diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-04-13 03:36:12 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-04-13 03:36:12 +0000 |
commit | fe43cf59f6679a0b73b0ab980a9b120f9a6e2e08 (patch) | |
tree | d9ef2266bb365b0c1e3d2316d61ec04cd7ebf54a | |
parent | 1ea6af115589702923a795c4776135c3b1b37d06 (diff) | |
download | libmicrohttpd-fe43cf59f6679a0b73b0ab980a9b120f9a6e2e08.tar.gz libmicrohttpd-fe43cf59f6679a0b73b0ab980a9b120f9a6e2e08.zip |
improved MHD handling of client programmer bugs in handling of upload data
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | src/daemon/connection.c | 38 | ||||
-rw-r--r-- | src/examples/Makefile.am | 7 | ||||
-rw-r--r-- | src/testcurl/daemontest_large_put.c | 13 | ||||
-rw-r--r-- | src/testcurl/daemontest_postform.c | 7 | ||||
-rw-r--r-- | src/testcurl/daemontest_put.c | 7 | ||||
-rw-r--r-- | src/testcurl/daemontest_put_chunked.c | 7 |
7 files changed, 62 insertions, 26 deletions
@@ -1,3 +1,8 @@ | |||
1 | Sat Apr 12 21:34:26 MDT 2008 | ||
2 | Generate an internal server error if the programmer fails | ||
3 | to handle upload data correctly. Tweaked testcases to | ||
4 | avoid running into the problem in the testcases. -CG | ||
5 | |||
1 | Sat Apr 12 15:14:05 MDT 2008 | 6 | Sat Apr 12 15:14:05 MDT 2008 |
2 | Restructured the code (curl-testcases and zzuf testcases | 7 | Restructured the code (curl-testcases and zzuf testcases |
3 | are now in different directories; code examples are in | 8 | are now in different directories; code examples are in |
@@ -9,8 +14,8 @@ Sat Apr 12 15:14:05 MDT 2008 | |||
9 | errors (such as request too large and malformed requests). | 14 | errors (such as request too large and malformed requests). |
10 | Without that flag, the webpages returned will still be | 15 | Without that flag, the webpages returned will still be |
11 | empty. | 16 | empty. |
12 | Added zzuf-based fuzzing-testcases (these require the | 17 | Started to add zzuf-based fuzzing-testcases (these require |
13 | zzuf and socat binaries to be installed). | 18 | the zzuf and socat binaries to be installed). -CG |
14 | 19 | ||
15 | Fri Apr 11 20:20:34 MDT 2008 | 20 | Fri Apr 11 20:20:34 MDT 2008 |
16 | I hereby dub libmicrohttpd a GNU package. -Richard Stallman | 21 | I hereby dub libmicrohttpd a GNU package. -Richard Stallman |
diff --git a/src/daemon/connection.c b/src/daemon/connection.c index eb97c6b9..21768b5a 100644 --- a/src/daemon/connection.c +++ b/src/daemon/connection.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | (C) 2007 Daniel Pittman and Christian Grothoff | 3 | (C) 2007, 2008 Daniel Pittman and Christian Grothoff |
4 | 4 | ||
5 | This library is free software; you can redistribute it and/or | 5 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public | 6 | modify it under the terms of the GNU Lesser General Public |
@@ -82,6 +82,18 @@ | |||
82 | #define REQUEST_MALFORMED "" | 82 | #define REQUEST_MALFORMED "" |
83 | #endif | 83 | #endif |
84 | 84 | ||
85 | /** | ||
86 | * Response text used when there is an internal server error. | ||
87 | * | ||
88 | * Intentionally empty here to keep our memory footprint | ||
89 | * minimal. | ||
90 | */ | ||
91 | #if HAVE_MESSAGES | ||
92 | #define INTERNAL_ERROR "<html><head><title>Internal server error</title></head><body>Some programmer needs to study the manual more carefully.</body></html>" | ||
93 | #else | ||
94 | #define INTERNAL_ERROR "" | ||
95 | #endif | ||
96 | |||
85 | #define EXTRA_CHECKS MHD_YES | 97 | #define EXTRA_CHECKS MHD_YES |
86 | 98 | ||
87 | #if EXTRA_CHECKS | 99 | #if EXTRA_CHECKS |
@@ -676,7 +688,29 @@ MHD_connection_get_fdset (struct MHD_Connection *connection, | |||
