stadeus
  • Login
Show Navigation

  • Public

    • Groups
    • Recent tags

Conversation

Notices

  1. MMN-o ✅⃠ (mmn)'s status on Tuesday, 11-Jul-2017 05:14:16 EDT MMN-o ✅⃠ MMN-o ✅⃠
    • headcrack
    @headcrack Since it works (times out correctly) with fread() and not fgets() it is either an issue in PHP (but it seems fgets() should behave like described) or in PEAR (which should switch to fread() or something else that breaks despite characters are still flowing in).
    Tuesday, 11-Jul-2017 05:14:16 EDT from social.umeahackerspace.se permalink
    • MMN-o ✅⃠ (mmn)'s status on Monday, 10-Jul-2017 15:00:02 EDT MMN-o ✅⃠ MMN-o ✅⃠
      • GNU Social
      • headcrack
      @headcrack !GNUsocial stalls because the underlying HTTPS request never times out, which only happens with PHP sockets as the backend for HTTP_Request2 and not with the CURL backend. This is reproducible outside of the GNUsocial framework as well: https://git.gnu.io/gnu/gnu-social/issues/281#note_5674


      I am fully aware of the snail-pace type DoS attack and that's why there is a "full spectrum timeout" set in deeper parts of the code (HTTP_Request2_SocketWrapper runs stream_set_timeout - and PHP itself has a default_socket_timeout of 60s), which if the socket timeouts worked (in PHP) would kill the connection _regardless_ of how many or few bytes have been received since the last fread():
      Monday, 10-Jul-2017 15:00:02 EDT permalink

      Attachments

    • MMN-o ✅⃠ (mmn)'s status on Monday, 10-Jul-2017 15:01:30 EDT MMN-o ✅⃠ MMN-o ✅⃠
      • headcrack
      PS, that server is (at least to search engine caches) a #Mastodon instance ,)
      Monday, 10-Jul-2017 15:01:30 EDT permalink
    • MMN-o ✅⃠ (mmn)'s status on Monday, 10-Jul-2017 15:38:27 EDT MMN-o ✅⃠ MMN-o ✅⃠
      • headcrack
      @headcrack Now I found something. It seems that HTTP_Request2_SocketWrapper uses 'fgets' instead of 'fread':
      https://secure.php.net/fgets vs. https://secure.php.net/fread

      Unline fgets, fread has this in the criteria to stop reading data: "a packet becomes available or the socket timeout occurs (for network streams)"

      It seems as though 'fgets' is unaffected by timeouts and also unclear exactly whether 'fread' considers the full timeout or just "per-character" (which I don't think is the case, but is the situation you're describing).

      I'll see if switching to fread helps, assuming hash.my is still alive and dysfunctional.
      Monday, 10-Jul-2017 15:38:27 EDT permalink
    • MMN-o ✅⃠ (mmn)'s status on Monday, 10-Jul-2017 16:50:03 EDT MMN-o ✅⃠ MMN-o ✅⃠
      • Bob Mottram
      • headcrack
      @bob @headcrack I posted this to the bug tracker for HTTP_Request2 at least: https://pear.php.net/bugs/bug.php?id=21229
      Monday, 10-Jul-2017 16:50:03 EDT permalink
    • MMN-o ✅⃠ (mmn)'s status on Tuesday, 11-Jul-2017 06:22:30 EDT MMN-o ✅⃠ MMN-o ✅⃠
      in reply to
      • headcrack
      @headcrack FYI I set the socket to non-blocking and used the stream_select stuff to wait for activity. Seems to do what it should. Commit is here, please review .) https://git.gnu.io/gnu/gnu-social/commit/05a9c11c476b384e5ef3f3cc83b66406fcf7a378
      Tuesday, 11-Jul-2017 06:22:30 EDT permalink

      Attachments

  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

stadeus is a social network, courtesy of blaise.ca. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All stadeus content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.