libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] unable to respond before reading entire incoming pay

From: Ken Zangelin
Subject: Re: [libmicrohttpd] unable to respond before reading entire incoming payload
Date: Tue, 13 Dec 2016 11:22:40 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 
Hi, thanksfor the fast reply.


On 12/12/16 20:39, Evgeny Grin wrote:

Hi,


I am provoking a request for 'Payload too large' for our MHD server, by
using curl sending a short request (~25 bytes) but adding a Content-Len
header of a lot more (2 megabytes).

To clarify: you are not providing some large request body, you are just
added Content-Length header?


That's it, I lie to my server (simulating a bug in a client).
I send a request with a 25-byte payload but the Content-Length header says it has 2 megabytes. 




In our case the maximum payload we accept is a megabyte.

So, in the mhd callback routines we detect the  Content-Len header (and
probably read the 25 bytes of payload as well, haven't checked) and when
we see that the Content-Len header value is beyond our allowed max size,
we want to return a response with a payload telling the user about the
error.

We've tried to set the upload_data_size pointer to point to ZERO,
awaiting the last call to the callback, but it never comes.

Probably due to that MHD still believes there is more data to read.

Using MHD_OPTION_CONNECTION_TIMEOUT, at least the connection resets
instead of hangs, but ... we'd like to send that response ...

Is there any way to accomplish what we want?

If request has header that indicated 2megs size of request body, MHD
will read whole request before sending response. So if request has only
header indicating that body is 2MB, but body is absent or smaller - MHD
will wait for for whole 2MB (indefinitely or until timeout).

Yes, this is what happens. I've set the timeout to 5 secs and it times out.



If you request is real 2MB size and you don't want to process it, you
can read whole 2MB, but ignore it and send response with error.
Alternatively - you can abort connection, but if client is web-browser,
it will repeat sending request.


Sure, if that was the case ...
Now, the problem I have is that I am not able to send a reply to the faulty client. I detect the error and I try to reply but MHD is in a state that doesn't accept writes, still "reading" the incoming package. 

So, my question is:

Is there anyway I can respond to this 'lying client'?
[ perhaps forcing MHD to stop reading on the socket, just send a reply and closing it ] 

Thanks!

/KZ
reply via email to
[Prev in Thread] Current Thread [Next in Thread]