Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 6883
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: sgt_b [...] security-forums.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 5.800
Fixed in: (no value)



Subject: Incorrect HTTP status code returned if RST packet is received from server upon HTTP request
Download (untitled) / with headers
text/plain 3.6k
Running Perl 5.8.3 on Slackware Linux 9.1 Kernel 2.6.4 libwww-perl-5.800 Webserver running Apache 2.0.49 on FreeBSD 4.10 In a Denial of Service condition, the webserver will begin sending out RST packets for all new connections. While this condition is taking place, a request is sent by the following perl script. The status code of 200 is returned, when the only response the script received from its request was an RST packet. Here is the test script: ------------- #!/usr/bin/perl use LWP; use HTTP::Request::Common; use HTTP::Response; $ua = LWP::UserAgent->new; $response = $ua->request(GET "http://victim.local.net"); if ($response->is_success) { print "success ", $response->code()."\n"; }else{ print "failed ", $response->code()."\n"; } -------------- The following packet trace was generated from this script. 192.168.3.17 is the script host, and 192.168.3.31 is the webserver. -------------- 21:18:17.965957 192.168.3.17.3939 > 192.168.3.31.80: S [tcp sum ok] 2630041349:2630041349(0) win 5840 <mss 1460,sackOK,timestamp 20538814 0,nop,wscale 0> (DF) (ttl 64, id 23227, len 60) 0x0000 4500 003c 5abb 4000 4006 5880 c0a8 0311 E..<Z.@.@.X..... 0x0010 c0a8 031f 0f63 0050 9cc3 3f05 0000 0000 .....c.P..?..... 0x0020 a002 16d0 5743 0000 0204 05b4 0402 080a ....WC.......... 0x0030 0139 65be 0000 0000 0103 0300 .9e......... 21:18:17.965993 192.168.3.31.80 > 192.168.3.17.3939: S [tcp sum ok] 645439017:645439017(0) ack 2630041350 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 18079034 20538814> (DF) (ttl 64, id 56437, len 60) 0x0000 4500 003c dc75 4000 4006 d6c5 c0a8 031f E..<.u@.@....... 0x0010 c0a8 0311 0050 0f63 2678 9e29 9cc3 3f06 .....P.c&x.)..?. 0x0020 a012 e000 ee12 0000 0204 05b4 0103 0300 ................ 0x0030 0101 080a 0113 dd3a 0139 65be .......:.9e. 21:18:17.969021 192.168.3.17.3939 > 192.168.3.31.80: . [tcp sum ok] ack 1 win 5840 <nop,nop,timestamp 20538817 18079034> (DF) (ttl 64, id 23228, len 52) 0x0000 4500 0034 5abc 4000 4006 5887 c0a8 0311 E..4Z.@.@.X..... 0x0010 c0a8 031f 0f63 0050 9cc3 3f06 2678 9e2a .....c.P..?.&x.* 0x0020 8010 16d0 e304 0000 0101 080a 0139 65c1 .............9e. 0x0030 0113 dd3a ...: 21:18:18.195585 192.168.3.17.3939 > 192.168.3.31.80: P [tcp sum ok] 1:121(120) ack 1 win 5840 <nop,nop,timestamp 20539044 18079034> (DF) (ttl 64, id 23229, len 172) 0x0000 4500 00ac 5abd 4000 4006 580e c0a8 0311 E...Z.@.@.X..... 0x0010 c0a8 031f 0f63 0050 9cc3 3f06 2678 9e2a .....c.P..?.&x.* 0x0020 8018 16d0 f814 0000 0101 080a 0139 66a4 .............9f. 0x0030 0113 dd3a 4745 5420 2f20 4854 5450 2f31 ...:GET./.HTTP/1 0x0040 2e31 0d0a 5445 3a20 6465 666c 6174 652c .1..TE:.deflate, 0x0050 677a 6970 3b71 3d30 2e33 0d0a 436f 6e6e gzip;q=0.3..Conn 0x0060 6563 7469 6f6e 3a20 5445 2c20 636c 6f73 ection:.TE,.clos 0x0070 650d 0a48 6f73 743a 2076 6963 7469 6d2e e..Host:.victim. 0x0080 6c6f 6361 6c2e 6e65 740d 0a55 7365 722d local.net..User- 0x0090 4167 656e 743a 206c 6962 7777 772d 7065 Agent:.libwww-pe 0x00a0 726c 2f35 2e38 3030 0d0a 0d0a rl/5.800.... 21:18:18.195614 192.168.3.31.80 > 192.168.3.17.3939: R [tcp sum ok] 645439018:645439018(0) win 0 (ttl 64, id 56538, len 40) 0x0000 4500 0028 dcda 0000 4006 1675 c0a8 031f E..(....@..u.... 0x0010 c0a8 0311 0050 0f63 2678 9e2a 0000 0000 .....P.c&x.*.... 0x0020 5004 0000 540a 0000 P...T... ------------------------ The script outputs the following: ------------------------ sgt_b@slacktop:~/perl$ ./test.pl success 200


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.