<div dir="ltr">Hello.<div><br></div><div>I'm not sure how to create test for this.</div><div>I can create the full test with all the code and Perl script to run it but in my own way of coding.</div><div>I see that there is some specific form of code in which the tests should be made.</div><div>Do you have some info on how to create the test in required form?</div><div>Sorry for the questions, I really want to create this request but I don't know where to find more information.</div><div><br></div><div>Thank you and greetings,</div><div>Jovan Bunjevački.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-20 11:51 GMT+02:00 Johnny Willemsen <span dir="ltr"><<a href="mailto:jwillemsen@remedy.nl" target="_blank">jwillemsen@remedy.nl</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Thanks for using the PRF form. Please open a pull request at<br>
<a href="https://github.com/DOCGroup/ATCD/" rel="noreferrer" target="_blank">https://github.com/DOCGroup/ATCD/</a> with the necessary fixes and<br>
extensions to our unit tests to reproduce this.<br>
<br>
Best regards,<br>
<br>
Johnny Willemsen<br>
Remedy IT<br>
Postbus 81 | 6930 AB Westervoort | The Netherlands<br>
<a href="http://www.remedy.nl" rel="noreferrer" target="_blank">http://www.remedy.nl</a><br>
<span class=""><br>
On 04/20/2016 11:27 AM, BJovke . wrote:<br>
> :)) Well, I've just noticed that initial "buf" is also not zero terminated.<br>
> For strstr this is critical.<br>
> So here is the fix with this correction included:<br>
><br>
> SAMPLE FIX/WORKAROUND:<br>
><br>
> int<br>
> TAO_HTTP_Reader::receive_reply (void)<br>
> {<br>
> size_t num_recvd = 0;<br>
> char buf [MTU+1];<br>
> char *buf_ptr = 0;<br>
> size_t bytes_read = 0;<br>
><br>
> // Receive the first MTU bytes and strip the header off.<br>
> // Note that we assume that the header will fit into MTU bytes.<br>
> if (peer ().recv_n (buf, MTU, 0, &num_recvd) >= 0)<br>
> {<br>
> // Zero terminate buf.<br>
> buf[num_recvd]=0;<br>
> //Make sure that response type is 200 OK<br>
> // It could be "IOR:" also!!!<br>
> if (ACE_OS::strstr (buf,"200 OK") == 0)<br>
> {<br>
> // If response is pure IOR string it should begin with "IOR:" without<br>
> any white spaces before it<br>
> // This could be modified in future to skip leading white spaces if<br>
> there is a possibility that there are white spaces before "IOR:" string<br>
</span>> if (*buf == 0 || ACE_OS::strstr (buf,"IOR:") != buf)// *buf==0 is here<br>
<div><div class="h5">> because strstr returns buf when buf is empty string<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply, Response is not 200 OK nor<br>
> IOR:\n" ), -1);<br>
> }<br>
><br>
> // Search for the header termination string "\r\n\r\n", or "\n\n". If<br>
> // found, move past it to get to the data portion.<br>
> if ((buf_ptr = ACE_OS::strstr (buf,"\r\n\r\n")) != 0)<br>
> buf_ptr += 4;<br>
> else if ((buf_ptr = ACE_OS::strstr (buf, "\n\n")) != 0) //for<br>
> compatibility with JAWS<br>
> buf_ptr += 2;<br>
> else<br>
> buf_ptr = buf;<br>
><br>
> // Determine number of data bytes read. This is equal to the<br>
> // total bytes read minus number of header bytes.<br>
> bytes_read = num_recvd - (buf_ptr - buf);<br>
><br>
> }<br>
> else<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply,<br>
> error while reading header\n"), -1);<br>
> }<br>
><br>
> // ***************************************************************<br>
