diff options
| author | John Christopher Anderson <jchris@apache.org> | 2010-07-19 22:46:14 +0000 |
|---|---|---|
| committer | John Christopher Anderson <jchris@apache.org> | 2010-07-19 22:46:14 +0000 |
| commit | 662bf6812ef0a4fa80cf137761f9b1b5a93821c0 (patch) | |
| tree | 8ac4c4e78f1f0f38e867c019df64af3a9d25a00f /src/couchdb/couch_httpd_stats_handlers.erl | |
| parent | 11aa4f9db32ef33ef8b9e17ee2a685c95bc553b2 (diff) | |
remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@965667 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'src/couchdb/couch_httpd_stats_handlers.erl')
| -rw-r--r-- | src/couchdb/couch_httpd_stats_handlers.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/couchdb/couch_httpd_stats_handlers.erl b/src/couchdb/couch_httpd_stats_handlers.erl index 26c8891d..41aeaed0 100644 --- a/src/couchdb/couch_httpd_stats_handlers.erl +++ b/src/couchdb/couch_httpd_stats_handlers.erl @@ -29,7 +29,8 @@ handle_stats_req(#httpd{method='GET', path_parts=[_, _Mod]}) -> handle_stats_req(#httpd{method='GET', path_parts=[_, Mod, Key]}=Req) -> flush(Req), - Stats = couch_stats_aggregator:get_json({?b2a(Mod), ?b2a(Key)}, range(Req)), + Stats = couch_stats_aggregator:get_json({list_to_atom(binary_to_list(Mod)), + list_to_atom(binary_to_list(Key))}, range(Req)), send_json(Req, {[{Mod, {[{Key, Stats}]}}]}); handle_stats_req(#httpd{method='GET', path_parts=[_, _Mod, _Key | _Extra]}) -> |