diff options
| author | Adam Kocoloski <kocolosk@apache.org> | 2009-09-23 20:43:35 +0000 |
|---|---|---|
| committer | Adam Kocoloski <kocolosk@apache.org> | 2009-09-23 20:43:35 +0000 |
| commit | 219cd4db7e62878b3bd2cb537c73cb8acf04bf47 (patch) | |
| tree | 696c5258b56a004223a0843171791adba5fa96b5 | |
| parent | a954fd36827fbeffdb505c06cadb960d947e754b (diff) | |
reject attempts to upload invalid UTF-8 JSON. Closes COUCHDB-345
This patch requires JSON to be encoded using UTF-8. In the future we will
accept other encodings. Thanks Joan Touzet and James Dumay for the bug reports
and Curt Arnold for patches and discussion.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@818249 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | THANKS | 1 | ||||
| -rw-r--r-- | share/www/script/test/view_errors.js | 2 | ||||
| -rw-r--r-- | src/couchdb/couch_httpd.erl | 3 | ||||
| -rw-r--r-- | src/mochiweb/mochijson2.erl | 18 |
4 files changed, 21 insertions, 3 deletions
@@ -35,5 +35,6 @@ suggesting improvements or submitting changes. Some of these people are: * Sebastian Cohnen <sebastian.cohnen@gmx.net> * Sven Helmberger <sven.helmberger@gmx.de> * Dan Walters <dan@danwalters.net> + * Curt Arnold <carnold@apache.org> For a list of authors see the `AUTHORS` file. diff --git a/share/www/script/test/view_errors.js b/share/www/script/test/view_errors.js index 256e9569..0f90c46f 100644 --- a/share/www/script/test/view_errors.js +++ b/share/www/script/test/view_errors.js @@ -55,7 +55,7 @@ couchTests.view_errors = function(debug) { map : "function(doc){emit(doc.integer)}" }) }); - T(JSON.parse(xhr.responseText).error == "invalid_json"); + T(JSON.parse(xhr.responseText).error == "bad_request"); // views should ignore Content-Type, like the rest of CouchDB var xhr = CouchDB.request("POST", "/test_suite_db/_temp_view", { diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index bdceab33..ac9ec723 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -181,6 +181,9 @@ handle_request(MochiReq, DefaultFun, catch throw:{http_head_abort, Resp0} -> {ok, Resp0}; + throw:{invalid_json, S} -> + ?LOG_ERROR("attempted upload of invalid JSON ~s", [S]), + send_error(HttpReq, {bad_request, "invalid UTF-8 JSON"}); exit:normal -> exit(normal); throw:Error -> diff --git a/src/mochiweb/mochijson2.erl b/src/mochiweb/mochijson2.erl index 8b6adb1f..ee19458c 100644 --- a/src/mochiweb/mochijson2.erl +++ b/src/mochiweb/mochijson2.erl @@ -345,10 +345,24 @@ tokenize_string_fast(B, O) -> case B of <<_:O/binary, ?Q, _/binary>> -> O; - <<_:O/binary, C, _/binary>> when C =/= $\\ -> + <<_:O/binary, $\\, _/binary>> -> + {escape, O}; + <<_:O/binary, C1, _/binary>> when C1 < 128 -> tokenize_string_fast(B, 1 + O); + <<_:O/binary, C1, C2, _/binary>> when C1 >= 194, C1 =< 223, + C2 >= 128, C2 =< 191 -> + tokenize_string_fast(B, 2 + O); + <<_:O/binary, C1, C2, C3, _/binary>> when C1 >= 224, C1 =< 239, + C2 >= 128, C2 =< 191, + C3 >= 128, C3 =< 191 -> + tokenize_string_fast(B, 3 + O); + <<_:O/binary, C1, C2, C3, C4, _/binary>> when C1 >= 240, C1 =< 244, + C2 >= 128, C2 =< 191, + C3 >= 128, C3 =< 191, + C4 >= 128, C4 =< 191 -> + tokenize_string_fast(B, 4 + O); _ -> - {escape, O} + throw(invalid_utf8) end. tokenize_string(B, S=#decoder{offset=O}, Acc) -> |