Re: Malformed request shuts down httpd
On 28.11.2014 22:51, Ezequiel Garzon wrote: Thanks for all the replies. Ville, I'm using -release, on the i386 architecture... inside a VPS. I can gather from the replies that indeed httpd is changing quite fast right now, so it doesn't seem very useful to report on -release. (In fact, apologies for my question a few days ago on the Last-Modified header: I can see in the -current changelog that it has already been implemented.) Maybe I'll roll up my sleeves and learn how to have a -current system. binary upgrade to latest snapshot from downloaded snapshot bsd.rd sysmerge check current.html change your PKG_PATH to point to snapshot packages pkg_add -ui Thanks, Stuart, too. I didn't now my malformed example was not malformed after all! Cheers, Ezequiel
Re: Malformed request shuts down httpd
On 28 November 2014 at 13:26, Ezequiel Garzon m...@ezequiel-garzon.net wrote: Hello! I know a lot is happening to httpd lately, so maybe this is not an issue anymore. I've noticed that a malformed HTTP request such as $ printf 'GET /file\r\n\r\n'| nc myhost 80 doesn't just silently fail, but rather shuts down httpd. My /etc/httpd.conf is minimal: server default {listen on egress port 80} Has anybody else tried this? Thanks and cheers, Ezequiel Hello Ezequiel, is that on release, stable or in current and on which hardware architecture? -- Thanks, Ville
Re: Malformed request shuts down httpd
Ezequiel Garzon wrote : Hello! I know a lot is happening to httpd lately, so maybe this is not an issue anymore. I've noticed that a malformed HTTP request such as $ printf 'GET /file\r\n\r\n'| nc myhost 80 doesn't just silently fail, but rather shuts down httpd. My /etc/httpd.conf is minimal: server default {listen on egress port 80} Has anybody else tried this? Thanks and cheers, Ezequiel No crash in current, I get a HTTP/1.0 500 Internal Server Error response from the server. However in the server logs I get different error messages as I repeat the request: Undefined error: 0 (500 Internal Server Error) then: Resource temporarily unavailable (500 Internal Server Error) then: No such file or directory (500 Internal Server Error) That doesn't sound right. -b
Re: Malformed request shuts down httpd
On 2014-11-28, Ezequiel Garzon m...@ezequiel-garzon.net wrote: Hello! I know a lot is happening to httpd lately, so maybe this is not an issue anymore. I've noticed that a malformed HTTP request such as $ printf 'GET /file\r\n\r\n'| nc myhost 80 doesn't just silently fail, but rather shuts down httpd. My /etc/httpd.conf is minimal: server default {listen on egress port 80} Has anybody else tried this? Thanks and cheers, Ezequiel httpd in 5.6 was very early code, I think this problem should be fixed in http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig BTW, this is not malformed, it's a valid HTTP 0.9 request.
Re: Malformed request shuts down httpd
I upgraded to 5.6-STABLE (amd64) on November 26th and when I ran this against my httpd instance it returned: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head title500 Internal Server Error/title style type=text/css!-- body { background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; } --/style /head body h1Internal Server Error/h1 div id='m'/div hraddressOpenBSD httpd at {ADDRESSREMOVED} port 80/address /body /html httpd process still running happily, and valid pages are still being served. - Eric On Nov 28, 2014, at 3:26 AM, Ezequiel Garzon m...@ezequiel-garzon.net wrote: Hello! I know a lot is happening to httpd lately, so maybe this is not an issue anymore. I've noticed that a malformed HTTP request such as $ printf 'GET /file\r\n\r\n'| nc myhost 80 doesn't just silently fail, but rather shuts down httpd. My /etc/httpd.conf is minimal: server default {listen on egress port 80} Has anybody else tried this? Thanks and cheers, Ezequiel
Re: Malformed request shuts down httpd
Thanks for all the replies. Ville, I'm using -release, on the i386 architecture... inside a VPS. I can gather from the replies that indeed httpd is changing quite fast right now, so it doesn't seem very useful to report on -release. (In fact, apologies for my question a few days ago on the Last-Modified header: I can see in the -current changelog that it has already been implemented.) Maybe I'll roll up my sleeves and learn how to have a -current system. Thanks, Stuart, too. I didn't now my malformed example was not malformed after all! Cheers, Ezequiel