Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 97044
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: zur.Nieden [...] xenet.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.65



Subject: wrong limited read in http_cat
Date: Tue, 08 Jul 2014 08:58:57 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: "Hartwig zur Nieden" <zur.Nieden [...] xenet.de>
Download (untitled) / with headers
text/plain 677b
in SSLeay.pm, v1.64, line 1205 in function 'http_cat' it says ($got, $errs) = tcp_read_all(200000); which seems to be a remaining hard-limit for maximum number of read bytes for tcp_read_all. It should read: ($got, $errs) = tcp_read_all(); so the basic limit of 2000000000 Bytes ist used. Sorry if this report does not apply to any rules; it's my first bug-report :-) Greetings, Hartwig zur Nieden -- Hartwig zur Nieden | XeNET GmbH Telefon: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40 Fax: +49-5323-94014 | Registergericht: Amtsgericht Braunschweig HRB 110823 Email: zur.Nieden@xenet.de | Geschaeftsfuehrer: Matthias Meyser
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Sun, 13 Jul 2014 07:23:31 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.1k
Hello, Thanks for your report. Why does the count need to be changed? What bad effect are you seeing because of that? Cheers. On Tuesday, July 08, 2014 02:59:21 AM you wrote: Show quoted text
> Tue Jul 08 02:59:20 2014: Request 97044 was acted upon. > Transaction: Ticket created by zur.Nieden@xenet.de > Queue: Net-SSLeay > Subject: wrong limited read in http_cat > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: zur.Nieden@xenet.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > > in SSLeay.pm, v1.64, line 1205 in function 'http_cat' it says > > ($got, $errs) = tcp_read_all(200000); > > which seems to be a remaining hard-limit for maximum number of read bytes > for tcp_read_all. It should read: > > ($got, $errs) = tcp_read_all(); > > so the basic limit of 2000000000 Bytes ist used. > > > Sorry if this report does not apply to any rules; it's my first bug-report > :-) > > Greetings, > Hartwig zur Nieden
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Mon, 14 Jul 2014 10:52:58 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: "Hartwig zur Nieden" <zur.Nieden [...] xenet.de>
Download (untitled) / with headers
text/plain 1.4k
Am 12.07.2014, 23:23 Uhr, schrieb Mike McCauley via RT <bug-Net-SSLeay@rt.cpan.org>: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > Hello, > > Thanks for your report. > Why does the count need to be changed? What bad effect are you seeing because > of that? > > Cheers.
Hi, we used 'get_http' in a project with mixed requests to http and https for an AJAX wrapper to an SAP-Service. One week ago we got errors on XML-requests and after analyzing we realized that the XML-Response was truncated. Deeper analysis in SSLeay.pm showed, that 'get_http' calls 'http_cat' in which a too much and hard-coded limit in the call to 'tcp_read_all' leads to the truncation. Our response including the header is 208126 Bytes, which leads to invalid XML because of truncation to 200000 Bytes. Even the hard limit of 2000000000 for me seems to be unapropriate and it would be nice to be able to set a Module-Variable for this limit, which can be found hard-coded in 'ssl_read_all', 'tcp_read_all' and 'ssl_read_until'. Btw: is it correct, that in function 'tcpcat' the uninitialized variable '$ssl' is given as read-limit-parameter in the call to 'tcp_read_all'? Mit freundlichem Gruß, Hartwig zur Nieden -- Hartwig zur Nieden | XeNET GmbH Telefon: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40 Fax: +49-5323-94014 | Registergericht: Amtsgericht Braunschweig HRB 110823 Email: zur.Nieden@xenet.de | Geschaeftsfuehrer: Matthias Meyser
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Mon, 14 Jul 2014 20:09:14 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.6k
Hello, On Monday, July 14, 2014 04:53:29 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > Am 12.07.2014, 23:23 Uhr, schrieb Mike McCauley via RT <bug-Net-
SSLeay@rt.cpan.org>: Show quoted text
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > > > Hello, > > > > Thanks for your report. > > Why does the count need to be changed? What bad effect are you seeing > > because of that? > > > > Cheers.
> > Hi, > > we used 'get_http' in a project with mixed requests to http and https for an > AJAX wrapper to an SAP-Service. One week ago we got errors on XML-requests > and after analyzing we realized that the XML-Response was truncated. Deeper > analysis in SSLeay.pm showed, that 'get_http' calls 'http_cat' in which a > too much and hard-coded limit in the call to 'tcp_read_all' leads to the > truncation. Our response including the header is 208126 Bytes, which leads > to invalid XML because of truncation to 200000 Bytes.
OK, now I understand. A fix has been applied in the latest SVN and will appear in the next release. Cheers. Show quoted text
> > Even the hard limit of 2000000000 for me seems to be unapropriate and it > would be nice to be able to set a Module-Variable for this limit, which can > be found hard-coded in 'ssl_read_all', 'tcp_read_all' and 'ssl_read_until'. > > Btw: is it correct, that in function 'tcpcat' the uninitialized variable > '$ssl' is given as read-limit-parameter in the call to 'tcp_read_all'?
Show quoted text
> > Mit freundlichem Gruß, > Hartwig zur Nieden
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.