-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Develop 2.9 #26
Develop 2.9 #26
Conversation
Fix chunked response with correct function
* have edoc build things before generating docs. re: issue #135 * Minimize calls to gen_tcp:send() to optimize performance. Tests indicate a 50 to 1 performance improvement with this change. * update version to 2.9.1 * fixed an DoS vulnerability in Mochiweb/SSL * SSL: Fix for broken ECDH ciper suite in R16B See: http://osdir.com/ml/erlang-programming-bugs/2013-10/msg00004.html Fix inspired by ninenines/ranch@c0c09a1311 * SSL: remove unsafe ciphers and protocols from the default options. * update CHANGES and README for v2.9.2 #140 * Add recbuf config option. * update CHANGES for v2.10.0 #134 * move common testing functionality into mochiweb_test_util * end to end connect test for websocket * end to end test with text frames (ssl is broken) * fix ssl receive support for websocket * R15 debugging * update CHANGES for 2.10.1 * mitigate SSL and emfile related conditions per #138 * include 17.1 in travis config, only use latest releases of older versions * Accept range end position which exceededs the resource size RFC 2616 14.35.1 Byte Ranges If the last-byte-pos value is absent, or if the value is greater than or equal to the current length of the entity-body, last-byte-pos is taken to be equal to one less than the current length of the entity- body in bytes. This work is originally done by @shino * update CHANGES for 2.11.1 * Fix range parsing regression introduced in #147 * send "Connection: close" header when the server is going to force-close the connection #146 * As discussed with @etrepum, add missing license headers * update CHANGES for 2.12.1 * update copyright for mochiweb_session * attempt to fix active_socket accounting #149 * update CHANGES for v2.12.1 * exit when setopts result is {error,closed} #152 * Export stream_body/5, allows to specify a max body length * Allow recbuf to be undefined If recbuf option is undefined, the operating system decides on the buffer size If no buffer size is speciefied, streaming will happen in the chunks of MaxChunkSize
make test fails. Perhaps due to issue with Opts being passed into call_loop ... do other things need to change because of this?
This reverts commit 449796f.
Also needed toc hange the unit test. the unit test was testing a bad header ... but then expecting a 200 OK response ... but it is invalid? The test no longer exists in this form - so I'm not sure whether it is valid to change this. I can't find direct evidence the test was previously wrong. Perhaps I have misunderstoof the purpose of the test. 5a3d511. Does this imply that the test is expecting to handle another message correctly even if interrupted by a partial header?
If a header is too large. Also have test to confirm that seeting recbuf to a large value resolves this.
It appears the test was originaly menat to work as the "Other" case would be hit, and then when hitting the Other case - the code would previously just loop round without adding a header. This is no longer the case (i.e. even if the original 'Other' handling is provided).
Looking back at the spurious error fix, it is based on this: #20 However, this was based on the previous header collecting method in mochiweb, where mochiweb itself was parsing the headers. So now the test/change cannot work, as OTP is parsing the headers not mochiweb. So I think it is correct to alter the test back so that a spurious message throws a 400, as this cannot now be resolved. |
This introduces significant change, but almost all of this change is upstream and in use with other users. Not accepting this change, I don't think would constitute risk reduction - given the changes mainly represent bug and security fixes. Eventually we need to align with the upstream repository. |
This adds the support for setting recbuf from master, but not the support for handling spurious messages mid-header (which doesn't appear to have worked following the merging of other changes).
Also a header too large will now correctly return a 431 not a 400.