From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:c151::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id iIG8KrLFT2AudQAA0tVLHw (envelope-from ) for ; Mon, 15 Mar 2021 20:38:10 +0000 Received: from aspmx2.migadu.com ([2001:41d0:2:c151::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id uEJ1JrLFT2DPVgAAB5/wlQ (envelope-from ) for ; Mon, 15 Mar 2021 20:38:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx2.migadu.com (Postfix) with ESMTPS id DB0B923D11 for ; Mon, 15 Mar 2021 21:38:09 +0100 (CET) Received: from localhost ([::1]:49970 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLtyb-0002B2-3i for larch@yhetil.org; Mon, 15 Mar 2021 16:38:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53650) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLtyU-0002Aa-Bl for bug-guix@gnu.org; Mon, 15 Mar 2021 16:38:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54001) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lLtyU-0001BI-4R for bug-guix@gnu.org; Mon, 15 Mar 2021 16:38:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lLtyU-0000O4-21; Mon, 15 Mar 2021 16:38:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47157: =?UTF-8?Q?=E2=80=9CBad?= Read-Header-Line header: =?UTF-8?Q?#=E2=80=9D?= while substituting Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 15 Mar 2021 20:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47157 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 47157-submit@debbugs.gnu.org id=B47157.16158406601457 (code B ref 47157); Mon, 15 Mar 2021 20:38:01 +0000 Received: (at 47157) by debbugs.gnu.org; 15 Mar 2021 20:37:40 +0000 Received: from localhost ([127.0.0.1]:37314 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLty7-0000NQ-V5 for submit@debbugs.gnu.org; Mon, 15 Mar 2021 16:37:40 -0400 Received: from mira.cbaines.net ([212.71.252.8]:36884) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLty6-0000NJ-L3 for 47157@debbugs.gnu.org; Mon, 15 Mar 2021 16:37:39 -0400 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:8ac0:b4c7:f5c8:7caa]) by mira.cbaines.net (Postfix) with ESMTPSA id 9180527BC52; Mon, 15 Mar 2021 20:37:37 +0000 (GMT) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 8faf2117; Mon, 15 Mar 2021 20:37:36 +0000 (UTC) References: <87eeggh4rh.fsf@inria.fr> <871rcgfiz9.fsf@cbaines.net> <87a6r4cg88.fsf@gnu.org> User-agent: mu4e 1.4.15; emacs 27.1 From: Christopher Baines In-reply-to: <87a6r4cg88.fsf@gnu.org> Date: Mon, 15 Mar 2021 20:37:35 +0000 Message-ID: <87sg4wdugg.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 47157@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615840690; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=Z7JCZ1YFtPAsvM1Xlic3lkF5JEpr+IXE5n0JzpPq3EY=; b=hkazSEUn17uOdA5C9kkV2IaRiSyFmxPCjetPgB3iMyJE8Tg6OEVRqOXIaixdmmCfuhZfZd 4vjNy30xegoco0g0SYZqFOj9OQ8ppPBN/CL8IUHI87VKN+kAyUMdeIG7vkzNLM08i6rcBL LBEpwhLrdvswrmEEugqVKSESnjcr1B6cCK6t/kHD6CV7xxRm60lYiFzrsM2YVnzw9lXVAn Q07RdXgcZLxKvC1SNupmUyxOmmBHiVJhSeu27GXTHB7fpAqaYbRwhpINLsHEQaZPazmhFI HJbf2eZPzLDZ1p52PrQfURKfe1fIaNOkdZjkvhB7EUS0tqaXr5mABd57l2eYqQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615840690; a=rsa-sha256; cv=none; b=EQJxJLkdsHFHAqtwscxFqTVZAogpj8Krv/6FLXBfcKkg7veWCXQZUkekQRooBGbOVleZvN fMpj8PRkC/aozO/432KkVxhjh9tDx4rBxJQNGbm3b9hvkXMKk6+BqrULt1/YfaKjJ9X7LK gmW4u11hnpTKfgiCNxZGDpn0z1TGTUc+s+FO0k8ltnI2gqtDPoTQGrc7//Knk2MpcwJUNQ DeDB2QqCrHjP2pi8e3+4uEbWJ4KmGbVvvZp0VIpMbwNTocfZeX/DDRXORqC+CY8IgBT/zw 3m508WmPlVAefj3894hdp9GOpvq3xN/fuQmEBXkLkOIslKSRn22mn3D/8sk1iA== ARC-Authentication-Results: i=1; aspmx2.migadu.com; dkim=none; spf=pass (aspmx2.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -4.50 Authentication-Results: aspmx2.