[Bug 56262] New: ab does not work with extremely long cookies

Fri, 14 Mar 2014 08:08:14 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=56262

            Bug ID: 56262
           Summary: ab does not work with extremely long cookies
           Product: Apache httpd-2
           Version: 2.4.7
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: support
          Assignee: [email protected]
          Reporter: [email protected]

Attempting to use "ab" with cookies that are greater than 2048 characters
causes ab to hang.  I'm attempting to use "ab" against an openstack
installation and it appears that the cookie is getting truncated, and the
connection to the web server then hangs.

Reproduce as such:

horizonhost=$1
username=$2
password=$3

url=http://$horizonhost

tmpfile=`mktemp /tmp/horizonXXXXXX`
cookies=`mktemp /tmp/cookiesXXXXXX`
cookies2=`mktemp /tmp/cookies2XXXXXX`
results=`mktemp /tmp/resultsXXXXXX`
postfile=`mktemp /tmp/postfileXXXXXX`

wget --save-headers --keep-session-cookies --save-cookies=$cookies -q -O - $url
> $tmpfile

region=`grep 'name="region" value=' $tmpfile  | awk -F\" '{ print $6 }' | sed
-e 's/:/%3A/g' -e 's,/,%2F,g'`

token=`grep csrfmiddlewaretoken $tmpfile | sed "s/.*value='\(.*\)'.*/\1/g"`

echo
"csrfmiddlewaretoken=$token&region=$region&username=$username&password=$password"
> $postfile

wget --save-headers -q -O - --load-cookies=$cookies --keep-session-cookies
--save-cookies=$cookies2
--post-data="csrfmiddlewaretoken=$token&region=$region&username=$username&password=$password"
$url/dashboard/auth/login/ > $results

============

At this point, attempt to use ab as such:

ab -v4 -n 1 -H 'Cookie: sessionid=< place the sessionid from $cookies2 here,
including double quotes>; csrftoken=< place the csrftoken from $cookies2>'
$url/dashboard/admin/

and note that the cookie is not fully getting sent.

I've attempted increasing the hardcoded value in ab.c for:

char _request[2048];

and this seems to get me slightly further in that I see the initial 200 OK from
the server, however, somewhere else (perhaps in the apr libraries?) something
is truncating the reply back from the server, and subsequent cookies are
malformed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to