Closed Bug 115308 Opened 23 years ago Closed 23 years ago

[viewpoint] HTTP POST does not handle binary data

Categories

(Core Graveyard :: Plug-ins, defect, P1)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.9

People

(Reporter: sdreier, Assigned: srgchrpv)

References

Details

(Whiteboard: ETA: 01/14/02; on the trunk)

Attachments

(6 files, 4 obsolete files)

testcase showing binary data posting via files and raw data
491.31 KB, application/x-zip-compressed
Details
it has NPSWF32.dll(flash6 plugin for netscape), a test flash6 movie,a text file,a readme file.
364.91 KB, application/x-zip-compressed
Details
This is a new attachment(please discard attachment for 62207). it has NPSWF32.dll(flash6 plugin for netscape), a test flash6 movie,a text file,a readme file.
379.83 KB, application/x-zip-compressed
Details
v4 for 01-15-02 trunk, which addresses all Brain's comments
24.36 KB, patch
bnesse
: review+
Details | Diff | Splinter Review
v5 the same as v4, with PR_snprintf, and manor changes in nsPluginHostImpl::ParsePostBufferToFixHeaders()
24.83 KB, patch
bnesse
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
results comparison CS/Talon vs N6094 vs N4.78
2.67 KB, text/plain
Details 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; YUBC VeXi; 
T312461)
BuildID:    Mozilla 5.0 Gecko/20011019

When using NPN_PostURLNotify() and sending "\x0Hello World" as content, the 
content is not sent.  This works fine on other browsers (ie5.0,ie5.5,ie6.0, 
NS4.x).  If I ommit the leading 0, it works fine, but then it's not binary data 
anymore.

Reproducible: Always
Steps to Reproduce:
1.Set up a capture program to view TCP/IP transactions
2.Send some binary POST data.
3.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OK, there's something to this bug, and since it's a blocker for Flash, I'm
adding all the keywords.  NPN_PostURLNotify( ) is NPAPI stuff -- Darin, if you
rule out Necko, then we ought to hand this one off.  But I'm slapping an
edt0.9.4 and a mozilla0.9.7 since the importance of this bug warrants the keywords.
Keywords: edt0.9.4, mozilla0.9.7
Argh, I'm also nsbranching this one.  Shoot me if nsbranch is a relic.
Keywords: nsbranch
this is a problem in the plugins code... over to plugins.
Assignee: darin → av
Component: Networking: HTTP → Plug-ins
QA Contact: tever → shrir
Scott, I just fixed this in bug 108966. Please try a build from this afternoon
or Monday morning.

*** This bug has been marked as a duplicate of 108966 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
v d
Status: RESOLVED → VERIFIED
minusing, this was fixed elsewhere.
Keywords: edt0.9.4edt0.9.4-
After talking with Shrirang, since this (115308) was marked dup of 108966,
108966 got fixed,but this one still doesn't work, so this is not duplicated with
108966. I  try to post http requests to Jrun server, didn't see any requests
through tcpmon, so reopen it.

Thanks.
Jody
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Jody, can you post a link to your testcase or attach it here? It seems to be
working for me but there may have been a quirk in 4.x that I missed...

I've attached a testcase with two tester plugins showing us POSTing binary
data. Use only one at a time.
a testcase showing no http request is post.
-->peterl and renominating....
Assignee: av → peterl
Status: REOPENED → NEW
Keywords: edt0.9.4-edt0.9.4
missed mozilla0.9.7 but still edt0.9.4
Status: NEW → ASSIGNED
Keywords: mozilla0.9.7, nsbranch
Will plus 094 once fixed and verified om the trunk.
Severity: major → critical
Keywords: testcase
Priority: -- → P1
Jody,

The zip file you attached was missing the movie file (bug.swf) and I saw no
NPN_PostURL calls. Could you double check the testcase to make sure everything
is there.

