(nni_http_handler *h) if (h->dtor != NULL) { h->dtor(h->data); } - nni_strfree(h->uri); NNI_FREE_STRUCT(h); } -- cgit v1.2.3-70-g09d2