Home GnuPG
Diffusion GnuPG a5e33618f421

dirmngr: Fix handling of the HTTP Content-Length

Description

dirmngr: Fix handling of the HTTP Content-Length

* dirmngr/http.c (cookie_s): Add fields pending, up_to_empty_line,
last_was_lf, and last_was_lfcr.
(http_context_s): Add field keep-alive.
(http_wait_response): Set up_to_empty_line.  Take care of keep_alive
flag.
(coookie_read): Implement detection of empty lines.
(cookie_write): Free the pending buffer.

The problem we fix here is that we already buffered stuff beyond the
empty line which marks the start of the content-length counting. Thus
we tried to wait for more bytes despite that everything had already
been read. This bug might have showed up more often in the real world
since the we changed the BUFSIZ on Windows from 512 byte to 8k. It
also depends on the length of the headers and whether the server
closed the connection so that we ignored the Content-Length.

The bug was introduced earlier than 2010 and could have the effect
that a connection got stuck until the network layer timed out.

Note that the keep-alive parts of the patch are not yet used.

Details

Provenance
wernerAuthored on Sep 26 2023, 12:33 PM
Parents
rGc91f759bafca: common: Add gnupg_memstr to replace static versions.
Branches
Unknown
Tags
Unknown