[prev in list] [next in list] [prev in thread] [next in thread]
List: mercurial-devel
Subject: Re: [PATCH 1 of 3 stable] hgweb: force connection close on early response
From: Augie Fackler <raf () durin42 ! com>
Date: 2013-07-29 18:11:38
Message-ID: 082D88EF-E5E8-43E0-9758-0205F486C954 () durin42 ! com
[Download RAW message or body]
On Jul 29, 2013, at 10:41 AM, Kevin Bullock <kbullock+mercurial@ringworld.org> wrote:
> > hgweb: force connection close on early response
> >
> > Not all WSGI servers close the socket when an early response is sent
> > to a large POST request, which can cause the server to interpret the
> > already-sent request body as an incoming (but hopelessly invalid)
> > request.
>
> Uhmmm... *ouch*. Would love to hear more details about this.
Sure. Each HTTP request goes through a state machine, roughly like this:
1) Connect
2) Send request headers
3) Send request body
4) Get response headers
5) Get response body
When we decide to respond early to a client, we jump to step 4 while step 3 is still \
happening. The RFC 2616 is silent on what you're supposed to do in this case, and \
doesn't even explicitly call it out as a valid case (though every server I've ever \
used allows it, although some only with non-200 status codes).
So you end up in a state where the client has probably sent some data on the wire, \
and then saw the response body[0]. This basically poisons the read side of the socket \
for the server, which will now see some fragment of POST body data as a new request \
header line, except that (except in *really* unlucky cases) the data lurking on the \
inbound (to the server) side of the socket won't be valid, and it'll cause the server \
to be angry and close the socket anyway.
The workaround is to always do "Connection: Close" on any early response, because the \
keepalive benefits aren't worth the risk. We only have to do this because some web \
servers aren't smart enough to do this on their own.
Does that help?
[0] This is actually the best case. Worst case is what httplib does, which is merrily \
writes request bytes until it gets an error from the server, which closed the socket \
because it's correctly paranoid about having sent an early response. Yay. \
_______________________________________________ Mercurial-devel mailing list
Mercurial-devel@selenic.com
http://selenic.com/mailman/listinfo/mercurial-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic