Develop 2.9 #26
Merged
Develop 2.9 #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix chunked response with correct function
* have edoc build things before generating docs. re: issue #135 * Minimize calls to gen_tcp:send() to optimize performance. Tests indicate a 50 to 1 performance improvement with this change. * update version to 2.9.1 * fixed an DoS vulnerability in Mochiweb/SSL * SSL: Fix for broken ECDH ciper suite in R16B See: http://osdir.com/ml/erlang-programming-bugs/2013-10/msg00004.html Fix inspired by ninenines/ranch@c0c09a1311 * SSL: remove unsafe ciphers and protocols from the default options. * update CHANGES and README for v2.9.2 #140 * Add recbuf config option. * update CHANGES for v2.10.0 #134 * move common testing functionality into mochiweb_test_util * end to end connect test for websocket * end to end test with text frames (ssl is broken) * fix ssl receive support for websocket * R15 debugging * update CHANGES for 2.10.1 * mitigate SSL and emfile related conditions per #138 * include 17.1 in travis config, only use latest releases of older versions * Accept range end position which exceededs the resource size RFC 2616 14.35.1 Byte Ranges If the last-byte-pos value is absent, or if the value is greater than or equal to the current length of the entity-body, last-byte-pos is taken to be equal to one less than the current length of the entity- body in bytes. This work is originally done by @shino * update CHANGES for 2.11.1 * Fix range parsing regression introduced in #147 * send "Connection: close" header when the server is going to force-close the connection #146 * As discussed with @etrepum, add missing license headers * update CHANGES for 2.12.1 * update copyright for mochiweb_session * attempt to fix active_socket accounting #149 * update CHANGES for v2.12.1 * exit when setopts result is {error,closed} #152 * Export stream_body/5, allows to specify a max body length * Allow recbuf to be undefined If recbuf option is undefined, the operating system decides on the buffer size If no buffer size is speciefied, streaming will happen in the chunks of MaxChunkSize
make test fails. Perhaps due to issue with Opts being passed into call_loop ... do other things need to change because of this?
This reverts commit 449796f.
Also needed toc hange the unit test. the unit test was testing a bad header ... but then expecting a 200 OK response ... but it is invalid? The test no longer exists in this form - so I'm not sure whether it is valid to change this. I can't find direct evidence the test was previously wrong. Perhaps I have misunderstoof the purpose of the test. 5a3d511. Does this imply that the test is expecting to handle another message correctly even if interrupted by a partial header?
If a header is too large. Also have test to confirm that seeting recbuf to a large value resolves this.
It appears the test was originaly menat to work as the "Other" case would be hit, and then when hitting the Other case - the code would previously just loop round without adding a header. This is no longer the case (i.e. even if the original 'Other' handling is provided).
|
Looking back at the spurious error fix, it is based on this: #20 However, this was based on the previous header collecting method in mochiweb, where mochiweb itself was parsing the headers. So now the test/change cannot work, as OTP is parsing the headers not mochiweb. So I think it is correct to alter the test back so that a spurious message throws a 400, as this cannot now be resolved. |
|
This introduces significant change, but almost all of this change is upstream and in use with other users. Not accepting this change, I don't think would constitute risk reduction - given the changes mainly represent bug and security fixes. Eventually we need to align with the upstream repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the support for setting recbuf from master, but not the support for handling spurious messages mid-header (which doesn't appear to have worked following the merging of other changes).
Also a header too large will now correctly return a 431 not a 400.