You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/12/15 17:41:58 UTC
DO NOT REPLY [Bug 37920] New: - mod_proxy proxy_http should flush data when it receives POST data from client
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
Summary: mod_proxy proxy_http should flush data when it receives
POST data from client
Product: Apache httpd-2
Version: 2.2.0
Platform: PC
OS/Version: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: m.vezzelli@e-works.it
When apache receives POST data from a client and mod_proxy is enabled, apache
should pass data to mod_proxy without buffering and mod_proxy should pass data
to backend server without buffering.
This issue was already discussed in 19954 and 33029 concerning GET requests and
tunnels.
GET requests are working: if backend server responds 1 byte, this byte arrives
to the client.
How to reproduce:
a client must make a POST request with a large content-size but a single byte
is sent for the body. This byte will never reach backend server.
Windows binary client that reproduces the problem is available under request.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 37920] - mod_proxy does not flush data on POST requests from client
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
rahul@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version|Windows NT |All
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 37920] - mod_proxy does not flush data on POST requests from client
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
m.vezzelli@e-works.it changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |major
Summary|mod_proxy proxy_http should |mod_proxy does not flush
|flush data when it receives |data on POST requests from
|POST data from client |client
------- Additional Comments From m.vezzelli@e-works.it 2005-12-16 12:31 -------
I can't get POST data even with nph-cgi.... could it be an apache core issue?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 37920] - mod_proxy does not flush data on POST requests from client
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
rahul@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From rahul@sun.com 2007-02-09 08:11 -------
The behavior is due to the following logic in mod_proxy_http.c
We read the data using ap_get_bridade,
Now ap_get_brigade will return an EOS only if the remaining data
( as calculated as content-length - current read in
http_filters.c:ap_http_filter: [ lenp = apr_table_get(f->r->headers_in,
"Content-Length");] )
is '0'
Since our condition for exiting the while loop is APR_BUCKET_IS_EOS, we do not
exit before reading the entire data as specified in content length. Since we do
not write the data to the client side any where in this loop, the client never
gets any data.
The way to fix this would be to move up the part where we send the
stream_reqbody_cl, and change it to keep sending the data to client side during
the loop.
--846 - 898
/* Prefetch MAX_MEM_SPOOL bytes
*
* This helps us avoid any election of C-L v.s. T-E
* request bodies, since we are willing to keep in
* memory this much data, in any case. This gives
* us an instant C-L election if the body is of some
* reasonable size.
*/
temp_brigade = apr_brigade_create(p, bucket_alloc);
do {
status = ap_get_brigade(r->input_filters, temp_brigade,
AP_MODE_READBYTES, APR_BLOCK_READ,
MAX_MEM_SPOOL - bytes_read);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: prefetch request body failed to %pI (%s)"
" from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
return status;
}
apr_brigade_length(temp_brigade, 1, &bytes);
bytes_read += bytes;
/*
* Save temp_brigade in input_brigade. (At least) in the SSL case
* temp_brigade contains transient buckets whose data would get
* overwritten during the next call of ap_get_brigade in the loop.
* ap_save_brigade ensures these buckets to be set aside.
* Calling ap_save_brigade with NULL as filter is OK, because
* input_brigade already has been created and does not need to get
* created by ap_save_brigade.
*/
status = ap_save_brigade(NULL, &input_brigade, &temp_brigade, p);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: processing prefetched request body failed"
" to %pI (%s) from %s (%s)",
p_conn->addr, p_conn->hostname ? p_conn->hostname: "",
c->remote_ip, c->remote_host ? c->remote_host: "");
return status;
}
/* Ensure we don't hit a wall where we have a buffer too small
* for ap_get_brigade's filters to fetch us another bucket,
* surrender once we hit 80 bytes less than MAX_MEM_SPOOL
* (an arbitrary value.)
*/
} while ((bytes_read < MAX_MEM_SPOOL - 80)
&& !APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade)));
/* Use chunked request body encoding or send a content-length body?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 37920] - mod_proxy does not flush data on POST requests from client
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
------- Additional Comments From jorton@redhat.com 2007-02-27 09:25 -------
The buffering is just an optimisation to avoid the cases where the proxy
decides it is a good idea to send chunked request bodies, there is no security
requirement to do so.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 37920] - mod_proxy does not flush data on POST requests from client
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37920>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37920
------- Additional Comments From rpluem@apache.org 2007-02-09 13:39 -------
As far as I can remember the whole request body needs to be buffered to avoid
HTTP Request Smuggling (see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088). So if I remember
correctly this cannot be changed to a "non-buffering" behaviour.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org