You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/05/28 15:19:47 UTC
[GitHub] [trafficserver] shinrich opened a new pull request #7905: Treat TRACE with body as bad request
shinrich opened a new pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905
Based on my reading of https://datatracker.ietf.org/doc/html/rfc2616#section-9.8 we should not process TRACE requests with a body specified.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
maskit commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-861989388
It doesn't work for chunked requests. I get a response from an origin server.
```
curl -v --http1.1 --header "Transfer-Encoding: chunked" -d aaa -X TRACE -k https://localhost:8443/
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
maskit commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-866437946
That's what I thought. I was hoping you might have some great idea.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] shinrich commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
shinrich commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-852326905
Missing return was causing the assert.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
maskit commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-851117541
I get `403 Bad Request` response as expected, but I see assertion failure on the server side.
```
curl --http1.1 -d aaa -X TRACE -kv https://localhost:8443/
```
```
[May 31 10:47:33.781] [ET_NET 0] DEBUG: <HttpTransact.cc:2229 (LookupSkipOpenServer)> (http_trans) Next action next; HttpTransact::HandleResponse
[May 31 10:47:33.781] [ET_NET 0] DEBUG: <HttpSM.cc:7343 (call_transact_and_set_next_state)> (http) [0] State Transition: SM_ACTION_API_CACHE_LOOKUP_COMPLETE -> SM_ACTION_ORIGIN_SERVER_OPEN
[May 31 10:47:33.781] [ET_NET 0] DEBUG: <HttpSM.cc:4909 (do_http_server_open)> (http_track) entered inside do_http_server_open ][ipv4]
Fatal: HttpSM.cc:4912: failed assertion `vc && vc->thread == this_ethread()`
2021-05-31 10:47:33.781348+0900 traffic_server[47798:868142] Fatal: HttpSM.cc:4912: failed assertion `vc && vc->thread == this_ethread()`
Process 47798 stopped
* thread #2, name = '[ET_NET 0]', stop reason = signal SIGABRT
frame #0: 0x00007fff203e792e libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
-> 0x7fff203e792e <+10>: jae 0x7fff203e7938 ; <+20>
0x7fff203e7930 <+12>: movq %rax, %rdi
0x7fff203e7933 <+15>: jmp 0x7fff203e1ad9 ; cerror_nocancel
0x7fff203e7938 <+20>: retq
Target 0: (traffic_server) stopped.
(lldb) bt
* thread #2, name = '[ET_NET 0]', stop reason = signal SIGABRT
* frame #0: 0x00007fff203e792e libsystem_kernel.dylib`__pthread_kill + 10
frame #1: 0x00007fff204165bd libsystem_pthread.dylib`pthread_kill + 263
frame #2: 0x00007fff2036b411 libsystem_c.dylib`abort + 120
frame #3: 0x0000000102f9241a libtscore.10.dylib`ink_abort(message_format="%s:%d: failed assertion `%s`") at ink_error.cc:99:3
frame #4: 0x0000000102f87e97 libtscore.10.dylib`::_ink_assert(expression="vc && vc->thread == this_ethread()", file="HttpSM.cc", line=4912) at ink_assert.cc:37:3
frame #5: 0x00000001002f5188 traffic_server`HttpSM::do_http_server_open(this=0x000000010d227b80, raw=false) at HttpSM.cc:4912:3
frame #6: 0x0000000100360590 traffic_server`HttpSM::set_next_state(this=0x000000010d227b80) at HttpSM.cc:7536:5
frame #7: 0x00000001002eb7b3 traffic_server`HttpSM::call_transact_and_set_next_state(this=0x000000010d227b80, f=0x0000000000000000)(HttpTransact::State*)) at HttpSM.cc:7345:3
frame #8: 0x0000000100304130 traffic_server`HttpSM::handle_api_return(this=0x000000010d227b80) at HttpSM.cc:1694:5
frame #9: 0x0000000100301b7c traffic_server`HttpSM::state_api_callout(this=0x000000010d227b80, event=0, data=0x0000000000000000) at HttpSM.cc:1626:5
frame #10: 0x00000001003536a6 traffic_server`HttpSM::do_api_callout_internal(this=0x000000010d227b80) at HttpSM.cc:5317:10
frame #11: 0x00000001002df58d traffic_server`HttpSM::do_api_callout(this=0x000000010d227b80) at HttpSM.cc:434:12
frame #12: 0x000000010035dafb traffic_server`HttpSM::set_next_state(this=0x000000010d227b80) at HttpSM.cc:7379:5
frame #13: 0x00000001002eb7b3 traffic_server`HttpSM::call_transact_and_set_next_state(this=0x000000010d227b80, f=0x0000000000000000)(HttpTransact::State*)) at HttpSM.cc:7345:3
frame #14: 0x0000000100304130 traffic_server`HttpSM::handle_api_return(this=0x000000010d227b80) at HttpSM.cc:1694:5
frame #15: 0x0000000100301b7c traffic_server`HttpSM::state_api_callout(this=0x000000010d227b80, event=0, data=0x0000000000000000) at HttpSM.cc:1626:5
frame #16: 0x00000001003536a6 traffic_server`HttpSM::do_api_callout_internal(this=0x000000010d227b80) at HttpSM.cc:5317:10
frame #17: 0x00000001002df58d traffic_server`HttpSM::do_api_callout(this=0x000000010d227b80) at HttpSM.cc:434:12
frame #18: 0x000000010035dafb traffic_server`HttpSM::set_next_state(this=0x000000010d227b80) at HttpSM.cc:7379:5
frame #19: 0x00000001002eb7b3 traffic_server`HttpSM::call_transact_and_set_next_state(this=0x000000010d227b80, f=0x0000000000000000)(HttpTransact::State*)) at HttpSM.cc:7345:3
