[cs631apue] Writing to socket while client is still writing to it
lbustama
lbustama at stevens.edu
Tue Dec 3 00:57:15 EST 2013
BTW, apologies for the bad grammar... Just noticed it. I kept on
changing the body of my email and didn't re-read before sending it.
Hopefully it still make sense.
Luis
On 12/03/2013 12:54 AM, lbustama wrote:
> Hi, I'm running into the following issue.
>
> When we receive HTTP request, where the first line is greater 4096
> bytes, we stop reading from the socket, and reply with a 400 error
> code and send a generic HTML page with the 400 error code. When we
> test with a large request from the localhost the output received by
> the client looks as expected. When we test from a remote host we only
> receive the first line of output. I stepped through the code using gdb
> and the server is going through the same exact code and sending the
> full response. In fact when executing the code step by step using gdb
> the remote client receives the full output (not just the 1st line). I
> think the issue is happening because the client is still writing to
> the socket when the response is sent by the server (MTU sizes are
> different if working from the localhost vs a remote host):
>
>
> FROM THE LOCALHOST:
> $echo "GET $(echo -n /; for i in {1..10000}; do echo -n $i; if [
> $(($i % 50)) -eq 0 ]; then echo -n /; fi; done | tr [:digit:] a-z)
> HTTP/1.0" | nc localhost 9090
> HTTP/1.0 400 Bad Request
> Date: Tue, 03 Dec 2013 05:35:30 GMT
> Server: sws/1.0
> Content-Length: 0
>
> <html>
> <head>
> <title>Team Geronimo - 400 - Bad Request</title>
> </head>
> <body>
> <h1>Team Geronimo</h1>
> <p>400 - Bad Request</p>
> </body>
> </html>
>
> FROM A REMOTE HOST:
> $echo "GET $(echo -n /; for i in {1..10000}; do echo -n $i; if [
> $(($i % 50)) -eq 0 ]; then echo -n /; fi; done | tr [:digit:] a-z)
> HTTP/1.0" | nc eva 9090
> HTTP/1.0 400 Bad Request <<<<<<<<<<<<<<<<<<<<<<<<ONLY THE FIRST LINE
>
> If I change the code to finish reading all the input from the socket
> before sending the response "while(read(socket,buf, sizeof(buf))", the
> remote connection displays the right output, but that just leaves the
> server open for denial of service attacks (just keep on sending
> "infinite" junk to the server)
>
>
> Is there something we're missing, or is this the way it's supposed to
> work.
>
> Thanks a lot,
>
> Luis
More information about the cs631apue
mailing list