Login/Register
is maxTotalHeaderLength working as expected?
Asked Answered
haskellyesodhaskell-warp
C

1

6

Warp has a settingsMaxTotalHeaderLength field which by default is 50*1024 : https://hackage.haskell.org/package/warp-3.3.10/docs/src/Network.Wai.Handler.Warp.Settings.html#defaultSettings

I suppose this means 50KB? But, when I try to send a header with ~33KB, server throws bad request:

curl -v -w '%{size_request} %{size_upload}' -H @temp.log localhost:8080/v1/version

Result:

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /v1/version HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.58.0
> Accept: */*
> myheader2: <big header snipped>
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Date: Wed, 22 Jul 2020 13:15:19 GMT
< Server: Warp/3.3.10
< Content-Type: text/plain; charset=utf-8
< 
* Closing connection 0
Bad Request33098 0

(note that the request size is 33098)

Same thing works with 32.5KB header file.

My real problem is actually that I need to set settingsMaxTotalHeaderLength = 160000 to send a header of size ~55KB. Not sure if this is a bug or I am misreading something?

Chalmer answered 22/7, 2020 at 13:22 Comment(1)
Just a guess: maybe the 33KB are raw bytes which are encoded using base64 or something similar, making the actual header larger?Colbert
E
2

Congratulations, it looks like you found a bug in warp. In the definition of push, there's some double-counting going on. Near the top, bsLen is calculated as the complete length of the header so far, but further down in the push' Nothing case that adds newline-free chunks, the length is updated as:

len' = len + bsLen

when bsLen already accounts for len. There are similar problems in the other push' cases, where start and end are offsets into the complete header and so shouldn't be added to len.

Ellamaeellan answered 22/7, 2020 at 23:0 Comment(1)
Thanks. Raised an issue here: github.com/yesodweb/wai/issues/807Chalmer

© 2022 - 2024 — McMap. All rights reserved.