Also, it possible, it would really help if you could look in the debugger and
take note of the values of the arguments being passed to NPN_PostURL. Knowing
that the exact arguments would really help in reproducing. Thanks!
Keywords: testcaseqawanted
-->av
Assignee: peterl → av
Status: ASSIGNED → NEW
with test case from attachment 63128 [details] 
when I stop into
_posturlnotify(_NPP * 0x01057750, const char * 0x00186c38, const char * 
0x00000000, unsigned long 402, const 
char * 0x03ce2110, unsigned char 0, void * 0x00000003) line 765 + 56 bytes
NPSWF32_6! NP_Shutdown + 185 bytes
NPSWF32_6! NP_Shutdown + 9683 bytes
NPSWF32_6! native_ShockwaveFlash_TCallFrame + -41978 bytes
NPSWF32_6! native_ShockwaveFlash_TCallFrame + -42229 bytes
....
I got
len == unsigned long 402
const char *buf ==:
03CE2110  43 6F 6E 74 65 6E 74 2D 74 79 70 65 3A 20 61 70 70 6C 69 63 61 74 69 
6F 6E 2F 78 2D 6D 6D 
2D 66  Content-type: application/x-mm-f
03CE2130  6D 66 0A 43 6F 6E 74 65 6E 74 2D 6C 65 6E 67 74 68 3A 20 33 34 34 0A 
0A 00 00 00 00 00 02 
00 30  mf.Content-length: 344.........0
which is incomplete header and NS_NewPluginPostDataStream() fails on 
    157       if (!(crlf = PL_strnstr(data, "\r\n\n", contentLength))) {
    158         nsMemory::Free(newBuf);
    159         return NS_ERROR_NULL_POINTER;
    160       }
...
there is no "\x0Hello World" in there, 
did I miss something, what is the content?
Should we be looking for \n\n as the marker for the end of the header instead of
\r\n\n?

See bug 60228 for the orrignal source of that code.
Serge has a hand on it. Reassigning, please feel free to bounce it back to me.
Assignee: av → serge
according to the 4.x spec 
http://developer.netscape.com/docs/manuals/communicator/plugin/pgfn2.htm#1007763
>NPN_PostURLNotify supports specifying headers when posting a memory buffer. 
below line #1007754
>For protocols in which the headers must be distinguished from the body, such as 
>HTTP, the buffer or file should
>contain the headers, followed by a blank line, then the body. If no custom 
>headers are required, simply add a blank
>line ('\n') to the beginning of the file or buffer. 
So do we have to check for single '\n', "\n\n" or "\r\n\n"?
From HTTP1.1 spec:

        generic-message = start-line
                          *(message-header CRLF)
                          CRLF
                          [ message-body ]
        start-line      = Request-Line | Status-Line

So, looks like each header should be terminated with CRLF. In addition, one more 
CRLF should be added to the end of the last header.

So, I see it like this: 

1. if we see '\n' and some char following, that means there is no header. We 
should replace it with "\r\n"

2. if we see "\r\n\n" or "\n\n" this probably means somebody wrongfully 
indicated the end of the headers, and we should fix it with "\r\n\r\n" again

3. I think we also should fix all previous occurences of a single '\n' between 
headers

Serge, can you try this and if it fixes the problem?
...and SEE if it fixes the problem?

I can imaging why this is happenning. The Plugin doc says "\n" so people do just 
that. The HTTP spec says "\r\n" and Necko probably expects it exactly in this 
form. Does it make sense to anybody?
it's good to use \r\n, but traditionaly \n is okay too.  mixing them can be
problematic and probably confuses more than just a couple servers out there.
Wow, we really need to do a lot of fix up on the raw headers before passing them
to Necko. I wonder if something else can already do this for us, Darin?

If not, |NS_NewPluginPostDataStream| will need to be smart enough fix up the
stream like Andrei says in comment #20. The NPAPI spec says one thing and the
HTTP sepc says another and we need to be prepared for all kinds of input.
Attached patch patch v1 (obsolete) — Splinter Review 

    
    

    
  
Serge, would you please explain what the patch does? This will be useful for 
those who just wants to know what we are doing not going into implementation 
details.

