<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 12, 2012 at 7:24 PM, Anthony Molinaro <span dir="ltr"><<a href="mailto:anthonym@alumni.caltech.edu" target="_blank">anthonym@alumni.caltech.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Okay, I found it. Looks like this is the cause<br>
<br>
OTP-9389 Honor option packet_size for http packet parsing by both TCP<br>
socket and erlang:decode_packet. This gives the ability to<br>
accept HTTP headers larger than the default setting, but also<br>
avoid DoS attacks by accepting lines only up to<br>
whatever length you wish to allow. For consistency,<br>
packet type line also honor option packet_size. (Thanks<br>
to Steve Vinoski)<br>
<br>
With R14B04 when you have a header which is too long, your process<br>
gets a message like<br>
<br>
{http,#Port<0.120387186>,{http_error,"X2qutbTBbXg7VHgDDhGrEvDbzuxiyDlI7VFloMyAJKVqY2fTEkMc70UchLPRG8Cjowzmib4KszbCRwA5IBbAd2MbRi5X_tK2nfRtheavXdhQv8XbinzmhCM1E9YCeuFAg_9TfqUS0sWUd52mgjkWGqNe4Z9S0IxFYnFtf5..."}}<br>
<br>
in R15B02 you get a message like<br>
<br>
{tcp_error,#Port<0.104208233>,emsgsize}<br>
<br>
The prior case is handled correctly by mochiweb, the latter is not.<br></blockquote><div><br></div><div><br></div><div>I just ran a simple test case against the commit prior to <span style="font-family:arial,sans-serif;font-size:13px">5984409d and then against </span><span style="font-family:arial,sans-serif;font-size:13px">5984409d, in both cases sending an HTTP header of various lengths, and in both cases always received http_error, and never tcp_error. The server simply did a receive with the socket in http_bin mode.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">How long is the header in your case? Do you have a test case you can send me?</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I'm not sure if the commits for OTP-9389 actually caused this change or if<br>
it was some other change. Also, not sure if it was meant to be a backward<br>
compatible change or not (the comment on the commit<br>
<a href="https://github.com/erlang/otp/commit/5984409d1264871cbe61bfec875de53e51713efb" target="_blank">https://github.com/erlang/otp/commit/5984409d1264871cbe61bfec875de53e51713efb</a><br>
seems to suggest it was supposed to be backward compatible, but maybe this<br>
was a side effect? It seems like emsgsize is more correct.<br></blockquote><div><br></div><div><br></div><div>I think the intent was to be backward compatible; I seem to remember that putting the patch together was very difficult and time-consuming due to trying to achieve that, with numerous iterations and reviews.</div>
<div><br></div><div>--steve</div></div></div>