canuonifeng / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

SkipFish network problems under Windows #83

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I have tried to run SkipFish against an IIS 6 web server from a Windows client 
with Cygwin, but responses from the server tended to be cut off at around 1000 
bytes. (The exact number varied randomly.)

After I added some debug printouts to http_client.c, it became evident that 
parse_response() never returns 1, as it should do when there is more to read, 
because, in my environment, it is always called with the parameter "more" set 
to 0. Which in turn is because every read attempt ends in an error condition 
that triggers "goto network_error," after which parse_response() is called with 
"more" set to 0.

I added "if (read_res < 0 && errno == EAGAIN) goto poll_again;" before line 
2052 of http_client.c (the "if ... goto network_error" line) and the label 
"poll_again:" after what used to be line 2062 (the "if ... goto SSL_read_more" 
line). This solved the problem, which I actually believe is not 
Windows-specific, although it may occur more often under Windows due to 
different block sizes for network reads.

Could someone please verify that these changes do not break anything and update 
the file accordingly?

Original issue reported on code.google.com by otto.gie...@halvarsson.se on 22 Jul 2010 at 5:27

GoogleCodeExporter commented 8 years ago
So what you are saying is that there is a POLLIN result on the socket, implying 
there is data to be read; but calling read() returns -1, EAGAIN on your system?

This is... unexpected. This is for HTTP traffic, correct?

Original comment by lcam...@gmail.com on 22 Jul 2010 at 6:47

GoogleCodeExporter commented 8 years ago
Oh, I see the problem. A proper fix would be:

          /* Retry reading until SSL_ERROR_WANT_READ. */

          if (c->proto == PROTO_HTTPS &&
              read_res && c->read_len < size_limit) goto SSL_read_more;

Let me know if this helps.

Original comment by lcam...@gmail.com on 22 Jul 2010 at 6:48

GoogleCodeExporter commented 8 years ago
Should be fixed in 1.52. Let me know.

Original comment by lcam...@gmail.com on 22 Jul 2010 at 6:51

GoogleCodeExporter commented 8 years ago
Thank you for the quick response. However, I forgot to point out that I tested 
with HTTP, not HTTPS. My quick fix did not take HTTPS into account at all. But 
if I understand the SSL_read() documentation correctly, there should not be a 
similar error in that case, so the fix in comment 2 should be perfect.

Original comment by otto.gie...@halvarsson.se on 22 Jul 2010 at 7:48