[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] bug + question

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] bug + question
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Wed, 5 Jan 2011 14:16:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Wed, 05 Jan 2011 14:16:07 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; bh=5JxqYpewVd5Ir2k/5J5n/GLLJNfA3yWRb1EoMgSSH0E=; b=B+s1TdLPYc59gRMufgsmQeC1GVAncG2H8FwsP36Kf+W14KyfFH8ii7eixCViCo4EP0 m8GNoyDAqBCtYPbXpkuEZ33QPh8OP5M4MHrpiA55kv8JU7Chw9ZckrGTqIiAMQgwtoYB e/CRDsbuVT2yrLogH3m1CjB4RBchCt6iPRlTk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=hQPtAYxytd87QVreHMd+uHX3zHqvDfqd13Y3jugfT8XVANv1EVHqop6ZbEurKRHWqk nHZvycB6peglvo76RnX6kz4VDVPI4RY3PQqvLIb4oueTRQAbAwDBJvEdJ1hbkVzQITfF L2qVNJfaLZO84uAXLpfN9ex9pHxeS696ZgxaY=
In-reply-to: <AANLkTinL7q4t6NOvfusEHbNvcmqQKm8FD-JU=VcwGQcf@xxxxxxxxxxxxxx>
References: <AANLkTinL7q4t6NOvfusEHbNvcmqQKm8FD-JU=VcwGQcf@xxxxxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

On Thu, Dec 30, 2010 at 8:21 PM, Mihai Draghicioiu
<mihai.draghicioiu@xxxxxxxxx> wrote:
> Hi all. I've found that evhttp_parse_query_str only works if the query
> string is of the form foo=bar&baz=quux. If we have a query string of
> the form foo=bar&baz (no value for the last key), it fails. I consider
> this a bug, because you have all the other valid parameters in there,
> and it can just set NULL for the value of the baz parameter. I believe
> the behavior of evhttp_parse_query() is different (correct). I had
> used evhttp_parse_query() until now, and switched to
> evhttp_parse_query_str() and discovered this bug.

I'll repost my question from
https://sourceforge.net/tracker/?func=detail&aid=3037662&group_id=50884&atid=461322
:

===
So, RFC3986 says that the query part of a URL can be any sequence of
characters in a given set, without providing any instructions on how to
encode or decode them.

The only place that i can find the key=val&key2=val2 format expressed, on
the other hand, is in the HTML standard, which doesn't define anything
about parameters without values.

So I'm inclined to say that this is not-a-bug: If the query parameters are
not encoded in the HTML-standard way, then absent some other standard, then
decoding the Request-URI from the Request-Line is up to the library user,
right?

Is there a standard I'm missing here?
===

In other words, according to what standard is foo=bar&baz to be
interpreted?  If we're considering generic URIs, there is no
particular interpretation to the query part.  If we're considering GET
requests generated by HTML forms, I think it's invalid, if I'm reading
the HTML spec right.  So according to what standard does foo=bar&baz
have an interpretation?

> Second, I have a question - does one need to evhttp_uri_free() the
> returned pointer from evhttp_request_get_evhttp_uri()? It crashes if I
> do free it, so i'd like to make sure it's correct to not free it (no
> memory leaks).

Right.  (In fact, you shouldn't be able to write correct code that
tries to free it!  The evhttp_request_get_evhttp_uri() function
returns a const pointer, and evhttp_uri_free() requires a non-const
pointer.)

> Also, is the evkeyvalq usage in this example correct? Note that it
> includes the issues described above:
>
> static void httpcb(struct evhttp_request *req, void *arg) {
>    evkeyvalq query; // is it meant to be used in this way?
>    evhttp_parse_query_str(evhttp_uri_get_query(evhttp_request_get_evhttp_uri(req)),
> &query);

Hm.  This is a little iffy, since evhttp_uri_get_query can return
NULL, and evhttp_parse_query_str is not documented to accept NULL.
(It can and does, but I'd still call usage of an undocumented feature
questionable.)

Also, you aren't checking the return value of evhttp_parse_query_str.

>    const char *val;
>    if((val = evhttp_find_header(&query, "command"))) {

Looks fine to me.

>        ...
>    }
> }

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] bug + question
  - From: Jeroen Habraken
- Re: [Libevent-users] bug + question
  - From: Mihai Draghicioiu

Prev by Author: Re: [Libevent-users] _EVUTIL_NIL_CONDITION cause VC2010 error C2070
Next by Author: Re: [Libevent-users] bad request with evhttp libevent-2.0.10
Previous by thread: Re: [Libevent-users] libevent-config script?
Next by thread: Re: [Libevent-users] bug + question
Index(es):
- Author
- Thread