re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity

To: mrg%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, parrottjustin16%gmail.com@localhost
Subject: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
From: matthew green <mrg%eterna.com.au@localhost>
Date: Sat, 3 Apr 2021 23:30:02 +0000 (UTC)

The following reply was made to PR bin/56085; it has been noted by GNATS.

From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%netbsd.org@localhost, parrottjustin16%gmail.com@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
Date: Sun, 04 Apr 2021 09:29:12 +1000

 > >Description:
 > bozodgetln grows a buffer to infinity. =

 indeed it does.  thanks for the report.

 > This appears to be limited by httpd->header_timeout (off by default).

 this should be 10 seconds:

 #define HEADER_WAIT_TIME        "10"    /* need more headers every 10 seco=
 nds */

         if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIM=
 E))

 and then

         if ((cp =3D bozo_get_pref(prefs, "header timeout")) !=3D NULL) {
 		httpd->header_timeout =3D atoi(cp);

 so if you're not seeing timeouts either from the initial connection
 (should be 30s) or any time after this for headers at 10s, there is
 something happening i'm not seeing here.  eg, if i connect and do
 nothing, timeout after 30s, if i connect and only give it a non 0.9
 request, so it is waiting for headers, disconnect 10s later.

 > Patch below - minimally tested against running the daemon out of inetd. =
  Also, users should impose a header timeout.

 i'm re-using the existing value for BOZO_HEADERS_MAX_SIZE for
 the request as well, rather than adding another value.  it
 has a default of 16KB.

 i don't understand the first chunk here:

 > Index: bozohttpd.c
 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 > RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v
 > retrieving revision 1.128
 > diff -r1.128 bozohttpd.c
 > 859a860,864
 > > 	if (!str) {
 > > 		bozo_http_error(httpd, 400, request, "bad headers");
 > > 		goto cleanup;
 > > 	}
 > > =

 what is this trying to fix?  it's not invalid for there to be
 nothing left here is it?

 thanks.

 .mrg.

 ps: please use 'diff -pu' (or at least 'diff -pc').

Prev by Date: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
Next by Date: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
Previous by Thread: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
Next by Thread: re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity
Indexes:

Home | Main Index | Thread Index | Old Index