    
    

    
  
Well, I've just slightly changed peter's implementation (attachment 62115 [details] [diff] [review] for 
bug #108966) of NS_NewPluginPostDataStream(),
it does handle "\n\n" as end of http headers and first single '\n' as buffer w/o 
headers.
Peter, could you take a look on the patch, please?

    
    

    
  
Comment on attachment 63929 [details] [diff] [review]
patch v1

r=peterl

        Attachment #63929 -
        Flags: review+

    
    

    
  
peter: AFAIK there aren't any utility functions in the code base that you can
use to perform this fixup.

    
    

    
  
Comment on attachment 63929 [details] [diff] [review]
patch v1

sr=darin

but, this function should really be added as a method on some service.
NS_NewPluginPostDataStream should really be a lightweight wrapper function
instead.

        Attachment #63929 -
        Flags: superreview+

    
    

    
  
We are having a related plugin with our viewpoint windowless plugin.  I am not 
sure if it should be a different bug.
I post using NPN_PostURLNotify.  I applied the patch mentioned in this bug.  I 
am posting data- just some text (eg abcdefg).  I prepend it with \n, so the 
data I put in is "\nabcdefg".  The data gets posted to the server, which 
responds with a 400.  I look using a TCP peek program, and the problem seems to 
be that NONE of the http headers are there.  There is no POST, no http 1.1, no 
url.
Is there anything obvious that comes to mind? I will put together a test case 
ASAP.
I am working on the .9.4 branch.

    
    

    
  
Ari, you are right, without Content-length: header POST request is not going to 
work. We have to add that header if there is no one, that is easy,
but what about Content-type: do we have to add  it as "text/html" if it's 
missing? 
Darin what do you think?
Thanks.

    
    

    
  
I had an impression that Necko should care of this if the |postHeaders| is null.

    
    

    
  
it's important that the content-length be specified.  otherwise, the server
won't know the length of the http request and therefore won't know when the
request has been completely sent.

the content-type header on the other hand is probably not so essential.  does
the plugin API even provide a way for the plugin to specify the content-type?  i
think it's probably safe to leave out a content-type header if the plugin fails
to provide one in the plugin data stream.

    
    

    
  
The code eventualy calls 
nsILinkHandler::OnLinkClick(..., postDataStream, postHeadersStream)

Here is my vision of how it works.

Before it comes to it a plugin can tell us that it has a header in a separate 
buffer (e.g. Java plugin). In this case we create two streams: for the raw data 
and the headers and pass them to the link handler.

Legacy plugins however do not have this kind of access, well they actualy do, 
but they cannot do this via NPAPI, so they give us a buffer which may or may not 
content headers. In the code which is being fixed in this bug we try to find the 
headers and fix them if they are not up to the spec. Whether there are headers 
or not we now create only one stream -- |postDataStream|, which will include 
headers in itself and pass |null| in place of |postHeadersStream|

If all this is correct, it does not look right to me. I would expect 
|OnLinkClick| to create headers for me if the |postHeadersData| is |null|. This 
is OK if the data from the plugin is just a raw data but we don't want more 
headers if the data already contain them.

Looks like the logic in |nsPluginInstanceOwner::PostURL| should be rewritten. We 
shuold probably separate the headers (if found) from the data and pass them 
separately to the link handler. If not found, the link handler will create some 
default headers for us (should it?).

Darin, does it make sense?

    
    

    
  
The last two paragraphs in my last comment are probably not quite accurate. The 
standard header should be added by Necko in any case. Any additional headers the 
plugin wants to add can be done either as a separate buffer or as a part of the 
data buffer. We just need to make sure all CR and LF chars are in appropriate 
places.