676 | break; | 688 | break; |
677 | case MHD_CONNECTION_CONTINUE_SENT: | 689 | case MHD_CONNECTION_CONTINUE_SENT: |
678 | if (connection->read_buffer_offset == connection->read_buffer_size) | 690 | if (connection->read_buffer_offset == connection->read_buffer_size) |
679 | try_grow_read_buffer (connection); | 691 | { |
692 | if ((MHD_YES != try_grow_read_buffer (connection)) && | ||
693 | (0 != (connection->daemon->options & | ||
694 | (MHD_USE_SELECT_INTERNALLY | | ||
695 | MHD_USE_THREAD_PER_CONNECTION)))) | ||
696 | { | ||
697 | /* failed to grow the read buffer, and the | ||
698 | client which is supposed to handle the | ||
699 | received data in a *blocking* fashion | ||
700 | (in this mode) did not handle the data as | ||
701 | it was supposed to! | ||
702 | => we would either have to do busy-waiting | ||
703 | (on the client, which would likely fail), | ||
704 | or if we do nothing, we would just timeout | ||
705 | on the connection (if a timeout is even | ||
706 | set!). | ||
707 | Solution: we kill the connection with an error */ | ||
708 | transmit_error_response (connection, | ||
709 | MHD_HTTP_INTERNAL_SERVER_ERROR, | ||
710 | INTERNAL_ERROR); | ||
711 | continue; | ||
712 | } | ||
713 | } | ||
680 | if ((connection->read_buffer_offset < connection->read_buffer_size) | 714 | if ((connection->read_buffer_offset < connection->read_buffer_size) |
681 | && (MHD_NO == connection->read_closed)) | 715 | && (MHD_NO == connection->read_closed)) |
682 | do_fd_set (fd, read_fd_set, max_fd); | 716 | do_fd_set (fd, read_fd_set, max_fd); |
diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am index fd515a56..4111fa1e 100644 --- a/src/examples/Makefile.am +++ b/src/examples/Makefile.am | |||
@@ -4,13 +4,18 @@ INCLUDES = -I$(top_srcdir)/src/include | |||
4 | 4 | ||
5 | # example programs | 5 | # example programs |
6 | 6 | ||
7 | noinst_PROGRAMS = minimal_example fileserver_example | 7 | noinst_PROGRAMS = minimal_example querystring_example fileserver_example |
8 | 8 | ||
9 | minimal_example_SOURCES = \ | 9 | minimal_example_SOURCES = \ |
10 | minimal_example.c | 10 | minimal_example.c |
11 | minimal_example_LDADD = \ | 11 | minimal_example_LDADD = \ |
12 | $(top_builddir)/src/daemon/libmicrohttpd.la | 12 | $(top_builddir)/src/daemon/libmicrohttpd.la |
13 | 13 | ||
14 | querystring_example_SOURCES = \ | ||
15 | querystring_example.c | ||
16 | querystring_example_LDADD = \ | ||
17 | $(top_builddir)/src/daemon/libmicrohttpd.la | ||
18 | |||
14 | fileserver_example_SOURCES = \ | 19 | fileserver_example_SOURCES = \ |
15 | fileserver_example.c | 20 | fileserver_example.c |
16 | fileserver_example_LDADD = \ | 21 | fileserver_example_LDADD = \ |
diff --git a/src/testcurl/daemontest_large_put.c b/src/testcurl/daemontest_large_put.c index b0c7bf37..414ddf76 100644 --- a/src/testcurl/daemontest_large_put.c +++ b/src/testcurl/daemontest_large_put.c | |||
@@ -41,8 +41,12 @@ static int oneone; | |||
41 | * Do not make this much larger since we will hit the | 41 | * Do not make this much larger since we will hit the |
42 | * MHD default buffer limit and the test code is not | 42 | * MHD default buffer limit and the test code is not |
43 | * written for incremental upload processing... | 43 | * written for incremental upload processing... |
44 | * (larger values will likely cause MHD to generate | ||
45 | * an internal server error -- which would be avoided | ||
46 | * by writing the putBuffer method in a more general | ||
47 | * fashion). | ||
44 | */ | 48 | */ |
45 | #define PUT_SIZE (512 * 1024) | 49 | #define PUT_SIZE (256 * 1024) |
46 | 50 | ||