frame #20: 0x0000000100325d9a traffic_server`HttpSM::state_hostdb_lookup(this=0x000000010d227b80, event=500, data=0x000062a00000af80) at HttpSM.cc:2351:5
frame #21: 0x00000001002de4bb traffic_server`HttpSM::main_handler(this=0x000000010d227b80, event=500, data=0x000062a00000af80) at HttpSM.cc:2708:5
frame #22: 0x000000010000c173 traffic_server`Continuation::handleEvent(this=0x000000010d227b80, event=500, data=0x000062a00000af80) at I_Continuation.h:219:12
frame #23: 0x000000010096124d traffic_server`reply_to_cont(cont=0x000000010d227b80, r=0x000062a00000af80, is_srv=false) at HostDB.cc:503:9
frame #24: 0x000000010095b8b9 traffic_server`HostDBContinuation::do_dns(this=0x000000010a06cdc0) at HostDB.cc:1595:9
frame #25: 0x0000000100961f5f traffic_server`HostDBContinuation::probeEvent(this=0x000000010a06cdc0, (null)=2, e=0x000062c000006520) at HostDB.cc:1511:3
frame #26: 0x000000010000c173 traffic_server`Continuation::handleEvent(this=0x000000010a06cdc0, event=2, data=0x000062c000006520) at I_Continuation.h:219:12
frame #27: 0x0000000100f98683 traffic_server`EThread::process_event(this=0x0000000109137800, e=0x000062c000006520, calling_code=2) at UnixEThread.cc:164:22
frame #28: 0x0000000100f99e78 traffic_server`EThread::execute_regular(this=0x0000000109137800) at UnixEThread.cc:273:11
frame #29: 0x0000000100f9b3cc traffic_server`EThread::execute(this=0x0000000109137800) at UnixEThread.cc:364:11
frame #30: 0x0000000100f95d0b traffic_server`spawn_thread_internal(a=0x0000607000007790) at Thread.cc:92:12
frame #31: 0x00007fff204168fc libsystem_pthread.dylib`_pthread_start + 224
frame #32: 0x00007fff20412443 libsystem_pthread.dylib`thread_start + 15
(lldb) f 5
frame #5: 0x00000001002f5188 traffic_server`HttpSM::do_http_server_open(this=0x000000010d227b80, raw=false) at HttpSM.cc:4912:3
4909 SMDebug("http_track", "entered inside do_http_server_open ][%.*s]", static_cast<int>(fam_name.size()), fam_name.data());
4910
4911 NetVConnection *vc = ua_txn->get_netvc();
-> 4912 ink_release_assert(vc && vc->thread == this_ethread());
4913 pending_action = nullptr;
4914
4915 // Clean up connection tracking info if any. Need to do it now so the selected group
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] shinrich merged pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
shinrich merged pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] shinrich commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
shinrich commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-852405436
[approve ci autest]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] bryancall commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
bryancall commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-856322516
@rob05c is going to take a look at this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] shinrich commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
shinrich commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-863583996
Allowing for an empty chunked encoding body means that we would need to push our check back to the post tunnel close. I don't think the additional complexity warrants that very narrow strictly speaking legal case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] shinrich commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
shinrich commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-852477343
The argument to fail in this case is concern about framing errors pre-HTTP/2. If there is a body, and we don't fail, then we need to either forward on the body or drain the body. The current code just passes along the trace without the body and then ATS processes the body separately. Which will probably fail, but anytime you break framing you are opening the door for someone to try to be clever. I think it would be cleaner and safer to fail and close the connection.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] rob05c commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
rob05c commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-852440808
RFC7231 says
https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.8
> A client MUST NOT send a message body in a TRACE request.
It doesn't say a server or cache MUST respond with an error. IMO we're conforming to the spec either way. The client has violated the spec, and we're not forbidden or required to do anything when they do. Thus, I'd lean toward following the Robustness Principle, and just ignore the body and serve them as best we can, because we can.
But I don't think we're violating the RFC either way.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] zwoop commented on pull request #7905: Treat TRACE with body as bad request
Posted by GitBox <gi...@apache.org>.
zwoop commented on pull request #7905:
URL: https://github.com/apache/trafficserver/pull/7905#issuecomment-888657922
Cherry-picked to v9.1.x branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org