eiri opened a new pull request #3077: URL: https://github.com/apache/couchdb/pull/3077
## Overview Db creation request accepts shard specific parameters `q`, `n` and `placement`, but passes them to `fabric` without validation. This leads to `badarg` crash in case of invalid parameter. ```bash $ curl -u $(ADMIN):$(PASS) -X PUT -v "http://localhost:5984/test?q="; ... > PUT /test?q= HTTP/1.1 > < HTTP/1.1 500 Internal Server Error ... < Server: CouchDB/3.1.0 (Erlang OTP/20) < {"error":"unknown_error","reason":"badarg","ref":1446616448} [error] 2020-08-13T17:39:05.160578Z couc...@localhost.dev <0.18183.20> 7b4593be34 req_err(1446616448) unknown_error : badarg [<<"erlang:list_to_integer/1">>,<<"mem3_util:q_val/1 L255">>,<<"mem3:choose_shards/3 L206">>,<<"fabric_db_create:generate_shard_map/2 L68">>,<<"fabric_db_create:go/2 L31">>,<<"chttpd_db:create_db_req/2 L398">>,<<"chttpd:handle_req_after_auth/2 L322">>,<<"chttpd:process_request/1 L305">>] [notice] 2020-08-13T17:39:05.160852Z couc...@localhost.dev <0.18183.20> 7b4593be34 localhost:5984 172.17.0.1 admin PUT /test?q= 500 ok 2 ``` The patch adds validation on all the parameters and raises error `400` in case of failure. ## Testing recommendations Curl request above should return error `400`. New tests added in `chttpd_db.erl` module, isolation run `make eunit apps=chttpd suites=chttpd_db` ## Checklist - [x] Code is written and works correctly - [x] Changes are covered by tests - [ ] Any new configurable parameters are documented in `rel/overlay/etc/default.ini` - [ ] A PR for documentation changes has been made in https://github.com/apache/couchdb-documentation ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
