[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3908: Detect invalid HTTP storage server responses early, close request

Tahoe-LAFS trac at tahoe-lafs.org
Mon Jan 23 14:16:10 UTC 2023 

#3908: Detect invalid HTTP storage server responses early, close request
-----------------------------+--------------------------------------
     Reporter:  itamarst     |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  HTTP Storage Protocol v2
    Component:  unknown      |    Version:  n/a
   Resolution:               |   Keywords:
Launchpad Bug:               |
-----------------------------+--------------------------------------
Changes (by itamarst):

 * milestone:  HTTP Storage Protocol => HTTP Storage Protocol v2


Old description:

> When downloading shares, if the Content-Length/Content-Range of a
> response doesn't match requested body length (too short means we were
> wrong about what server has in terms of length, or server bug, too long
> means server bug), we should probably just give up early.
>
> This depends on #3907; currently we knowingly send non-matching lengths,
> so that needs to be fixed first.
>
> It also depends on https://github.com/twisted/treq/issues/347 to make
> this possible at all.
>
> Implementation: when deliverBody() happens the passed-in protocol gets
> access to the transport, allowing us to close the connection.

New description:

 When downloading shares, if the Content-Length/Content-Range of a response
 doesn't match requested body length (too short means we were wrong about
 what server has in terms of length, or server bug, too long means server
 bug), we should probably just give up early.

 This depends on #3907; currently we knowingly send non-matching lengths,
 so that needs to be fixed first.

 It also depends on https://github.com/twisted/treq/issues/347 to make this
 possible at all. This has been fixed, but requires a 2023 release of Treq.

 Implementation: when deliverBody() happens the passed-in protocol gets
 access to the transport, allowing us to close the connection.

--

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3908#comment:2>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list