Must really be safe_read(),not full_read()? (was: [PATCH] fix httpd lockup in cgi POSTs)
Paul Albrecht
albrecht at rdi1.com
Tue Feb 13 13:34:40 UTC 2007
On Mon, 2007-02-12 at 23:34 +0100, Denis Vlasenko wrote:
> On Monday 12 February 2007 23:21, Matthias Reichl wrote:
> > On Mon, Feb 12, 2007 at 10:01:13PM +0100, Denis Vlasenko wrote:
> > > On Monday 12 February 2007 18:09, Matthias Reichl wrote:
> > > > if (firstline)
> > > > count = full_read(inFd, rbuf, 4);
> > > > /* read 4 bytes so we can check if the line begins with "HTTP" */
> > >
> > > So far I am happy with "bbox httpd doesn't support insane cgis
> > > which split their HTTP response" way.
> >
> > Would be OK for me, too. OTOH: it's a simple patch and it assures
> > that the current httpd could also deal with insane cgis.
>
> NO, IT CAN'T.
>
> If cgi will output "HTT" and then block in read() from fd#0
> while httpd is also blocked in full_read() trying to get at least
> four bytes, we will deadlock.
>
This scenario seems far fetched because http is a request/response
protocol. It doesn't make a lot of sense for a cgi program to start
producing output--the http response--before it has read and processed
request.
> > > > Better yet, do a full line read for the first line or completely
> > > > switch to line buffered input, as you suggested.
> > >
> > > Are you suggesting using stdio?
> > 4> Can't do that, or POSTDATA will break again.
> > >
> > > You basically need to _open-code_ buffering here. Than will work.
> >
> > No, I was thinking about using a function like getLine() when
> > reading the first line from the cgi. But that's not needed ATM
> > and would only be useful for future versions of httpd if they'd like
> > to parse the full first line.
> --
>
> vda
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://busybox.net/cgi-bin/mailman/listinfo/busybox
More information about the busybox
mailing list