From owner-freebsd-bugs Sun Jan 6 6:40:15 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BEF3337B419 for ; Sun, 6 Jan 2002 06:40:06 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g06Ee6X82763; Sun, 6 Jan 2002 06:40:06 -0800 (PST) (envelope-from gnats) Received: from slovo.yandex.ru (slovo.yandex.ru [213.180.194.148]) by hub.freebsd.org (Postfix) with ESMTP id D483C37B417 for ; Sun, 6 Jan 2002 06:30:25 -0800 (PST) Received: (from tejblum@localhost) by slovo.yandex.ru (8.11.3/8.9.3) id g06EUJ467960; Sun, 6 Jan 2002 17:30:20 +0300 (MSK) (envelope-from tejblum) Message-Id: <200201061430.g06EUJ467960@slovo.yandex.ru> Date: Sun, 6 Jan 2002 17:30:20 +0300 (MSK) From: tejblum@yandex-team.ru Reply-To: tejblum@yandex-team.ru To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/33608: libfetch work unreliable fetching dynamic content, e.g. PHP Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 33608 >Category: bin >Synopsis: libfetch work unreliable fetching dynamic content, e.g. PHP >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 06 06:40:05 PST 2002 >Closed-Date: >Last-Modified: >Originator: Dmitrij Tejblum >Release: FreeBSD 4.3-RELEASE i386 >Organization: Yandex >Environment: >Description: There is the following code in the _http_fillbuf function: if (c->chunksize == 0) { char endl[2]; read(c->fd, endl, 2); } It supposed to skip "\r\n" from an end-of-chunk. But c->fd is a socket, thus the read may return after reading just one byte, and leave the connection in an inconsistent state. >How-To-Repeat: Observed mostly on files generated by PHP. PHP tends to make chunks of a lot of different sizes. >Fix: A very simple patch: Index: http.c =================================================================== RCS file: /home/ncvs/src/lib/libfetch/http.c,v retrieving revision 1.13.2.13 diff -u -p -r1.13.2.13 http.c --- http.c 2001/03/15 23:54:09 1.13.2.13 +++ http.c 2001/12/27 20:33:30 @@ -190,8 +190,9 @@ _http_fillbuf(struct cookie *c) c->chunksize -= c->b_len; if (c->chunksize == 0) { - char endl[2]; - read(c->fd, endl, 2); + char endl; + read(c->fd, &endl, 1); + read(c->fd, &endl, 1); } c->b_pos = 0; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message