[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #50845] Wrong SSI tag handling if tag places on the ed
From: |
Dmitry |
Subject: |
[lwip-devel] [bug #50845] Wrong SSI tag handling if tag places on the edge of 2xMSS buffer and LWIP_HTTPD_SSI_INCLUDE_TAG = 0 |
Date: |
Fri, 21 Apr 2017 04:12:14 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 |
URL:
<http://savannah.nongnu.org/bugs/?50845>
Summary: Wrong SSI tag handling if tag places on the edge of
2xMSS buffer and LWIP_HTTPD_SSI_INCLUDE_TAG = 0
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: gdi
Submitted on: Fri 21 Apr 2017 08:12:13 AM UTC
Category: apps
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: 1.4.1
_______________________________________________________
Details:
I found a trouble in SSI handling in httpsever_raw application of lwip v1.4.1
and the same issue presented in v2.0.x too.
The issue is appeared if we will set LWIP_HTTPD_SSI_INCLUDE_TAG = 0 and will
parse a long *.shtml file which size more than 5840 (2x2920) bytes and if you
have SSI tag which starts before 5840-th byte of file and it has its closing
'>' symbol after the 5840-th byte.
In this case we won't set the hs->tag_end variable and it will point to the
end of previous tag and hs->tag_state will be in a TAG_FOUND state. So the
state machine will be in some unfinished state. And in this situation the next
part of data will be loaded to the 'hs->file' buffer, but the tag state
machine will point to the old addresses. In this case the buffer won't be
handled till the address which is pointed by hs->parsed and then continue to
parse the buffer at near the end position. And file buffer will be sent as is
with all unparsed tags.
I'm also found a solution:
I've add some checking.
Sorry this is not a patch, because I can't find where can I clone this
sources. Initially I've got it from Texas Instruments Tiva Ware examples.
/* If we drop out of the end of the for loop, this implies we must have
* file data to send so send it now. In TAG_SENDING state, we've already
* handled this so skip the send if that's the case. */
if((hs->tag_state != TAG_SENDING) && (hs->parsed > hs->file)) {
/* We cannot send more data than space available in the send
buffer. */
if (tcp_sndbuf(pcb) < (hs->parsed - hs->file)) {
len = tcp_sndbuf(pcb);
+#if !LWIP_HTTPD_SSI_INCLUDE_TAG
+ } else if ((hs->tag_state != TAG_NONE) && (hs->tag_started >
hs->tag_end))
+ {/* If we found tag on the edge of 2*mss buffer (5240 bytes) */
+ len = (u16_t)(hs->tag_started - hs->file);
+ hs->left -= (hs->parsed - hs->tag_started);
+ hs->parsed = hs->tag_started;
+ hs->tag_started = hs->buf;
+#endif
} else {
LWIP_ASSERT("Data size does not fit into u16_t!",
(hs->parsed - hs->file) <= 0xffff);
The same fix can be applied in appropriate place in lwip v2.0.x httpd
example.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?50845>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #50845] Wrong SSI tag handling if tag places on the edge of 2xMSS buffer and LWIP_HTTPD_SSI_INCLUDE_TAG = 0,
Dmitry <=