Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not let Body read beyond its length #282

Merged
merged 1 commit into from
Nov 23, 2020
Merged

do not let Body read beyond its length #282

merged 1 commit into from
Nov 23, 2020

Conversation

jbr
Copy link
Member

@jbr jbr commented Nov 15, 2020
edited
Loading

this logic is currently handled in several places in async-h1, but it should be the responsibility of Body to ensure that if it has a set length, it will not read beyond that length.

I believe this is semver-patch, unless we consider "reading past set body length" intended behavior

@jbr jbr force-pushed the body-do-not-read-past-length branch from 7907ebe to 892daba Compare November 15, 2020 02:05
@jbr jbr force-pushed the body-do-not-read-past-length branch from 892daba to 91e19bc Compare November 15, 2020 02:08
jbr
jbr commented Nov 15, 2020
View reviewed changes
src/body.rs
Pin::new(&mut self.reader).poll_read(cx, buf)
let mut buf = match self.length {
None => buf,
Some(length) if length == self.bytes_read => return Poll::Ready(Ok(0)),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line is an optional optimization and could be removed if it makes the code more readable to do so. i was on the fence about this tradeoff

Fishrock123
Fishrock123 reviewed Nov 16, 2020
View reviewed changes
src/body.rs
Some(length) if length == self.bytes_read => return Poll::Ready(Ok(0)),
Some(length) => {
let max_len = (length - self.bytes_read).min(buf.len());
&mut buf[0..max_len]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this panic if the body has more bytes than it specifies?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope, there's a test for that. we just won't read them from the underlying Read, which is the correct behavior for keepalive

Copy link
Member Author

@jbr jbr Nov 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line limits the length of the mutable slice that we pass into the inner read implementation, effectively telling it "give me a maximum of max_len bytes"

@jbr jbr merged commit 066dec9 into http-rs:main Nov 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fishrock123 Fishrock123 Fishrock123 left review comments

@yoshuawuyts yoshuawuyts Awaiting requested review from yoshuawuyts

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jbr @Fishrock123