Re: httpd socket leak - Re: httpd ranges are not liked by freshclam
On Thu, Apr 05, 2018 at 08:59:56AM +0200, Florian Obser wrote: > > this fixes it for me, instead of goto done we could also set > clt->clt_done = 1; but at this point it means the same, I think... > > diff --git server_http.c server_http.c > index 414e297f082..53e78b62f31 100644 > --- server_http.c > +++ server_http.c > @@ -701,6 +701,8 @@ server_read_httprange(struct bufferevent *bev, void *arg) > r->range_index++; > break; > case TOREAD_HTTP_NONE: > + goto done; > + break; Doubt you need the break here. That break is not reached. > case 0: > break; > } > > > -- > I'm not entirely sure you are real. > -- :wq Claudio
Re: httpd socket leak - Re: httpd ranges are not liked by freshclam
On Thu, April 5, 2018 2:59 am, Florian Obser wrote: > > this fixes it for me, instead of goto done we could also set > clt->clt_done = 1; but at this point it means the same, I think... > > diff --git server_http.c server_http.c > index 414e297f082..53e78b62f31 100644 > --- server_http.c > +++ server_http.c > @@ -701,6 +701,8 @@ server_read_httprange(struct bufferevent *bev, void > *arg) > r->range_index++; > break; > case TOREAD_HTTP_NONE: > + goto done; > + break; > case 0: > break; > } > > > -- > I'm not entirely sure you are real. > Yes. This seems to be all that's needed. Freshclam is happy, and my curl tests work as expected. I did an install from my internal mirror, pkg_add-ed a couple things, and pkg_info-ed a couple other things. Thanks for digging in with me. This would have taken me a while to figure out. Tim.
Re: httpd socket leak - Re: httpd ranges are not liked by freshclam
On Wed, 4 Apr 2018 23:58:05 +0100 > TBH I'd probably just disable range processing like done in > https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig > for now, neither memory exhaustion nor FD leak are particularly > appealing. I believe this broke html5 video for atleast some if not all apple products that in their wisdoom decided a connection not working at all was better than one that would work even in patchy network conditions, ;) i.e. no byte range support for video, connection closed.
Re: httpd socket leak - Re: httpd ranges are not liked by freshclam
this fixes it for me, instead of goto done we could also set clt->clt_done = 1; but at this point it means the same, I think... diff --git server_http.c server_http.c index 414e297f082..53e78b62f31 100644 --- server_http.c +++ server_http.c @@ -701,6 +701,8 @@ server_read_httprange(struct bufferevent *bev, void *arg) r->range_index++; break; case TOREAD_HTTP_NONE: + goto done; + break; case 0: break; } -- I'm not entirely sure you are real.
Re: httpd socket leak - Re: httpd ranges are not liked by freshclam
On 2018/04/04 18:42, trondd wrote: > On Wed, April 4, 2018 10:02 am, trondd wrote: > > Bringing this back up from the depths. I kept rolling back to older > httpd > > code and forgetting about this :( > > I still see this issue in 6.3 A new packet cap look the same. > > Ok, I was able to do some more digging into this. httpd does not close > the socket after the range request completes. > > fstat will show the socket remaining open. A linux client will show the > socket in FIN_WAIT2 with netstat. One of the mirror admins has been having trouble with a leak connected with range requests in httpd for ages. He mostly doesn't suffer too much now that he's using letsencrypt for which he's doing a full restart of httpd to load new certs... TBH I'd probably just disable range processing like done in https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig for now, neither memory exhaustion nor FD leak are particularly appealing.