Extra bucket brigade with just an EOS on an input filter at the end.

Sat, 07 Aug 2021 09:35:13 -0700 

In some code 
(https://source.redwax.eu/svn/redwax/rs/mod_cms_verify/trunk/mod_cms_verify.c) 
I have in input filter (that checks a PKCS#7 signature before passing the 
payload on to a proxy/cgi-script, etc).

I am testing this with:

        echo  "field1=foo&field2=bar” |\
                openssl cms -sign -signer /tmp/sign.cert -outform DER -stream  
|\
                 curl --data-binary @- -vvvv http://127.0.0.1:8080/show.cgi

Works well.

But I am seeing after all this going well an extra bucket brigade being passed; 
with 0 bytes. And I’d like to understand why.

Code is roughly 
((https://source.redwax.eu/svn/redwax/rs/mod_cms_verify/trunk/mod_cms_verify.c 
for the real McCoy):

  static apr_status_t _input_filter(ap_filter_t * f,  apr_bucket_brigade * 
bbout, ….
  {
    verify_config_rec *conf = ap_get_module_config(r->per_dir_config, 
&cms_verify_module);
    request_rec *r = f->r;

    bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);

    if (state == NULL)  {
        setup some state..
        state->pbb_tmp = apr_brigade_create(r->pool, c->bucket_alloc);
        ….
    }
    
    if (APR_BRIGADE_EMPTY(state->pbb_tmp)) {
        rv = ap_get_brigade(f->next, state->pbb_tmp, eMode, eBlock, nBytes);
        if (eMode == AP_MODE_EATCRLF || rv != APR_SUCCESS)
            return rv;
    }

    while (!APR_BRIGADE_EMPTY(state->pbb_tmp)) {
        apr_bucket *pbkt_in = APR_BRIGADE_FIRST(state->pbb_tmp);
        const char *data;
        apr_size_t len;

        if (APR_BUCKET_IS_EOS(pbkt_in)) {
            apr_bucket *pbkt_out = validate()..

            if (pbkt_out is valid) 
                    APR_BRIGADE_INSERT_TAIL(bbout, pbkt_out);

            APR_BRIGADE_INSERT_TAIL(bbout, 
apr_bucket_eos_create(r->connection->bucket_alloc));
            APR_BUCKET_REMOVE(pbkt_in);
            break;
        }

        rv = apr_bucket_read(pbkt_in, &data, &len, eBlock);
        if (rv != APR_SUCCESS)
            return rv;

        … add len bytes to a buffer

        apr_bucket_delete(pbkt_in);
    };
    return APR_SUCCESS;
   }

And mostly taken from mod_example.

What I am seeing is a first brigade with the POST content; with a terminating 
EOF. The bbout data makes it to the CGI script or (reverse) proxy. 

But I am then getting a second _input_filter call with a second brigade of just 
an EOS packet.

What causes that ? Or am I not running through the brigade properly ?

Dw

Reply via email to