Perlbal crashable by client sending chunked upload
Brad Fitzpatrick
brad at danga.com
Sun Mar 9 03:59:00 UTC 2008
Jeremy,
Great find (and patch and test!). Committed as r766. Will be in new
release shortly here.....
Thanks, and sorry nobody got back to you in over a month. :(
- Brad
On Wed, Feb 6, 2008 at 8:40 AM, Jeremy James <jbj at forbidden.co.uk> wrote:
> Hi folks,
>
> We've picked up a perlbal bug in the wild - it seems that a client that
> attempts to send a bad (zero-length) chunked upload to a server with
> buffer_uploads turned on can crash the server.
>
> Reproduction is:
>
> # Config
> CREATE POOL testsvrs
> POOL testsvrs ADD 127.0.0.1:80
>
> CREATE SERVICE test
> SET role = reverse_proxy
> SET pool = testsvrs
> SET listen = 127.0.0.1:8080
> SET buffer_uploads = 1
> SET buffer_uploads_path = /tmp/
> ENABLE test
>
> # Request
> POST /status HTTP/1.0
> Transfer-Encoding: chunked
>
> 0
>
> # Outcome
> crash log: Can't use an undefined value as a symbol reference at
> lib/Perlbal/ClientProxy.pm line 1024.
>
>
> # Patch
> Attached patch contains fixes to ClientProxy (r753) to cope with
> zero-length first chunk (incidentally could this - a missing file handle
> - be the cause of the FIXME errors in purge_buffered_upload?), and an
> additional test in 52-chunked-upload.t to catch this issue.
>
> Best wishes,
> Jeremy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/perlbal/attachments/20080308/af0b7322/attachment.html
More information about the perlbal
mailing list