OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in mod_ratelimit?


Hello,

Upon some initial testing of the patch we have found some conditions to which this will still break, consider the following:

Put something like this into your php file,

	for ($i = 1; $i <= 2000; $i++) {
	    header("x$i: $i");
	}

Set your rate limit pretty low and it will cause the headers to be larger than the chunk size, 
and you will see an error with those responses such as this:

curl -H'Host: cptestaddon.com' http://10.215.218.12/
curl: (56) Illegal or missing hexadecimal sequence in chunked-encoding

which of course means the page doesn’t load.

Real world how often is it set that low is unknown but thought we’d share our findings.

Cory

> On Jul 19, 2018, at 2:53 PM, Cory McIntire <cory@xxxxxxxxxx> wrote:
> 
> Hello Yann,
> 
> We can confirm this patch works on our end. We’ll apply this and send out an update. 
> 
>> On Jul 19, 2018, at 2:41 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>> 
>> On Thu, Jul 19, 2018 at 8:23 PM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
>>> 
>>> Yann, any idea?
>> 
>> Looks like we missed the simplest case :/
>> 
>> Index: modules/filters/mod_ratelimit.c
>> ===================================================================
>> --- modules/filters/mod_ratelimit.c    (revision 1835556)
>> +++ modules/filters/mod_ratelimit.c    (working copy)
>> @@ -208,7 +208,7 @@ rate_limit_filter(ap_filter_t *f, apr_bucket_briga
>>                    ap_remove_output_filter(f);
>>                }
>>                else if (!APR_BUCKET_IS_FLUSH(e)) {
>> -                    if (APR_BRIGADE_EMPTY(bb)) {
>> +                    if (ctx->do_sleep && APR_BRIGADE_EMPTY(bb)) {
>>                        /* Wait for more (or next call) */
>>                        break;
>>                    }
>> _
> 
> Much appreciated,
> Cory
> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature