From: Dan Frumin <dfrumin@cs.ru.nl>
To: 36350@debbugs.gnu.org
Subject: bug#36350: [2.2.5] ‘read-headers’ blocks, thereby breaking web servers
Date: Mon, 24 Jun 2019 14:05:57 +0200 [thread overview]
Message-ID: <9061114e-67e8-7ec2-1d09-b1600ab07582@cs.ru.nl> (raw)
In-Reply-To: <87pnn3b7f1.fsf@gnu.org>
I believe that `(lookahead-char port)` really blocks when the client has finished sending the request and there is no more data from `port` to consume.
If I understand it correctly, then per HTTP/1.1 [1] the request ends with CRLF at the last line, and then comes the message. So I we have read an
empty string, then we shouldn't proceed with further lookaheads.
Specifically, the following code works out for me:
(define (read-header-line port)
"Read an HTTP header line, including any continuation lines, and
return the combined string without its final CRLF or LF. Raise a
'bad-header' exception if the line does not end in CRLF or LF, or if EOF
is reached."
(format #t "Reading header line now: ")
(match (%read-line port)
(((? string? line) . #\newline)
;; '%read-line' does not consider #\return a delimiter; so if it's
;; there, remove it. We are more tolerant than the RFC in that we
;; tolerate LF-only endings.
(let ((line (if (string-suffix? "\r" line)
(string-drop-right line 1)
line)))
;; If the next character is a space or tab, then there's at least
;; one continuation line. Read the continuation lines by calling
;; 'read-header-line' recursively, and append them to this header
;; line, folding the leading spaces and tabs to a single space.
(if (and (not (string-null? line))
(space-or-tab? (lookahead-char port)))
(string-append line " " (string-trim (read-header-line port)
spaces-and-tabs))
line)))
((line . _) ;EOF or missing delimiter
(bad-header 'read-header-line line))))
Moreover, the continuation lines in general have been deprecated: [2].
I have to say I would be in favor of removing support for continuation lines in general.
Best regards,
-Dan
[1]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html
[2]: https://tools.ietf.org/html/rfc7230#section-3.2.4
next prev parent reply other threads:[~2019-06-24 12:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 10:32 bug#36350: [2.2.5] ‘read-headers’ blocks, thereby breaking web servers Ludovic Courtès
2019-06-24 12:05 ` Dan Frumin [this message]
2019-06-24 12:44 ` Dan Frumin
2019-06-24 15:36 ` Mark H Weaver
2019-06-24 18:56 ` Ludovic Courtès
2019-06-25 7:22 ` Mark H Weaver
2019-06-30 19:50 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9061114e-67e8-7ec2-1d09-b1600ab07582@cs.ru.nl \
--to=dfrumin@cs.ru.nl \
--cc=36350@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).