    
    

    
  
That is right, I'm writing data buffer parser,
which  should be smart enough to figure out end of headers, if header separator 
is LF change it to CRLF, because our standard headers use it,
and if there is no content-length header add it to the stream.
Definitely this parser should be implemented as a method of some service,
the question is which one, av, peterl any suggestions?
BTW: in current implementation every thing work fine when content-length header 
is present, headers separator is CRLF and end of headers is CRLFCRLF.

    
    

    
  
As folks like chofmann and others are looking to plan some embedding stuff off
of the branch, they need eta data.
Whiteboard: need eta

    
    

    
  
I'm going to post new patch probably tomorrow, so ETA: 01/14/02
Whiteboard: need eta → ETA: 01/14/02

    
    

    
  
I run into some discrepancy for POST url as file, I have not figure out how we 
add content len header and CRLFCRLF as end of http headers to the post data 
stream. Does it work before?
Investigating... 

    
    

    
  
Files go down a different code path, through NS_NewPostDataStream which creates
an instance of the LocalFileInputStream component so it may be harder to do the
fixup, if needed?

    
  
Summary: HTTP POST does not handle binary data → [viewpoint] HTTP POST does not handle binary data

    
    

    
  


  
av, peter would you please take a look on this, thanks.

    
  

        Attachment #63929 -
        Attachment is obsolete: true

    
    

    
  
Darin, who should be responsible for adding content-length header? I think we 
should be consistent on this. I talked to gagan and he said that there was a 
discussion that Necko side should evaluate the length of the data and take care 
of the header. What is the latest?

Another question. |nsILinkHandler::OnLinkClick| takes post data stream and 
headers stream. Post data may or may not contain headers, headers stream may or 
may not be present at all. Are all of those cases accounted for?

    
    

    
  
take a look at the implementation in nsHttpChannel::SetUploadStream.

necko doesn't know if the given nsIInputStream contains headers or not, so if in
the call to:

SetUploadStream(in nsIInputStream, in string contentType, in long contentLength)

contentType is null, necko will assume that the input stream contains all
necessary headers as well as the required header/body line break.

if contentType is not-null, then necko will assume that the input stream
contains only the message body (w/o any headers).  then necko will use the
specified contentType and contentLength to set appropriate request headers.


    
    

    
  
> contentType is null, necko will assume that the input stream contains all
> necessary headers

By 'all' -- do you mean ALL, even standard headers?

    
    

    
  
i mean that the stream must contain at least Content-Type and Content-Length
headers.  the usual request headers will be automatically sent first.

    
    

    
  
well, the patches for bugs 112479 119625 (with implementation Darin described)
are not on the 0.9.4 branch, we can't use it in there anyway.

    
  

        Attachment #64910 -
        Attachment is obsolete: true

    
  
Whiteboard: ETA: 01/14/02 → ETA: 01/14/02; have a patch, needs review

    
  
Blocks: 119979

    
  

        Attachment #64950 -
        Attachment is obsolete: true

    
    

    
  
can we get r/sr on this?

    
    

    
  
In nsPluginHostImpl::PostURL() it appears that the incoming argument |postData|
is replaced with either |tmpFileName| or |newDataToPost| at the bottom, if
|isFile| is true, this is freed. This seems prone to a) leaking the original
contents of  |postData| and b) returning a deleted pointer... both concern me.

In ParsePostBufferToFixHeaders()
+  const char *pEod = inPostData + inPostDataLen;
+    while (s <= pEod) {
Is the buffer 0 terminated (i.e. 1 byte longer than inPostDataLen?) if not, you
could read past the end of the buffer here...

+      if (!pSCntlh && 
+          (*s == 'C' || *s == 'c') && 
+          (s + sizeof(ContentLenHeader) - 1 <= pEod) &&
[snipped]
+        s += sizeof(ContentLenHeader);
This seems dangerous also, if size - 1 == pEod s + size is past the buffer end.

