* [PATCH 2/3] http: ensure errors are printable before PSGI env
2016-03-06 2:09 5% [PATCH 0/3] http: some DoS prevention Eric Wong
@ 2016-03-06 2:09 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2016-03-06 2:09 UTC (permalink / raw)
To: meta; +Cc: Eric Wong
We cannot rely on a client socket having a PSGI env before headers
are fully-parsed as we seek to avoid storing hashes for idle
clients. Sso print errors to the psgi.errors value which belongs to
the httpd listener, instead.
---
lib/PublicInbox/HTTP.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm
index 8988e7d..15db139 100644
--- a/lib/PublicInbox/HTTP.pm
+++ b/lib/PublicInbox/HTTP.pm
@@ -251,7 +251,7 @@ sub env_chunked { ($_[0]->{HTTP_TRANSFER_ENCODING} || '') =~ /\bchunked\b/i }
sub write_err {
my ($self) = @_;
- my $err = $self->{env}->{'psgi.errors'};
+ my $err = $self->{httpd}->{env}->{'psgi.errors'};
my $msg = $! || '(zero write)';
$err->print("error buffering to input: $msg\n");
quit($self, 500);
@@ -264,7 +264,7 @@ sub recv_err {
$self->{input_left} = $len;
return;
}
- my $err = $self->{env}->{'psgi.errors'};
+ my $err = $self->{httpd}->{env}->{'psgi.errors'};
$err->print("error reading for input: $! ($len bytes remaining)\n");
quit($self, 500);
}
--
EW
^ permalink raw reply related [relevance 7%]
* [PATCH 0/3] http: some DoS prevention
@ 2016-03-06 2:09 5% Eric Wong
2016-03-06 2:09 7% ` [PATCH 2/3] http: ensure errors are printable before PSGI env Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2016-03-06 2:09 UTC (permalink / raw)
To: meta
Since public-inbox-httpd is may face untrusted clients directly
without a reverse proxy like haproxy/nginx; we should have some
basic protection to avoid DoS attacks involving excessive
resource use.
Eric Wong (3):
http: reject excessive headers
http: ensure errors are printable before PSGI env
http: reject excessively large HTTP request bodies
lib/PublicInbox/HTTP.pm | 23 ++++++++++++++++++++---
t/httpd-corner.t | 33 +++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+), 3 deletions(-)
^ permalink raw reply [relevance 5%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-03-06 2:09 5% [PATCH 0/3] http: some DoS prevention Eric Wong
2016-03-06 2:09 7% ` [PATCH 2/3] http: ensure errors are printable before PSGI env Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).