> // At this point, we have stripped off the header and are ready to<br>
> // process data. buf_ptr points to the data<br>
><br>
> ACE_Message_Block* temp = 0;<br>
> ACE_Message_Block* curr = this->mb_;<br>
><br>
> ACE_NEW_RETURN (temp,<br>
</div></div>> ACE_Message_Block (bytes_read + 1),// Added "+1" to<br>
<span class="">> make room for byte 0 to make 0 terminated string.<br>
> -1);<br>
> curr->cont (temp);<br>
> curr = curr->cont ();<br>
><br>
> // Copy over all the data bytes into our message buffer.<br>
> if (curr->copy (buf_ptr, bytes_read) == -1)<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR, "TAO (%P|%t) -<br>
> HTTP_Reader::receive_reply, error copying data into Message_Block\n"), -1);<br>
> }<br>
><br>
> // 0 - terminate string<br>
> *curr->wr_ptr () = 0;<br>
> curr->wr_ptr (1);<br>
><br>
> // read the rest of the data into a number of ACE_Message_Blocks and<br>
> // chain them together in a link list fashion<br>
> num_recvd = 0;<br>
><br>
> do<br>
> {<br>
> if (curr->space () == 0)<br>
> {<br>
> ACE_NEW_RETURN (temp,<br>
</span>> ACE_Message_Block (MTU + 1),// Added "+1" to make<br>
<span class="">> room for byte 0 to make 0 terminated string.<br>
> -1);<br>
> curr->cont (temp);<br>
> curr = curr->cont ();<br>
> }<br>
><br>
> if (peer ().recv_n (curr->wr_ptr (), curr->space (), 0, &num_recvd) >= 0)<br>
> {<br>
> // Move the write pointer<br>
> curr->wr_ptr (num_recvd);<br>
><br>
> // 0 - terminate string<br>
> *curr->wr_ptr () = 0;<br>
> curr->wr_ptr (1);<br>
><br>
> // Increment bytes_read<br>
> bytes_read += num_recvd;<br>
><br>
> }<br>
> else<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply,<br>
> Error while reading header\n"), -1);<br>
> }<br>
> } while (num_recvd != 0);<br>
><br>
> // Set the byte count to number of bytes received<br>
> this->bytecount_ = bytes_read;<br>
><br>
> return 0;<br>
> }<br>
><br>
><br>
> 2016-04-20 11:08 GMT+02:00 BJovke . <<a href="mailto:bjovan@gmail.com">bjovan@gmail.com</a><br>
</span>> <mailto:<a href="mailto:bjovan@gmail.com">bjovan@gmail.com</a>>>:<br>
<div><div class="h5">><br>
> TAO VERSION: 2.3.0<br>
> ACE VERSION: 6.3.0<br>
><br>
> HOST MACHINE and OPERATING SYSTEM:<br>
> Windows 7, Winsock2<br>
><br>
> COMPILER NAME AND VERSION (AND PATCHLEVEL):<br>
> Visual studio 2012 express VC11 version 17.00.61030 for x86<br>
><br>
> THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform-<br>
> specific file, simply state which one]:<br>
> config-win32.h<br>
><br>
> THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you<br>
> use a link to a platform-specific file, simply state which one<br>
> (unless this isn't used in this case, e.g., with Microsoft Visual<br>
> C++)]:<br>
> MSVC used<br>
><br>
> CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features<br>
> (used by MPC when you generate your own makefiles):<br>
> -<br>
><br>
> AREA/CLASS/EXAMPLE AFFECTED:<br>
> Failed fetching of IOR via HTTP.<br>
><br>
> DOES THE PROBLEM AFFECT:<br>
> COMPILATION?<br>
> No.<br>
> LINKING?<br>
> No.<br>
> EXECUTION?<br>
> Yes, behavior is wrong. TAO and my application are affected.<br>
> OTHER (please specify)?<br>
> -<br>
><br>
> SYNOPSIS:<br>
> There are two issues noticed when fetching IOR via HTTP, by<br>
> using orb->string_to_object() function.<br>
> Because of these issues this functions fails in fetching<br>
> IOR, in both cases with error.<br>
><br>
> DESCRIPTION:<br>
> First issue is that TAO_HTTP_Reader::receive_reply (void)<br>