In CreateTmpFileToPost()
+  nsCOMPtr<nsILocalFile> file = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
+  if (NS_FAILED(rv) || 
+    (NS_FAILED(rv = file->SetURL(postDataURL)) && NS_FAILED(rv =
file->InitWithPath(postDataURL))) ||
This doesn't compile on the Mac... I don't think SetURL is a member of
nsILocalFile...


    
    

    
  
Thank you Brain for quick review.
>This seems prone to a) leaking the original
>contents of  |postData| and b) returning a deleted pointer... both concern me
I do free only memory I've alloced in rv = CreateTmpFileToPost(postData, 
&tmpFileName) call
original contents of  |postData| is (const char*) and we cannot modify it.

>+    while (s <= pEod) {
You are right, probably I wa plaing with '\n' case at start of buffer, or 
something..:(
I'll chahge all <= pEod to < pEod
>+        s += sizeof(ContentLenHeader);
it's going to be +        s += sizeof(ContentLenHeader) -1;

>This doesn't compile on the Mac... I don't think SetURL is a member of 
nsILocalFile
the patch (attachment 64164 [details] [diff] [review]) for bug 100212 remove "URL" attribute from 
nsIFile.idl
I'm going to change it for the trunk, but it should be still valid in 0.9.4 
branch

    
    

    
  
>I do free only memory I've alloced in rv = CreateTmpFileToPost(postData, 
>&tmpFileName) call original contents of  |postData| is (const char*) and we
>cannot modify it.
This is true, but the memory allocated by this call (in the !isFile case)
+    ParsePostBufferToFixHeaders(postData, postDataLen, &newDataToPost,
&newDataToPostLen);
is not freed because:
+      if (isFile && postData) {
+        nsCRT::free((char*)postData);
+      }

It seems to me that the code would more readable if you simply got the new name
into a common local variable in both cases instead of trying to reuse the input
argument.


    
    

    
  
we are using nsIStringInputStream::adoptData(char *data, int length)
to set the stream, on destroy stream calls nsMemory::Freei() for data.
>It seems to me that the code would more readable if you simply got the new 
>name...
I agree.



    
    

    
  
Ok, I think I see it... that is absolutely screaming for some comments to
explain why we appear to be not releasing memory, etc. Thanks for clearing it up
for me.

    
  

        Attachment #64967 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 65125 [details] [diff] [review]
v4 for 01-15-02 trunk, which addresses all Brain's comments

+  PRInt64 fileSize;
[snip]
+  if (fileSize != 0) {
You should use the LL_ macros (i.e. LL_IS_ZERO(fileSize)) when using 64 bit
ints to insure no XP issues.

With that fix. r=bnesse.

        Attachment #65125 -
        Flags: review+

    
    

    
  
>You should use the LL_ macros (i.e. LL_IS_ZERO(fileSize))
will do so, thanks Brian.

    
    

    
  
Three minor things after I looked at the patch briefly (sorry, had absolutely no 
chance to do it earlier):

1. |newDataToPost| should be primed with null. The parser function can be 
rewritten later and somebody may forget to assign null there.

2. instead of doing 

    if (!something)
      return NS_ERROR_NULL_POINTER;

we should go

    NS_ENSURE_ARG_POINTER(something);

3.    if (isFile && tmpFileName) {
        nsCRT::free(tmpFileName);

why to check |isFile|?

All those maybe fine for the branch check in but would be nice to fix on the 
trunk.

    
    

    
  
ok, so i looked over the patch... it's rough, but seems accurate to me.

for example, the uses of sprintf should be replaced with PR_snprintf... please
never ever use sprintf.  it makes code very fragile.

also there is an indentation problem in the PostURL() method.

at any rate, sr=darin

    
    

