fix(client): don't reject CONNECT tunnel responses split across reads#300
Open
chatman-media wants to merge 1 commit into
Open
fix(client): don't reject CONNECT tunnel responses split across reads#300chatman-media wants to merge 1 commit into
chatman-media wants to merge 1 commit into
Conversation
The proxy tunnel handshake in `Tunnel::call` matches the status line against the raw bytes from each individual `read()`, so if a proxy's "HTTP/1.1 200 OK" response happens to arrive in more than one TCP segment, the first partial read (e.g. just "HTTP/1.1 2") doesn't match any of the expected prefixes and gets rejected as TunnelUnsuccessful right away, even though the rest of the response is on its way. Added tests covering a valid response split across two reads (should now succeed) and a genuinely bad response also split across reads (should still fail promptly, not hang waiting for more data).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The tunnel handshake in
client::legacy::connect::proxy::Tunnelmatches the proxy's status line against whatever bytes came back from the lastread(), so if "HTTP/1.1 200 OK" happens to arrive split across two TCP segments, the first partial read (say, just "HTTP/1.1 2") doesn't match any of the expected prefixes and the whole thing bails out withTunnelUnsuccessful— even though a valid response is still on its way. Loopback tests never catch this since a singlewrite_allalmost always shows up as oneread, but real proxies over a real network can and do split responses like this.Fix just checks whether what we've got so far could still turn into a recognized status line before giving up, instead of only checking for a full/exact prefix match. Added a test that writes the response in two separate flushed writes with a delay in between (fails without the fix, passes with it), plus a test that a genuinely bad response split the same way still gets rejected promptly rather than hanging.