Consider use of String.prototype.split. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/split
2014-06-08 19:40 GMT+03:00 Марк Коренберг <[email protected]>: > Example: > ========================= > {createServer} = require 'net' > > log = console.log.bind(console) > > srv = createServer (s)-> > buffered_text = '' > _try_read_line = -> > log '_try_read_line called' > > # effect is the same if we setup 'data' event... > binary_data = s.read() > if binary_data is null > return > > # count how many bytes=chars we have in temporary buffer > incomplete_line_length = buffered_text.length > buffered_text += binary_data.toString('ascii') > separator_index = buffered_text.indexOf('\r\n') > if separator_index is -1 > # read incomplete line next time > return > line = buffered_text.slice(0, separator_index) > log 'Handling line', line > buffered_text = '' > # we cannot push text back to buffer, at least because ascii converts > \x00 to \x20. > unread_binary_part = binary_data.slice(separator_index + 2 - > incomplete_line_length) > log 'calling unshift' > s.unshift(unread_binary_part) > log 'unshift complete' > > s.on 'readable', _try_read_line > srv.listen(8001) > ==================== > Now, suppose, someone send 4 lines with on .send() syscall. So, we > received it as one big chunk. And console output will be: > ==================== > _try_read_line called > Handling line LINE1 > calling unshift > _try_read_line called > Handling line LINE2 > calling unshift > _try_read_line called > Handling line LINE3 > calling unshift > _try_read_line called > Handling line LINE4 > calling unshift > _try_read_line called > unshift complete > unshift complete > unshift complete > unshift complete > ==================== > > This mean that after calling .unshift(), _try_read_line() is called > immediatelly. So, hacker may send many short lines in one big chunk and > gain stack overflow. > > If I do some tricks with process.onNextTick(), results will not be stable, > it is not guaranteed order of calling such scheduled jobs and IO handlers, > so my stream may be corrupted if my postponed unshift() will be called > AFTER _try_read_line, triggered by IO event. > Now, the question: How I can re-write this program to be stack-friendly ? > Also, note, that after reading some specific line, we should unshift() and > read unshifted data in another function. And also, I don not want re-make > binary data buffer by hands. Also, example above is simplified function > without any anti-dos checks. > > -- > Job board: http://jobs.nodejs.org/ > New group rules: > https://gist.github.com/othiym23/9886289#file-moderation-policy-md > Old group rules: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nodejs/c795ffc2-a300-483d-bc8d-858a82e33609%40googlegroups.com > <https://groups.google.com/d/msgid/nodejs/c795ffc2-a300-483d-bc8d-858a82e33609%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAP8%3DUyShqo2gFozx%3DXj4jh4P%3DHv_r8KzBGBn4BVSNu1oQcU3yg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
