From patchwork Sun Mar 21 12:55:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1456286 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=lCUfQmNN; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=hauke-m.de header.i=@hauke-m.de header.a=rsa-sha256 header.s=MBO0001 header.b=jcX8s+C7; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4F3HmL43WVz9sW1 for ; Mon, 22 Mar 2021 00:00:17 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=6mnIoIzo/xs4eHjNoPpxM1juAoHN+SyHidTMHSAC5i8=; b=lCUfQmNNI8lQ4Xcl6cSBllqDpg vKQS6TZzuMtr3JKaPx4BzHAdUSqOZ6D2pQUgCTFf1q7ULp0/emeY6kep/L+KANyc6ceMG1airEzYS /YxEXjBNs0ZRCC5q4M4r8HUlgsD5JQqbHhsHXm1RorX6g69XICkN4Xs8VeVDu/ROu64kRVL61PiZW 39+0vEgvvbw8pgrgroxRldmjFUI3+UhL63dma4MdAWOWV5wEE/51K8w8Ko4aFG0ChFt24+4sp4Wam Mol82NoI/fP47htPeTGryJ9zL6elIuO9wZctKWCLpF5f2Y1Z7nJLghfSKYMk8pxAKSQRH1rq3AIrC eY8U3FOQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lNxeY-009xI7-54; Sun, 21 Mar 2021 12:57:58 +0000 Received: from mout-p-201.mailbox.org ([2001:67c:2050::465:201]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lNxcU-009xD6-6f for openwrt-devel@lists.openwrt.org; Sun, 21 Mar 2021 12:57:53 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4F3Hg02sWYzQjn3; Sun, 21 Mar 2021 13:55:40 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hauke-m.de; s=MBO0001; t=1616331338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=I9jc7Evuoi4Zr6RYqpr6Jb9w25EZGeWMLXkQXHBjFUA=; b=jcX8s+C7zAjn1JVe0flvgDDrzy6Ga5AeDmyDhvgRbUJ2hmI2P5aeNsjSCGWGWNVjzNzwUP 8jbqCT7Zh19+9b34745Qo6i6+YYamEKGP2beh9wFRFoa2Qba05xCQ9JO+ovJSWsi956v5B 59WnQRFcmmwyUnYaZnGF8i5Uh9KXCrdSo7zXCM+2YQFyZ0/nvJu06YCOaI6XMaBuJNiyVa kREY20mPxBX0d9P1g2CtMmAeWpWGEKDDr3auGt1y8exn6wHEMXqorJCgPp6b4DrciNGvAt v51bFX55Dixn6nMkSmEGfGoq+n2LogSVh/uP6DWv8e/UZqhE1fK341tG00Am/g== Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030) with ESMTP id aZsZ5LR6QoYe; Sun, 21 Mar 2021 13:55:37 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Cc: jo@mein.io, Hauke Mehrtens Subject: [PATCH uhttpd v2] client: Always close connection with request body in case of error Date: Sun, 21 Mar 2021 13:55:10 +0100 Message-Id: <20210321125510.4126686-1-hauke@hauke-m.de> MIME-Version: 1.0 X-MBO-SPAM-Probability: ** X-Rspamd-Score: 2.00 / 15.00 / 15.00 X-Rspamd-Queue-Id: 28EB88A6 X-Rspamd-UID: a5bbf2 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210321_125750_511136_78950031 X-CRM114-Status: GOOD ( 12.20 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When we run into an error like a 404 Not Found the request body is not read and will be parsed as part of the next request. The next Request will then fail because there is unexpected data in it. When [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2001:67c:2050:0:0:0:465:201 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org When we run into an error like a 404 Not Found the request body is not read and will be parsed as part of the next request. The next Request will then fail because there is unexpected data in it. When we run into such a problem with a request body close return an error and close the connection. This should be easier than trying to recover the state. We saw this problem when /ubus/ was not installed, but the browser tried to access it. Then uhttpd returned a 404, but the next request done in this connection also failed with a HTTP 400, bad request. Fixes: FS#3378 Signed-off-by: Hauke Mehrtens --- client.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/client.c b/client.c index 6233d01..451f90d 100644 --- a/client.c +++ b/client.c @@ -138,6 +138,7 @@ void uh_request_done(struct client *cl) void __printf(4, 5) uh_client_error(struct client *cl, int code, const char *summary, const char *fmt, ...) { + struct http_request *r = &cl->request; va_list arg; uh_http_header(cl, code, summary); @@ -151,6 +152,16 @@ uh_client_error(struct client *cl, int code, const char *summary, const char *fm va_end(arg); } + /* Close the connection even when keep alive is set, when it + * contains a request body, as it was not read and we are + * currently out of sync. The alternative would be to read and + * discard the request body here. + */ + if (r->transfer_chunked || r->content_length > 0) { + cl->state = CLIENT_STATE_CLOSE; + cl->request.connection_close = true; + } + uh_request_done(cl); }