Closed Bug 758625 Opened 7 years ago Closed 7 years ago

0 length spdy responses not always terminated properly

Categories

(Core :: Networking: HTTP, defect)

12 Branch
x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla14
Tracking Status
firefox12 --- wontfix
firefox13 --- wontfix
firefox14 --- fixed
firefox15 --- fixed

People

(Reporter: mcmanus, Assigned: mcmanus)

Details

(Whiteboard: [spdy])

Attachments

(1 file)

Our friends at webtide (makers of jetty) reported this.

a spdy stream with a fin on the syn-reply might not have its termination detected if the http data in the syn-reply does not also signal that there is no body (e.g. via a content-length: 0 or by using a response code that is defined to have no body like 304).

this can be worked around on the server side by either including a content-length:0 or by placing the fin on a 0 length data frame instead of directly on the syn-reply.

Fixing it is just a matter of applying the same mNeedsCleanup flag that data frame processing uses for signaling EOF to the http layer.
Attached patch patch 0Splinter Review
Attachment #627231 - Flags: review?(honzab.moz)
Comment on attachment 627231 [details] [diff] [review]
patch 0

Review of attachment 627231 [details] [diff] [review]:
-----------------------------------------------------------------

::: netwerk/protocol/http/SpdySession.cpp
@@ +2042,5 @@
> +  NS_ABORT_IF_FALSE(!mNeedsCleanup, "mNeedsCleanup unexpectedly set");
> +  mNeedsCleanup = mInputFrameDataStream;
> +
> +  *aCountWritten = 0;
> +  ResetDownstreamState();

Please let *aCountWritten = 0; be set explicitly outside this method (by the caller).
Attachment #627231 - Flags: review?(honzab.moz) → review+
Comment on attachment 627231 [details] [diff] [review]
patch 0

[Approval Request Comment]
Bug caused by (feature/regressing bug #):  original spdy bug

User impact if declined: 
interop problem with compliant spdy/2 servers.. just discovered in the devlopment of a new server. we risk problems with other emerging servers in a fast moving space by not fixing.

Testing completed (on m-c, etc.): 
on m-c

Risk to taking this patch (and alternatives if risky):  low.. the path it uses is already used on data frames, this allows control frames to trigger the same code
Attachment #627231 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/004e123be159
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment on attachment 627231 [details] [diff] [review]
patch 0

[Triage Comment]
Approved for Aurora 14 for sake of compatibility given the low risk evaluation.
Attachment #627231 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.