From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Dan Frumin Newsgroups: gmane.lisp.guile.bugs Subject: bug#36350: [2.2.5] =?UTF-8?Q?=E2=80=98read-headers=E2=80=99?= blocks, thereby breaking web servers Date: Mon, 24 Jun 2019 14:05:57 +0200 Message-ID: <9061114e-67e8-7ec2-1d09-b1600ab07582@cs.ru.nl> References: <87pnn3b7f1.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="265170"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 To: 36350@debbugs.gnu.org Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Mon Jun 24 14:07:33 2019 Return-path: Envelope-to: guile-bugs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hfNkz-0016pP-LR for guile-bugs@m.gmane.org; Mon, 24 Jun 2019 14:07:33 +0200 Original-Received: from localhost ([::1]:50582 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hfNku-0003nJ-U7 for guile-bugs@m.gmane.org; Mon, 24 Jun 2019 08:07:32 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44369) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hfNkc-0003mM-HJ for bug-guile@gnu.org; Mon, 24 Jun 2019 08:07:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hfNkW-0006Yv-9P for bug-guile@gnu.org; Mon, 24 Jun 2019 08:07:06 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:42138) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hfNkT-0006WA-S9 for bug-guile@gnu.org; Mon, 24 Jun 2019 08:07:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hfNkT-0003Gi-LZ for bug-guile@gnu.org; Mon, 24 Jun 2019 08:07:01 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: <87pnn3b7f1.fsf@gnu.org> Resent-From: Dan Frumin Original-Sender: "Debbugs-submit" Resent-CC: bug-guile@gnu.org Resent-Date: Mon, 24 Jun 2019 12:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36350 X-GNU-PR-Package: guile Original-Received: via spool by 36350-submit@debbugs.gnu.org id=B36350.156137796112444 (code B ref 36350); Mon, 24 Jun 2019 12:07:01 +0000 Original-Received: (at 36350) by debbugs.gnu.org; 24 Jun 2019 12:06:01 +0000 Original-Received: from localhost ([127.0.0.1]:55682 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfNjV-0003EX-1h for submit@debbugs.gnu.org; Mon, 24 Jun 2019 08:06:01 -0400 Original-Received: from smtp1.science.ru.nl ([131.174.16.143]:57140) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hfNjT-0003EM-Mn for 36350@debbugs.gnu.org; Mon, 24 Jun 2019 08:06:00 -0400 Original-Received: from [145.116.188.250] (ip-145-116-188-250.wlan-int.ru.nl [145.116.188.250]) (authen=dfrumin) by smtp1.science.ru.nl (8.14.4/5.32) with ESMTP id x5OC5v9D006060 for <36350@debbugs.gnu.org>; Mon, 24 Jun 2019 14:05:57 +0200 Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Original-Sender: "bug-guile" Xref: news.gmane.org gmane.lisp.guile.bugs:9358 Archived-At: I believe that `(lookahead-char port)` really blocks when the client has finished sending the request and there is no more data from `port` to consume. If I understand it correctly, then per HTTP/1.1 [1] the request ends with CRLF at the last line, and then comes the message. So I we have read an empty string, then we shouldn't proceed with further lookaheads. Specifically, the following code works out for me: (define (read-header-line port) "Read an HTTP header line, including any continuation lines, and return the combined string without its final CRLF or LF. Raise a 'bad-header' exception if the line does not end in CRLF or LF, or if EOF is reached." (format #t "Reading header line now: ") (match (%read-line port) (((? string? line) . #\newline) ;; '%read-line' does not consider #\return a delimiter; so if it's ;; there, remove it. We are more tolerant than the RFC in that we ;; tolerate LF-only endings. (let ((line (if (string-suffix? "\r" line) (string-drop-right line 1) line))) ;; If the next character is a space or tab, then there's at least ;; one continuation line. Read the continuation lines by calling ;; 'read-header-line' recursively, and append them to this header ;; line, folding the leading spaces and tabs to a single space. (if (and (not (string-null? line)) (space-or-tab? (lookahead-char port))) (string-append line " " (string-trim (read-header-line port) spaces-and-tabs)) line))) ((line . _) ;EOF or missing delimiter (bad-header 'read-header-line line)))) Moreover, the continuation lines in general have been deprecated: [2]. I have to say I would be in favor of removing support for continuation lines in general. Best regards, -Dan [1]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html [2]: https://tools.ietf.org/html/rfc7230#section-3.2.4