Git Mailing List Archive on lore.kernel.org
 help / color / Atom feed
From: Jonathan Nieder <jrnieder@gmail.com>
To: Max Kirillov <max@max630.net>
Cc: git@vger.kernel.org, "Jeff King" <peff@peff.net>,
	"Jelmer Vernooij" <jelmer@jelmer.uk>,
	"Florian Manschwetus" <manschwetus@cs-software-gmbh.de>
Subject: [PATCH] http-backend: treat empty CONTENT_LENGTH as zero
Date: Mon, 10 Sep 2018 20:42:27 -0700
Message-ID: <20180911034227.GB20518@aiede.svl.corp.google.com> (raw)
In-Reply-To: <20180910205359.32332-1-max@max630.net>

As discussed in v2.19.0-rc0~45^2~2 (http-backend: respect
CONTENT_LENGTH as specified by rfc3875, 2018-06-10), HTTP servers such
as IIS do not close a CGI script's standard input at the end of a
request, instead expecting CGI scripts to stop reading after
CONTENT_LENGTH bytes.  That commit taught http-backend to respect this
convention except when CONTENT_LENGTH is unset, in which case it
preserved the previous behavior of reading until EOF.

RFC 3875 (the CGI specification) explains:

   The CONTENT_LENGTH variable contains the size of the message-body
   attached to the request, if any, in decimal number of octets.  If no
   data is attached, then NULL (or unset).

      CONTENT_LENGTH = "" | 1*digit

And:

   This specification does not distinguish between zero-length (NULL)
   values and missing values.

But that specification was written before HTTP/1.1 and chunked
encoding.  With chunked encoding, the length of a request is not known
early and it is useful to start a CGI script to process it anyway, so
Apache and many other servers violate the spec: they leave
CONTENT_LENGTH unset and rely on EOF to indicate the end of request.
This is reproducible using t5510-fetch.sh, which hangs if http-backend
is patched to treat a missing CONTENT_LENGTH as zero.

So we are in a bind: to support HTTP servers that don't produce EOF,
http-backend should respect an unset or empty CONTENT_LENGTH that
represents zero, and to support chunked encoding, http-backend should
respect an unset CONTENT_LENGTH that represents "read until EOF".

Fortunately, there's a way out.  Use the HTTP_TRANSFER_ENCODING
environment variable to distinguish the two cases.

Reported-by: Jeff King <peff@peff.net>
Helped-by: Max Kirillov <max@max630.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
How about this?

 http-backend.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/http-backend.c b/http-backend.c
index 458642ef72..7902eeb0b3 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -350,10 +350,25 @@ static ssize_t read_request_fixed_len(int fd, ssize_t req_len, unsigned char **o
 
 static ssize_t get_content_length(void)
 {
-	ssize_t val = -1;
+	ssize_t val;
 	const char *str = getenv("CONTENT_LENGTH");
 
-	if (str && *str && !git_parse_ssize_t(str, &val))
+	if (!str || !*str) {
+		/*
+		 * According to RFC 3875, an empty or missing
+		 * CONTENT_LENGTH means "no body", but RFC 3875
+		 * precedes HTTP/1.1 and chunked encoding. Apache and
+		 * its imitators leave CONTENT_LENGTH unset for
+		 * chunked requests, for which we should use EOF to
+		 * detect the end of the request.
+		 */
+		str = getenv("HTTP_TRANSFER_ENCODING");
+		if (str && !strcmp(str, "chunked"))
+			return -1;
+
+		return 0;
+	}
+	if (!git_parse_ssize_t(str, &val))
 		die("failed to parse CONTENT_LENGTH: %s", str);
 	return val;
 }
-- 
2.19.0.397.gdd90340f6a


  parent reply index

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-06  6:10 CONTENT_LENGTH can no longer be empty Jonathan Nieder
2018-09-06 19:35 ` [PATCH] http-backend: allow empty CONTENT_LENGTH Max Kirillov
2018-09-06 21:54   ` Junio C Hamano
2018-09-07  3:27     ` Max Kirillov
2018-09-07  3:38       ` Jeff King
2018-09-07  4:20         ` Max Kirillov
2018-09-07  4:59         ` Max Kirillov
2018-09-07  9:49           ` Junio C Hamano
2018-09-08  5:41             ` Max Kirillov
2018-09-09  4:40             ` Max Kirillov
2018-09-06 22:45   ` Jonathan Nieder
2018-09-07  3:36   ` [PATCH v2] " Max Kirillov
2018-09-09  4:10     ` [PATCH v4] " Max Kirillov
2018-09-10  5:25       ` Jonathan Nieder
2018-09-10 13:17         ` Jeff King
2018-09-10 16:37           ` Junio C Hamano
2018-09-10 18:46             ` Jeff King
2018-09-10 20:53         ` [PATCH] http-backend: Treat empty CONTENT_LENGTH as zero Max Kirillov
2018-09-10 21:22           ` Jonathan Nieder
2018-09-11  1:55             ` Jeff King
2018-09-11  2:20               ` Jonathan Nieder
2018-09-11  2:30                 ` Jeff King
2018-09-11  1:58           ` Jeff King
2018-09-11  3:42           ` Jonathan Nieder [this message]
2018-09-11  4:03             ` [PATCH] http-backend: treat " Jonathan Nieder
2018-09-11 18:15               ` Junio C Hamano
2018-09-11 18:27                 ` Junio C Hamano
2018-09-12  5:56                 ` Jeff King
2018-09-12  6:26                   ` Jonathan Nieder
2018-09-12 16:10                   ` Junio C Hamano
2018-09-11  4:18             ` Junio C Hamano
2018-09-11  4:29               ` Jonathan Nieder
2018-09-08  0:19 [PATCH v2] http-backend: allow empty CONTENT_LENGTH Jonathan Nieder
2018-09-08  5:35 ` Max Kirillov
2018-09-08  5:42 ` [PATCH v3] " Max Kirillov
2018-09-10  5:17   ` Jonathan Nieder
2018-09-10 20:36     ` Max Kirillov
2018-09-11  4:06 Jonathan Nieder
2018-09-11 20:33 ` [PATCH v2] http-backend test: make empty CONTENT_LENGTH test more realistic Max Kirillov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180911034227.GB20518@aiede.svl.corp.google.com \
    --to=jrnieder@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=jelmer@jelmer.uk \
    --cc=manschwetus@cs-software-gmbh.de \
    --cc=max@max630.net \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Mailing List Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/git/0 git/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 git git/ https://lore.kernel.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.git


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git