> function in HTTP_Handler.cpp<br>
> expects string "200 OK" as mandatory in HTTP response.<br>
> However, for Ericsson and NSN systems<br>
> I was connecting with my app, URL for Naming service IOR<br>
> points to a file on web server which<br>
> contains IOR string. HTTP response in both Ericsson and NSN<br>
> cases contains just IOR string, there<br>
> are no HTTP response headers. Because of that this function<br>
> fails in reading IOR.<br>
><br>
> Second issue is a bug and it's more serious. It is in the<br>
> same function as first issue,<br>
> TAO_HTTP_Reader::receive_reply (void) in HTTP_Handler.cpp.<br>
> HTTP response data is read and<br>
> placed into list of "ACE_Message_Block"s, each of MTU size.<br>
> These blocks are after that<br>
> concatenated into one string in function<br>
> TAO_HTTP_Parser::parse_string in HTTP_Parser.cpp.<br>
> The problem is that "ACE_Message_Block"s created in<br>
> TAO_HTTP_Reader::receive_reply are NOT<br>
> zero terminated and TAO_HTTP_Parser::parse_string uses<br>
> ACE_OS::strlen in<br>
> ACE_String_Base<ACE_CHAR_T>::operator+= (const ACE_CHAR_T* s) in<br>
> String_Base.cpp.<br>
> This operator is used for concatenation of<br>
> "ACE_Message_Block"s as C strings.<br>
> "strlen" expects each of these blocks to be zero terminated<br>
> and produces unpredictable results<br>
> with a lot of garbage bytes in resulting IOR string.<br>
> Luckily, while testing the code I've noticed<br>
> that eventually "strlen" encounters zero byte after at most<br>
> 50 bytes, well after the end of<br>
> ACE_Message_Block, so it does not cause more damage than<br>
> putting garbage into final IOR string.<br>
><br>
> REPEAT BY:<br>
> CORBA::Object_var<br>
> obj=orb->string_to_object("<a href="http://xxxxxxxxxxxxxxxxxxxxxxxxxx" rel="noreferrer" target="_blank">http://xxxxxxxxxxxxxxxxxxxxxxxxxx</a>");<br>
> URL should be a file on web server containing IOR string and<br>
> no HTTP response headers should be present, this is to reproduce<br>
> only first issue.<br>
><br>
> Second issue (bug) is always appearing if there is at least<br>
> one "ACE_Message_Block" containing response which is not zero<br>
> terminated.<br>
> Proper zero termination could happen only by chance if the<br>
> next byte after "ACE_Message_Block" is zero or if HTTP response<br>
> is such that contains zero bytes, which is unlikely.<br>
><br>
> SAMPLE FIX/WORKAROUND:<br>
> Here is a complete modified TAO_HTTP_Reader::receive_reply()<br>
> function with issues corrected.<br>
><br>
> int<br>
> TAO_HTTP_Reader::receive_reply (void)<br>
> {<br>
> size_t num_recvd = 0;<br>
> char buf [MTU+1];<br>
> char *buf_ptr = 0;<br>
> size_t bytes_read = 0;<br>
><br>
> // Receive the first MTU bytes and strip the header off.<br>
> // Note that we assume that the header will fit into MTU bytes.<br>
> if (peer ().recv_n (buf, MTU, 0, &num_recvd) >= 0)<br>
> {<br>
> //Make sure that response type is 200 OK<br>
> // It could be "IOR:" also!!!<br>
> if (ACE_OS::strstr (buf,"200 OK") == 0)<br>
> {<br>
> // If response is pure IOR string it should begin with "IOR:"<br>
> without any white spaces before it<br>
> // This could be modified in future to skip leading white spaces if<br>
> there is a possibility that there are white spaces before "IOR:" string<br>
</div></div>> if (*buf == 0 || ACE_OS::strstr (buf,"IOR:") != buf)// *buf==0 is<br>
