[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
- From: HyperHacker <hyperhacker@...>
- Date: Wed, 12 Oct 2011 20:44:09 -0600
On Wed, Oct 12, 2011 at 10:16, Sam Roberts <firstname.lastname@example.org> wrote:
> On Tue, Oct 11, 2011 at 10:36 PM, HyperHacker <email@example.com> wrote:
>> I can't seem to reproduce the missing-last-bytes issue except in my
>> server, which is rather large and complex for a testcase and is using
>> threading and the acceptfd patch. (I did test acceptfd in a smaller
>> script as well.) Who knows why that's happening.
> What's the acceptfd patch?
> Instrument the code with some cutting edge technology, printf, in the
> buffer sections to allow you to see what's happening, if you want to
> track this down. Make sure your threads aren't eating each other's
> data, and its not the CR/LFs that you are missing.
Well, each socket is only ever used by one thread.The design is pretty simple:
-Main thread accepts connections using acceptfd() (returns a file
descriptor number instead of a socket object), starts a thread, and
passes it the fd
-Child thread opens a socket from the fd, handles the request, and closes it
The child thread is basically doing sock = socket.tcp(fd);
sock:receive(n) for some n, and the last n bytes get dropped. Since
the socket isn't touched by any other thread, and all other socket I/O
(including using *l instead in the same place) works as expected, the
only potential causes I can see are some issue in LuaSocket (possibly
introduced by the patch) or some quite bizarre race condition breaking
Sent from my toaster.