Hi Paul, sorry for delay. Thanks for this patch, committed to svn.
Regards, Alexander Malysh Am 8. März 2021, 06:03 +0100 schrieb Paul Bagyenda <bagye...@dsmagic.com>: > Hi, > > GWLIB's Connection module has a bug relating to how it handles large > data reads over SSLed connections. > > The issue lies in the function unlocked_read() in conn.c, which is > called in several places to read from the underlying socket/file > descriptor. Typical usage in HTTPS transactions is as follows: > 1. http module polls the socket for inbound data. The callback then > issues a conn_read_* call on the underlying connection object. > conn_read_fixed() is used to read HTTPS POST bodies. > 2. unlocked_read() is called if there isn't sufficient data in the > Connection object buffer. However this only reads up to 4k bytes, and > then returns, leaving it up the upper level poller to detect if there > is more data to be read (and in turn call conn_read_* again). > This is where the problem arises: For SSLed connections, openssl may > buffer some data internally, and so reading only 4k bytes and then > waiting for the next poller call can result in a timeout on the sender > side while we still have data in the openssl read buffer. We tripped > over this issue with Mbuni. > > The patch below is a suggested fix. > > Thanks > > Paul.
