Zn maximumEntitySize

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Zn maximumEntitySize

Pierce Ng-3
Hi,

(Second try. Seems my first attempt went out at just around the time the
previous list died.)

I'm writing (what should become) a series of blog posts on fuzzing. My blog
runs as a Zinc server delegate on Pharo. From source code, I see
ZnMaximumEntitySize, ZnServer>>maximumEntitySize:,
ZnConstants class>>defaultMaximumEntitySize, etc.

Seems the setting doesn't? The following is my server:

  | s |
  s := ZnSingleThreadedServer on: 8082.
  s maximumEntitySize: 128.
  s delegate: (ZnValueDelegate
                with: [ :req |
                  ZnResponse ok: (ZnEntity html: ZnConstants welcomePageHtml) ]).
  s logToTranscript.
  s start.

I expected the following client to raise ZnEntityTooLarge, but it doesn't.
Instead it works, and I see in the Transcript the request with all the $a
in it. Am I reading the source wrong?

  ZnEasy get: ('http://127.0.0.1:8082/', (String new: 200 withAll: $a) asString)

Incidentally, when I did the following on another machine, both client and
server threw time-out exceptions:

  ZnEasy get: ('http://192.168.x.x:8082/',
                (String new: (16 * 1024 * 1024) withAll: $a) asString)



--
Pierce Ng
http://samadhiweb.com/blog/


_______________________________________________
Pharo-users mailing list
[hidden email]
http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org
Reply | Threaded
Open this post in threaded view
|

Re: Zn maximumEntitySize

Sven Van Caekenberghe-2
Hi Pierce,

On 13 May 2013, at 14:35, Pierce Ng <[hidden email]> wrote:

> Hi,
>
> (Second try. Seems my first attempt went out at just around the time the
> previous list died.)
>
> I'm writing (what should become) a series of blog posts on fuzzing. My blog
> runs as a Zinc server delegate on Pharo. From source code, I see
> ZnMaximumEntitySize, ZnServer>>maximumEntitySize:,
> ZnConstants class>>defaultMaximumEntitySize, etc.
>
> Seems the setting doesn't? The following is my server:
>
>  | s |
>  s := ZnSingleThreadedServer on: 8082.
>  s maximumEntitySize: 128.
>  s delegate: (ZnValueDelegate
>                with: [ :req |
>                  ZnResponse ok: (ZnEntity html: ZnConstants welcomePageHtml) ]).
>  s logToTranscript.
>  s start.
>
> I expected the following client to raise ZnEntityTooLarge, but it doesn't.
> Instead it works, and I see in the Transcript the request with all the $a
> in it. Am I reading the source wrong?
>
>  ZnEasy get: ('http://127.0.0.1:8082/', (String new: 200 withAll: $a) asString)

ZnEntityTooLarge is a condition that is signaled by the server when it is receiving (reading) an incoming entity that is too large. This is done to protect the server. This condition is only applicable to ZnEntity and subclasses. A ZnRequest consists of other parts as well (request line and headers). For these other conditions apply: ZnLineTooLong and ZnTooManyDictionaryEntries.

In the above example, you could try to add 4096 $a's to trigger a ZnLineTooLong.

To trigger ZnEntityTooLarge you should PUT or POST data.

> Incidentally, when I did the following on another machine, both client and
> server threw time-out exceptions:
>
>  ZnEasy get: ('http://192.168.x.x:8082/',
>                (String new: (16 * 1024 * 1024) withAll: $a) asString)

Yes, the reaction of the server to these condition is rather hard: I should check, but I think it just aborts. I will see if I can write some high level tests.

Regards,

Sven

> --
> Pierce Ng
> http://samadhiweb.com/blog/
>
>
> _______________________________________________
> Pharo-users mailing list
> [hidden email]
> http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org

--
Sven Van Caekenberghe
Proudly supporting Pharo
http://pharo.org
http://association.pharo.org
http://consortium.pharo.org





_______________________________________________
Pharo-users mailing list
[hidden email]
http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org
Reply | Threaded
Open this post in threaded view
|

Re: Zn maximumEntitySize

Sven Van Caekenberghe-2
Hi Pierce,

On 13 May 2013, at 15:58, Sven Van Caekenberghe <[hidden email]> wrote:

> I will see if I can write some high level tests.

If you do

        ConfigurationOfZincHTTPComponents project bleedingEdge load.

from

        http://mc.stfx.eu/ZincHTTPComponents

you will find some new ZnServerTests

        http://ws.stfx.eu/D8X1CFAEQODI

Regards,

Sven

PS: Thanks for the feedback !

--
Sven Van Caekenberghe
Proudly supporting Pharo
http://pharo.org
http://association.pharo.org
http://consortium.pharo.org





Reply | Threaded
Open this post in threaded view
|

Re: Zn maximumEntitySize

Pierce Ng-3
In reply to this post by Sven Van Caekenberghe-2
On Mon, May 13, 2013 at 03:58:12PM +0200, Sven Van Caekenberghe wrote:

> ZnEntityTooLarge is a condition that is signaled by the server when it is
> receiving (reading) an incoming entity that is too large. This is done to
> protect the server. This condition is only applicable to ZnEntity and
> subclasses. A ZnRequest consists of other parts as well (request line and
> headers). For these other conditions apply: ZnLineTooLong and
> ZnTooManyDictionaryEntries.
>
> In the above example, you could try to add 4096 $a's to trigger a
> ZnLineTooLong.
>
> To trigger ZnEntityTooLarge you should PUT or POST data.

Sven, thanks for your explanation. I did trigger ZnLineTooLong during my
experimentation.


--
Pierce Ng
http://samadhiweb.com/blog/


Reply | Threaded
Open this post in threaded view
|

Re: Zn maximumEntitySize

Pierce Ng-3
In reply to this post by Sven Van Caekenberghe-2
On Tue, May 14, 2013 at 01:51:15PM +0200, Sven Van Caekenberghe wrote:
> If you do
> ConfigurationOfZincHTTPComponents project bleedingEdge load.
> from
> http://mc.stfx.eu/ZincHTTPComponents
> you will find some new ZnServerTests
> http://ws.stfx.eu/D8X1CFAEQODI

Cool! I'll try that. Thanks again Sven.


--
Pierce Ng
http://samadhiweb.com/blog/