http: limit handler uri to 1K

This is just the part of the tree that will be matched when looking up a handler. Requests may come in with very much longer URIs, and be matched to the handler as a "subdirectory". This approach makes it possible to avoid a dynamic allocation on the handler, at the cost of pre-allocating 1KB with the handler object. This size can be overridden using a NNG_HTTP_MAX_URI at compile time.
nanomsg · Dec 22, 2024 · a24b4f1 · a24b4f1
1 parent d60a16a
commit a24b4f1
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/docs/man/nng_http_handler_alloc.3http.adoc b/docs/man/nng_http_handler_alloc.3http.adoc
@@ -51,6 +51,12 @@ by the _path_ argument.
 Only the path component of the Request URI is
 considered when determining whether the handler should be called.
 
+This implementation limits the _path_ length to 1024 bytes, including the
+zero termination byte.  This does not prevent requests with much longer
+URIs from being supported, doing so will require setting the handler
+to matching a parent path in the tree using
+xref:nng_http_handler_set_tree.3http.adoc[`nng_http_handler_set_tree`()].
+
 Additionally each handler has a method it is registered to handle
 (the default is `GET`, see
 xref:nng_http_handler_set_method.3http.adoc[`nng_http_handler_set_method()`]), and

diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
@@ -227,7 +227,8 @@ they may be silently truncated to the limit:
 
 - Hostnames are limited per RFC 1035 to 253 characters (not including terminating "." or zero byte.)
 - HTTP Method names are limited to 32 bytes (the longest IANA registered method is currently 18 bytes, used for WebDAV.)
-- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes.
+- The fixed part of URI pathnames used with HTTP handlers is limited to 1024 bytes. (Longer URIs may be accepted
+  by using [`nng_http_handler_set_tree`] and matching a parent of the directory component.)
 
 The following API calls have changed so that they are `void` returns, and cannot fail.
 They may silently truncate data.

diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c
@@ -22,9 +22,13 @@
 
 #include "http_api.h"
 
+#ifndef NNG_HTTP_MAX_URI
+#define NNG_HTTP_MAX_URI 1024
+#endif
+
 struct nng_http_handler {
 	nni_list_node   node;
-	char           *uri;
+	char            uri[NNG_HTTP_MAX_URI];
 	char            method[32];
 	char            host[256]; // RFC 1035
 	nng_sockaddr    host_addr;
@@ -114,10 +118,7 @@ nni_http_handler_init(
 	if ((uri == NULL) || (strlen(uri) == 0) || (strcmp(uri, "/") == 0)) {
 		uri = "";
 	}
-	if ((h->uri = nni_strdup(uri)) == NULL) {
-		nni_http_handler_fini(h);
-		return (NNG_ENOMEM);
-	}
+	(void) snprintf(h->uri, sizeof(h->uri), "%s", uri);
 	NNI_LIST_NODE_INIT(&h->node);
 	h->cb             = cb;
 	h->data           = NULL;
@@ -143,7 +144,6 @@ nni_http_handler_fini(nni_http_handler *h)
 	if (h->dtor != NULL) {
 		h->dtor(h->data);
 	}
-	nni_strfree(h->uri);
 	NNI_FREE_STRUCT(h);
 }