<div><div class="h5">> here because strstr returns buf when buf is empty string<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply, Response is not 200 OK<br>
> nor IOR:\n" ), -1);<br>
> }<br>
><br>
> // Search for the header termination string "\r\n\r\n", or<br>
> "\n\n". If<br>
> // found, move past it to get to the data portion.<br>
> if ((buf_ptr = ACE_OS::strstr (buf,"\r\n\r\n")) != 0)<br>
> buf_ptr += 4;<br>
> else if ((buf_ptr = ACE_OS::strstr (buf, "\n\n")) != 0)<br>
> //for compatibility with JAWS<br>
> buf_ptr += 2;<br>
> else<br>
> buf_ptr = buf;<br>
><br>
> // Determine number of data bytes read. This is equal to the<br>
> // total bytes read minus number of header bytes.<br>
> bytes_read = num_recvd - (buf_ptr - buf);<br>
><br>
> }<br>
> else<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply,<br>
> error while reading header\n"), -1);<br>
> }<br>
><br>
> // ***************************************************************<br>
> // At this point, we have stripped off the header and are ready to<br>
> // process data. buf_ptr points to the data<br>
><br>
> ACE_Message_Block* temp = 0;<br>
> ACE_Message_Block* curr = this->mb_;<br>
><br>
> ACE_NEW_RETURN (temp,<br>
</div></div>> ACE_Message_Block (bytes_read + 1),// Added "+1"<br>
<span class="">> to make room for byte 0 to make 0 terminated string.<br>
> -1);<br>
> curr->cont (temp);<br>
> curr = curr->cont ();<br>
><br>
> // Copy over all the data bytes into our message buffer.<br>
> if (curr->copy (buf_ptr, bytes_read) == -1)<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR, "TAO (%P|%t) -<br>
> HTTP_Reader::receive_reply, error copying data into<br>
> Message_Block\n"), -1);<br>
> }<br>
><br>
> // 0 - terminate string<br>
> *curr->wr_ptr () = 0;<br>
> curr->wr_ptr (1);<br>
><br>
> // read the rest of the data into a number of ACE_Message_Blocks and<br>
> // chain them together in a link list fashion<br>
> num_recvd = 0;<br>
><br>
> do<br>
> {<br>
> if (curr->space () == 0)<br>
> {<br>
> ACE_NEW_RETURN (temp,<br>
</span>> ACE_Message_Block (MTU + 1),// Added "+1" to<br>
<div><div class="h5">> make room for byte 0 to make 0 terminated string.<br>
> -1);<br>
> curr->cont (temp);<br>
> curr = curr->cont ();<br>
> }<br>
><br>
> if (peer ().recv_n (curr->wr_ptr (), curr->space (), 0,<br>
> &num_recvd) >= 0)<br>
> {<br>
> // Move the write pointer<br>
> curr->wr_ptr (num_recvd);<br>
><br>
> // 0 - terminate string<br>
> *curr->wr_ptr () = 0;<br>
> curr->wr_ptr (1);<br>
><br>
> // Increment bytes_read<br>
> bytes_read += num_recvd;<br>
><br>
> }<br>
> else<br>
> {<br>
> TAOLIB_ERROR_RETURN ((LM_ERROR,<br>
> "TAO (%P|%t) - HTTP_Reader::receive_reply,<br>
> Error while reading header\n"), -1);<br>
> }<br>
> } while (num_recvd != 0);<br>
><br>
> // Set the byte count to number of bytes received<br>
> this->bytecount_ = bytes_read;<br>
><br>
> return 0;<br>
> }<br>
><br>
><br>
> --<br>
><br>
> Jovan Bunjevački.<br>
><br>
><br>
><br>
><br>
> --<br>
><br>
> Jovan Bunjevački.<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> tao-bugs mailing list<br>
> <a href="mailto:tao-bugs@list.isis.vanderbilt.edu">tao-bugs@list.isis.vanderbilt.edu</a><br>
> <a href="http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs" rel="noreferrer" target="_blank">http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs</a><br>
><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div><br></div><div>Jovan Bunjevački.<br></div></div>
</div>