dovecot-2.2: lib-http: Don't silently truncate response payload ...

dovecot at dovecot.org dovecot at dovecot.org
Mon Sep 28 12:01:35 UTC 2015 

details:   http://hg.dovecot.org/dovecot-2.2/rev/ecad47a83d1d
changeset: 19240:ecad47a83d1d
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Sep 28 15:00:04 2015 +0300
description:
lib-http: Don't silently truncate response payload if server disconnects during it.

diffstat:

 src/lib-http/http-message-parser.c |  25 +++++++++++++++++++++++--
 1 files changed, 23 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r 5fa5cbdf65a3 -r ecad47a83d1d src/lib-http/http-message-parser.c
--- a/src/lib-http/http-message-parser.c	Mon Sep 28 14:59:04 2015 +0300
+++ b/src/lib-http/http-message-parser.c	Mon Sep 28 15:00:04 2015 +0300
@@ -3,6 +3,8 @@
 #include "lib.h"
 #include "array.h"
 #include "istream.h"
+#include "iostream.h"
+#include "istream-sized.h"
 #include "http-parser.h"
 #include "http-header.h"
 #include "http-header-parser.h"
@@ -383,8 +385,22 @@
 	return ret;
 }
 
+static const char *
+http_istream_error_callback(const struct istream_sized_error_data *data,
+			    struct istream *input)
+{
+	i_assert(data->eof);
+	i_assert(data->v_offset + data->new_bytes < data->wanted_size);
+
+	return t_strdup_printf("Disconnected from server at offset %"PRIuUOFF_T
+		" (wanted %"PRIuUOFF_T"): %s", data->v_offset + data->new_bytes,
+		data->wanted_size, io_stream_get_disconnect_reason(input, NULL));
+}
+
 int http_message_parse_body(struct http_message_parser *parser, bool request)
 {
+	struct istream *input;
+
 	parser->error_code = HTTP_MESSAGE_PARSE_ERROR_NONE;
 	parser->error = NULL;
  
@@ -472,9 +488,14 @@
 		}
 
 		/* Got explicit message size from Content-Length: header */
-		parser->payload =
-			i_stream_create_limit(parser->input,
+		input = i_stream_create_limit(parser->input,
 					      parser->msg.content_length);
+		/* Make sure we return failure if HTTP connection closes before
+		   we've finished reading the full input. */
+		parser->payload = i_stream_create_sized_with_callback(input,
+					parser->msg.content_length,
+					http_istream_error_callback, input);
+		i_stream_unref(&input);
 	} else if (!parser->msg.have_content_length && !request) {
 		/* RFC 7230, Section 3.3.3: Message Body Length

More information about the dovecot-cvs mailing list