[PATCH] Serf crash on spurious data between responses

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Fri, 09 Jan 2015 23:35:24 +0000

Philip Martin <philip.martin_at_wandisco.com> writes:

> While debugging a problem reported on users I accidentally sent an extra
> byte to the client: I sent Content-Length of N and then sent N+1 bytes.
> The first N bytes made a valid response, so serf was happy at that
> stage. When processing the next request the extra byte causes serf to
> attempt to handle the spurious data before any request handler is setup.
> This is with serf 1.3.x_at_2440.

Here's a patch that causes serf to return an error if this sort of
spurious data is received:

Index: outgoing.c
===================================================================
--- outgoing.c (revision 2445)
+++ outgoing.c (working copy)
@@ -1109,7 +1109,11 @@ static apr_status_t read_from_connection(serf_conn
                 goto error;
             }

- /* Unexpected response from the server */
+ /* Unexpected response from the server. This can happen if
+ * a buggy server sends more than Content-Length data.
+ */
+ status = SERF_ERROR_BAD_HTTP_RESPONSE;
+ goto error;

         }

-- 
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*

Received on 2015-01-10 00:36:39 CET

This message: [ Message body ]
Next message: Philip Martin: "Re: [PATCH] Serf crash on spurious data between responses"
Previous message: Philip Martin: "[PATCH] serf pollset confusion"
In reply to: Philip Martin: "Serf crash on spurious data between responses"
Next in thread: Philip Martin: "Re: [PATCH] Serf crash on spurious data between responses"
Reply: Philip Martin: "Re: [PATCH] Serf crash on spurious data between responses"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]