To Scott's response. Suppose, a CouchDB is accessible from other hosts. Sending a malformed request should not crash the server. If the server crashes, it's a vulnerability that needs to be fixed.
Alex. -------- Original message -------- Subject: Re: Documented API does not work. From: Robert Newson <[email protected]> To: "[email protected]" <[email protected]> CC: it works just fine if you send a correct request. all_docs is sent in chunked mode which is new in http 1.1, though calling http 1.1 is obviously quite silly. Try using curl or any other competent http library and you'll be be all set. B. On 24 December 2012 19:07, Scott <[email protected]> wrote: > Thanks. But what about not being able to read '_all_docs' ? > > 'Sent from my iPhone'... Not someone else's. > > On Dec 24, 2012, at 12:38 PM, Robert Newson <[email protected]> wrote: > > A typo in the wiki, I'll fix it. All HTTP request lines start with a /. > > B. > > On 24 December 2012 18:19, Scott Weber <[email protected]> wrote: > I am trying to read the DB using a program to communication through sockets. > And it is not working as documented. I have a small test database called > 'basic' > > My reference point is this information > http://wiki.apache.org/couchdb/HTTP_Document_API#all_docs > > First off, this causes a CRASH on the server: > GET basic/_all_docs HTTP/1.0 > Accept : */* > Host : 127.0.0.1:5984 > UserAgent : MyEditor > > > The crash report is: > =CRASH REPORT==== 24-Dec-2012::12:04:11 === > crasher: > initial call: mochiweb_acceptor:init/3 > pid: <0.1803.0> > registered_name: [] > exception error: no function clause matching > mochiweb:new_request({#Port<0.4833>, > {'GET',"basic/_all_docs",{1,0}}, > [{'Accept',"*/*"}, > {'Host',"127.0.0.1:5984"}, > {"Useragent","MyEditor"}]}) > in function mochiweb_http:headers/5 > ancestors: [couch_httpd,couch_secondary_services,couch_server_sup, > <0.35.0>] > messages: [] > links: [<0.130.0>,#Port<0.4833>] > dictionary: [] > trap_exit: false > status: running > heap_size: 987 > stack_size: 24 > reductions: 1047 > neighbours: > > Now, I can make it NOT crash, by pre-pending a slash (it took me *hours* to > find > this one...) > GET /basic/_all_docs HTTP/1.0 > Accept : */* > Host : 127.0.0.1:5984 > UserAgent : MyEditor > > > However, it does not give me any content length.: > HTTP/1.0 200 OK > Server: CouchDB/1.2.0 (Erlang OTP/R14B04) > ETag: "4UXHG90N70GABNCO2D91E21GZ" > Date: Mon, 24 Dec 2012 18:08:45 GMT > Content-Type: text/plain; charset=utf-8 > Cache-Control: must-revalidate > > > If I ask for a specific doc from the database, I will get content: > GET /basic/somedoc HTTP/1.0 > Accept : */* > Host : 127.0.0.1:5984 > UserAgent : MyEditor > > And the reply is this, with the body of the document following, as expected. > HTTP/1.0 200 OK > Server: CouchDB/1.2.0 (Erlang OTP/R14B04) > ETag: "3-aaf03052c820e9146ef37cecb23e869d" > Date: Mon, 24 Dec 2012 18:12:01 GMT > Content-Type: text/plain; charset=utf-8 > Content-Length: 167 > Cache-Control: must-revalidate > > Why does it crash when I follow the documented API? > Why can I not get a list of "_all_docs" ? > > I have even removed ALL the headers, and just left the request line. Same > result.