    
  
on the 0.9.4 branch:
Checking in modules/plugin/base/src/nsPluginHostImpl.cpp;
new revision: 1.288.2.16; previous revision: 1.288.2.15
--
Checking in modules/plugin/base/src/nsPluginHostImpl.h;
new revision: 1.55.14.6; previous revision: 1.55.14.5
--
Checking in modules/plugin/base/src/nsIPluginHost.h;
new revision: 1.20.116.2; previous revision: 1.20.116.1
--
Checking in modules/plugin/base/src/nsPluginViewer.cpp;
new revision: 1.74.2.7; previous revision: 1.74.2.6
--
Checking in modules/plugin/base/public/nsPIPluginHost.h;
new revision: 1.1.64.1; previous revision: 1.1
--
Checking in layout/html/base/src/nsObjectFrame.cpp;
new revision: 1.248.2.23; previous revision: 1.248.2.22


    
  
Keywords: edt0.9.4edt0.9.4+, 
          
            fixed0.9.4

    
    

    
  
Well, I don't post binary data, so I can't verify that part.  But I have 
verified that I no longer need to prepend the content-length header. 
Works for me.

    
    

    
  
Thx for the help, Ari ! 
Keywords: verified0.9.4

    
    

    
  
It appears that this may be working as expected with CS/Talon 112a 

Launch CS/Talon 
Go to http://lxr.mozilla.org/mozilla/source/modules/plugin/tools/tester 
Select "Click here to launch the tester" 

I set the following parameters: 
API call = NPN_PostURL 
URL = http://www.mozilla.gr.jp:4321 
Target = _npapi_Display (default) 
buf = "Hello World" 
file = FALSE (default) 
Select GO button 

Results: 
len = 11 (sets itself automatically) 

Top frame contains: 
HTTP Client Net Debugger 
Server: Tokyo.Mozilla.Gr.JP/210.160.137.138, Port: 4321 
Client: x98A3A5C2.pix.aol.com/152.163.165.194, Port: 3138 
---------------- 
HTTP Request  & Body 

POST / HTTP/1.1 
Host: www.mozilla.gr.jp:4321 
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.4.2) Gecko/20020120 CS 
2000 7.0/7.0 
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, 
image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8,
text/css, */*;q=0.1 
Accept-Language: en-us 
Accept-Encoding: gzip, deflate, compress;q=0.9 
Keep-Alive: 300 
Connection: keep-alive 
Referer: 
http://lxr.mozilla.org/mozilla/source/modules/plugin/tools/tester/testcase/teste
r.html 
Content-length: 11 

Hello World 
----------------------------------------------- 
HTTP Response (Content-Length omitted) 
======================================================================== 
The Lower Frame Contains: 
NPN_PostURL(0x01e87eb4, 0x0065f418("http://www.mozilla.gr.jp:4321/"), 
0x0065f398("_npapi_Display"), 11, 0x0065f318("Hello
World"), FALSE) 
Returns: NPERR_NO_ERROR 
Time: 91243 91243 (0) 

    
    

    
  
Comment on attachment 66065 [details] [diff] [review]
v5 the same as v4, with PR_snprintf, and manor changes in nsPluginHostImpl::ParsePostBufferToFixHeaders()

Additional changes appear ok. r=bnesse.

        Attachment #66065 -
        Flags: review+

    
    

    
  
Comment on attachment 66065 [details] [diff] [review]
v5 the same as v4, with PR_snprintf, and manor changes in nsPluginHostImpl::ParsePostBufferToFixHeaders()

sr=darin

        Attachment #66065 -
        Flags: superreview+

    
    

    
  
Thanks all.
Checked into the trunk.
Nominating for 0.9.8 branch.
Keywords: mozilla0.9.8
Whiteboard: ETA: 01/14/02; have a patch, needs review → ETA: 01/14/02; on the trunk
Target Milestone: --- → mozilla0.9.8

    
    

    
  
resolved as fixed
Status: NEW → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
Target Milestone: mozilla0.9.8 → mozilla0.9.9

    
    

    
  
this did not land for 0.9.8 so anyone working with the 0.9.8 branch who needs
this will want to patch their tree. 

    
    

    
  
.
Status: RESOLVED → VERIFIED
Keywords: qawanted

    
  
Keywords: fixed0.9.4

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: