Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 97044
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: zur.Nieden [...] xenet.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.65

History Show all quoted text
  Tue Jul 08 02:59:20 2014 zur.Nieden [...] xenet.de - Ticket created
Subject: wrong limited read in http_cat
Date: Tue, 08 Jul 2014 08:58:57 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: "Hartwig zur Nieden" <zur.Nieden [...] xenet.de>
in SSLeay.pm, v1.64, line 1205 in function 'http_cat' it says ($got, $errs) = tcp_read_all(200000); which seems to be a remaining hard-limit for maximum number of read bytes for tcp_read_all. It should read: ($got, $errs) = tcp_read_all(); so the basic limit of 2000000000 Bytes ist used. Sorry if this report does not apply to any rules; it's my first bug-report :-) Greetings, Hartwig zur Nieden -- Hartwig zur Nieden | XeNET GmbH Telefon: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40 Fax: +49-5323-94014 | Registergericht: Amtsgericht Braunschweig HRB 110823 Email: zur.Nieden@xenet.de | Geschaeftsfuehrer: Matthias Meyser
  Sat Jul 12 17:23:45 2014 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Sun, 13 Jul 2014 07:23:31 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hello, Thanks for your report. Why does the count need to be changed? What bad effect are you seeing because of that? Cheers. On Tuesday, July 08, 2014 02:59:21 AM you wrote: Show quoted text
> Tue Jul 08 02:59:20 2014: Request 97044 was acted upon. > Transaction: Ticket created by zur.Nieden@xenet.de > Queue: Net-SSLeay > Subject: wrong limited read in http_cat > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: zur.Nieden@xenet.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > > in SSLeay.pm, v1.64, line 1205 in function 'http_cat' it says > > ($got, $errs) = tcp_read_all(200000); > > which seems to be a remaining hard-limit for maximum number of read bytes > for tcp_read_all. It should read: > > ($got, $errs) = tcp_read_all(); > > so the basic limit of 2000000000 Bytes ist used. > > > Sorry if this report does not apply to any rules; it's my first bug-report > :-) > > Greetings, > Hartwig zur Nieden
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Sat Jul 12 17:23:46 2014 The RT System itself - Status changed from 'new' to 'open'
  Mon Jul 14 04:53:28 2014 zur.Nieden [...] xenet.de - Correspondence added
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Mon, 14 Jul 2014 10:52:58 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: "Hartwig zur Nieden" <zur.Nieden [...] xenet.de>
Am 12.07.2014, 23:23 Uhr, schrieb Mike McCauley via RT <bug-Net-SSLeay@rt.cpan.org>: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > Hello, > > Thanks for your report. > Why does the count need to be changed? What bad effect are you seeing because > of that? > > Cheers.
Hi, we used 'get_http' in a project with mixed requests to http and https for an AJAX wrapper to an SAP-Service. One week ago we got errors on XML-requests and after analyzing we realized that the XML-Response was truncated. Deeper analysis in SSLeay.pm showed, that 'get_http' calls 'http_cat' in which a too much and hard-coded limit in the call to 'tcp_read_all' leads to the truncation. Our response including the header is 208126 Bytes, which leads to invalid XML because of truncation to 200000 Bytes. Even the hard limit of 2000000000 for me seems to be unapropriate and it would be nice to be able to set a Module-Variable for this limit, which can be found hard-coded in 'ssl_read_all', 'tcp_read_all' and 'ssl_read_until'. Btw: is it correct, that in function 'tcpcat' the uninitialized variable '$ssl' is given as read-limit-parameter in the call to 'tcp_read_all'? Mit freundlichem Gruß, Hartwig zur Nieden -- Hartwig zur Nieden | XeNET GmbH Telefon: +49-5323-9489050 | 38678 Clausthal-Zellerfeld, Marktstrasse 40 Fax: +49-5323-94014 | Registergericht: Amtsgericht Braunschweig HRB 110823 Email: zur.Nieden@xenet.de | Geschaeftsfuehrer: Matthias Meyser
  Mon Jul 14 06:09:25 2014 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #97044] wrong limited read in http_cat
Date: Mon, 14 Jul 2014 20:09:14 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Hello, On Monday, July 14, 2014 04:53:29 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > Am 12.07.2014, 23:23 Uhr, schrieb Mike McCauley via RT <bug-Net-
SSLeay@rt.cpan.org>: Show quoted text
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=97044 > > > > > Hello, > > > > Thanks for your report. > > Why does the count need to be changed? What bad effect are you seeing > > because of that? > > > > Cheers.
> > Hi, > > we used 'get_http' in a project with mixed requests to http and https for an > AJAX wrapper to an SAP-Service. One week ago we got errors on XML-requests > and after analyzing we realized that the XML-Response was truncated. Deeper > analysis in SSLeay.pm showed, that 'get_http' calls 'http_cat' in which a > too much and hard-coded limit in the call to 'tcp_read_all' leads to the > truncation. Our response including the header is 208126 Bytes, which leads > to invalid XML because of truncation to 200000 Bytes.
OK, now I understand. A fix has been applied in the latest SVN and will appear in the next release. Cheers. Show quoted text
> > Even the hard limit of 2000000000 for me seems to be unapropriate and it > would be nice to be able to set a Module-Variable for this limit, which can > be found hard-coded in 'ssl_read_all', 'tcp_read_all' and 'ssl_read_until'. > > Btw: is it correct, that in function 'tcpcat' the uninitialized variable > '$ssl' is given as read-limit-parameter in the call to 'tcp_read_all'?
Show quoted text
> > Mit freundlichem Gruß, > Hartwig zur Nieden
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Wed Aug 27 19:35:38 2014 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'
  Wed Aug 27 19:35:38 2014 MIKEM [...] cpan.org - Taken
  Wed Aug 27 19:35:39 2014 MIKEM [...] cpan.org - Fixed in 1.65 added