From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-3.5 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NORMAL_HTTP_TO_IP, NUMERIC_HTTP_ADDR shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 780081F953 for ; Wed, 21 Dec 2022 11:34:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1671622445; bh=OUCeEgoA0oxbX7Ol5F+kGKVs3QgX9Wq3dd91oLn57m0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=lnsXryhzYPMp0EFjGgGGxsly4jVfinxSqJOaqJwkb9XqPegUwQ2An4i2tZhZfSURv N5tW9BNxaYJlZFWZ2fG7zi866/Fzc4BiunYJWh4A3oE6Pdf8dRLRBoXhfgsihOatkw 7yJ4WZO/fL5nuheGQv+i6xHmlQx1Y2ioJyWNlKFw= From: Eric Wong To: mwrap-perl@80x24.org Subject: [PATCH 1/3] httpd: drop connection if 404 on POST bodies Date: Wed, 21 Dec 2022 11:34:03 +0000 Message-Id: <20221221113405.2129-2-e@80x24.org> In-Reply-To: <20221221113405.2129-1-e@80x24.org> References: <20221221113405.2129-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Persistent connections and undrained input don't mix; so the simplest thing is to drop the persistent connection when we short-circuit out on /$PID/ prefix mismatches. In retrospect, it's probably not worth supporting persistent connections at all for a AF_UNIX-only server... --- httpd.h | 1 + t/httpd.t | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/httpd.h b/httpd.h index eddea97..a59c9dd 100644 --- a/httpd.h +++ b/httpd.h @@ -310,6 +310,7 @@ static enum mw_qev h1_404(struct mw_h1 *h1) static const char r404[] = "HTTP/1.1 404 Not Found\r\n" "Content-Type: text/html\r\n" "Content-Length: 10\r\n\r\n" "Not Found\n"; + if (h1->has_input) h1->persist = 0; return h1_res_oneshot(h1, r404, sizeof(r404) - 1); } diff --git a/t/httpd.t b/t/httpd.t index 3fe9c1f..53cf420 100644 --- a/t/httpd.t +++ b/t/httpd.t @@ -161,6 +161,10 @@ SKIP: { '-HX-Mwrap-BT-Depth:10', '-XPOST', "http://0/$pid/ctl"); is($rc, 0, 'curl /ctl (X-Mwrap-BT-Depth)'); like(slurp($cout), qr/\bMWRAP=bt:10\b/, 'changed bt depth'); + + $rc = system(qw(curl -vsSf --unix-socket), $sock, '-o', $cout, + '-HX-Mwrap-BT-Depth:10', '-d', 'blah', "http://0/ctl"); + is($rc >> 8, 22, '404 w/o PID prefix'); };