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx2.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: DB0B923D11 X-Spam-Score: -4.50 X-Migadu-Scanner: scn0.migadu.com X-TUID: JK16HgOgMVQd --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Christopher Baines skribis: > >>> I think 7b812f7c84c43455cdd68a0e51b6ded018afcc8e and subsequent commits >>> may have caused this regression. In particular, in >>> 20c08a8a45d0f137ead7c05e720456b2aea44402, >>> =E2=80=98call-with-connection-error-handling=E2=80=99 is now used, but = that one doesn=E2=80=99t >>> catch the exceptions mentioned above, in this case =E2=80=98bad-header= =E2=80=99. >> >> I think the behaviour changed unintentionally with [1], however, >> thinking about the connection reuse in process-substitution compared >> with http-multiple-get, there's no attempt here to look at if the server >> has specified whether the connection should be closed. >> >> 1: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3Df50f5751fff4c= fc6d5abba9681054569694b7a5c >> >> Just like http-multiple-get, it's probably worth trying to check the >> headers of the response, look at whether the server has indicated that >> the connection should be closed, and if so, close the connection, >> forcing a new one to be established for future requests. > > I think that=E2=80=99s not enough because we can=E2=80=99t rely on the se= rver=E2=80=99s state > intent here. > > For example, you have a keep-alive connection that you keep in cache. > Minutes later, you come back and send a request over that port. If the > server dropped the connection in the meantime, that can manifest in any > of the ways we=E2=80=99ve seen: 'bad-response when attempting to read the > response, some 'gnutls-error, 'system-error and EPIPE, etc. There=E2=80= =99s no > way to determine in advance whether the socket is fine. > > That=E2=80=99s why the initial approach was to wrap all the call sites we= re the > socket was known to be possibly =E2=80=9Ctainted=E2=80=9D in =E2=80=98wit= h-cached-connection=E2=80=99. > >> I've now actually got around to testing this, I'm no expert at running >> the substitute script manually without the guix-daemon, but I gave it a >> go, using a local NGinx instance which just allowed two requests per >> connection. > > I believe in this case =E2=80=98port-closed?=E2=80=99 returns true becaus= e the > socket/TLS record port got closed right at the end of the response, so > it=E2=80=99s the =E2=80=9Ceasy=E2=80=9D case; I don=E2=80=99t think it ca= ptures the situation I > described above where an error comes up later while trying to write > to/read from the port. Yeah, of course, I think error handling is needed as well, it just occurred to me when looking at this issue and the relevant code. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmBPxZBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XeivA//WjkDgeggXZKfZyzacELl6b7tcx0BS2Ql 7ZaubFvK0Y2rFwEfBUsmCAhTtOsfh/+Q+PsaekXSMxrhUV7greS7LLesrFCbvidr n+sWmQ5M6sj/+pp5bh/Xk3VKJiy3bC2bjGzskxt2LJq8c/Nxw9hZpg8qsGwZSqI3 TU0r/nmvh8B+7OuQ4zjBtLGM3uF3H1GTdqnfQyQr4B+K5HmYlk3YECegdRcyJy0n OedztwAIBrJrXFYqsQTS9GmQfg8EnMb+T7c+jXUptFDniKJPLhGldfV2NrBNqhjY w+sRsKwX1XEwgzhii7AxUPNI2xUeu2RorZgHjIwYRlMh82GNEMz5VP0mYx3kbVrC dBhcHvqlELuaK+21uv4g6mg+VPUTvjCdPuDWimdZ2MJX3GaACQk7ed+8erb2zn+0 YH91i+yLxlCFwoF9YHIhNsrmFLc7IvxZzsl5FSDQyfS56xsHvbreqWW8d0OfJ6GY XFaf0oNY8TMVC2yy28mOBKvJQTeGxdaJAORmfNOrA4Rl52oVgNuiWnGzpkg/yRdm HYdbXTVzHYzf2byvlwOwot7JBaSPxHGPzbl4KglOCb2RxwpM0luEtce2CwK3uVpr vt1afnrW4kUPJeGXnkVmyKbinioMuQ9AV9VBZfDrO7VrHurcQd3xDJ/CcLnF8nUX v9WqaGi8iCE= =A6Tc -----END PGP SIGNATURE----- --=-=-=--