47 | static char *put_buffer; | 51 | static char *put_buffer; |
48 | 52 | ||
@@ -390,11 +394,8 @@ main (int argc, char *const *argv) | |||
390 | return 2; | 394 | return 2; |
391 | put_buffer = malloc (PUT_SIZE); | 395 | put_buffer = malloc (PUT_SIZE); |
392 | memset (put_buffer, 1, PUT_SIZE); | 396 | memset (put_buffer, 1, PUT_SIZE); |
393 | if (0) | 397 | errorCount += testInternalPut (); |
394 | { | 398 | errorCount += testMultithreadedPut (); |
395 | errorCount += testInternalPut (); | ||
396 | errorCount += testMultithreadedPut (); | ||
397 | } | ||
398 | errorCount += testExternalPut (); | 399 | errorCount += testExternalPut (); |
399 | free (put_buffer); | 400 | free (put_buffer); |
400 | if (errorCount != 0) | 401 | if (errorCount != 0) |
diff --git a/src/testcurl/daemontest_postform.c b/src/testcurl/daemontest_postform.c index 4142b138..0940e0ac 100644 --- a/src/testcurl/daemontest_postform.c +++ b/src/testcurl/daemontest_postform.c | |||
@@ -392,11 +392,8 @@ main (int argc, char *const *argv) | |||
392 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) | 392 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) |
393 | return 2; | 393 | return 2; |
394 | errorCount += testInternalPost (); | 394 | errorCount += testInternalPost (); |
395 | if (0) | 395 | errorCount += testMultithreadedPost (); |
396 | { | 396 | errorCount += testExternalPost (); |
397 | errorCount += testMultithreadedPost (); | ||
398 | errorCount += testExternalPost (); | ||
399 | } | ||
400 | if (errorCount != 0) | 397 | if (errorCount != 0) |
401 | fprintf (stderr, "Error (code: %u)\n", errorCount); | 398 | fprintf (stderr, "Error (code: %u)\n", errorCount); |
402 | curl_global_cleanup (); | 399 | curl_global_cleanup (); |
diff --git a/src/testcurl/daemontest_put.c b/src/testcurl/daemontest_put.c index e1f89402..3ce7d371 100644 --- a/src/testcurl/daemontest_put.c +++ b/src/testcurl/daemontest_put.c | |||
@@ -363,11 +363,8 @@ main (int argc, char *const *argv) | |||
363 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) | 363 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) |
364 | return 2; | 364 | return 2; |
365 | errorCount += testInternalPut (); | 365 | errorCount += testInternalPut (); |
366 | if (0) | 366 | errorCount += testMultithreadedPut (); |
367 | { | 367 | errorCount += testExternalPut (); |
368 | errorCount += testMultithreadedPut (); | ||
369 | errorCount += testExternalPut (); | ||
370 | } | ||
371 | if (errorCount != 0) | 368 | if (errorCount != 0) |
372 | fprintf (stderr, "Error (code: %u)\n", errorCount); | 369 | fprintf (stderr, "Error (code: %u)\n", errorCount); |
373 | curl_global_cleanup (); | 370 | curl_global_cleanup (); |
diff --git a/src/testcurl/daemontest_put_chunked.c b/src/testcurl/daemontest_put_chunked.c index 0cc3eb8f..f613882b 100644 --- a/src/testcurl/daemontest_put_chunked.c +++ b/src/testcurl/daemontest_put_chunked.c | |||
@@ -371,11 +371,8 @@ main (int argc, char *const *argv) | |||
371 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) | 371 | if (0 != curl_global_init (CURL_GLOBAL_WIN32)) |
372 | return 2; | 372 | return 2; |
373 | errorCount += testInternalPut (); | 373 | errorCount += testInternalPut (); |
374 | if (0) | 374 | errorCount += testMultithreadedPut (); |
375 | { | 375 | errorCount += testExternalPut (); |
376 | errorCount += testMultithreadedPut (); | ||
377 | errorCount += testExternalPut (); | ||
378 | } | ||
379 | if (errorCount != 0) | 376 | if (errorCount != 0) |
380 | fprintf (stderr, "Error (code: %u)\n", errorCount); | 377 | fprintf (stderr, "Error (code: %u)\n", errorCount); |
381 | curl_global_cleanup (); | 378 | curl_global_cleanup (); |