Hi,
(Second try. Seems my first attempt went out at just around the time the previous list died.) I'm writing (what should become) a series of blog posts on fuzzing. My blog runs as a Zinc server delegate on Pharo. From source code, I see ZnMaximumEntitySize, ZnServer>>maximumEntitySize:, ZnConstants class>>defaultMaximumEntitySize, etc. Seems the setting doesn't? The following is my server: | s | s := ZnSingleThreadedServer on: 8082. s maximumEntitySize: 128. s delegate: (ZnValueDelegate with: [ :req | ZnResponse ok: (ZnEntity html: ZnConstants welcomePageHtml) ]). s logToTranscript. s start. I expected the following client to raise ZnEntityTooLarge, but it doesn't. Instead it works, and I see in the Transcript the request with all the $a in it. Am I reading the source wrong? ZnEasy get: ('http://127.0.0.1:8082/', (String new: 200 withAll: $a) asString) Incidentally, when I did the following on another machine, both client and server threw time-out exceptions: ZnEasy get: ('http://192.168.x.x:8082/', (String new: (16 * 1024 * 1024) withAll: $a) asString) -- Pierce Ng http://samadhiweb.com/blog/ _______________________________________________ Pharo-users mailing list [hidden email] http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org |
Hi Pierce,
On 13 May 2013, at 14:35, Pierce Ng <[hidden email]> wrote: > Hi, > > (Second try. Seems my first attempt went out at just around the time the > previous list died.) > > I'm writing (what should become) a series of blog posts on fuzzing. My blog > runs as a Zinc server delegate on Pharo. From source code, I see > ZnMaximumEntitySize, ZnServer>>maximumEntitySize:, > ZnConstants class>>defaultMaximumEntitySize, etc. > > Seems the setting doesn't? The following is my server: > > | s | > s := ZnSingleThreadedServer on: 8082. > s maximumEntitySize: 128. > s delegate: (ZnValueDelegate > with: [ :req | > ZnResponse ok: (ZnEntity html: ZnConstants welcomePageHtml) ]). > s logToTranscript. > s start. > > I expected the following client to raise ZnEntityTooLarge, but it doesn't. > Instead it works, and I see in the Transcript the request with all the $a > in it. Am I reading the source wrong? > > ZnEasy get: ('http://127.0.0.1:8082/', (String new: 200 withAll: $a) asString) ZnEntityTooLarge is a condition that is signaled by the server when it is receiving (reading) an incoming entity that is too large. This is done to protect the server. This condition is only applicable to ZnEntity and subclasses. A ZnRequest consists of other parts as well (request line and headers). For these other conditions apply: ZnLineTooLong and ZnTooManyDictionaryEntries. In the above example, you could try to add 4096 $a's to trigger a ZnLineTooLong. To trigger ZnEntityTooLarge you should PUT or POST data. > Incidentally, when I did the following on another machine, both client and > server threw time-out exceptions: > > ZnEasy get: ('http://192.168.x.x:8082/', > (String new: (16 * 1024 * 1024) withAll: $a) asString) Yes, the reaction of the server to these condition is rather hard: I should check, but I think it just aborts. I will see if I can write some high level tests. Regards, Sven > -- > Pierce Ng > http://samadhiweb.com/blog/ > > > _______________________________________________ > Pharo-users mailing list > [hidden email] > http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org _______________________________________________ Pharo-users mailing list [hidden email] http://lists.pharo.org/mailman/listinfo/pharo-users_lists.pharo.org |
Hi Pierce,
On 13 May 2013, at 15:58, Sven Van Caekenberghe <[hidden email]> wrote: > I will see if I can write some high level tests. If you do ConfigurationOfZincHTTPComponents project bleedingEdge load. from http://mc.stfx.eu/ZincHTTPComponents you will find some new ZnServerTests http://ws.stfx.eu/D8X1CFAEQODI Regards, Sven PS: Thanks for the feedback ! -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org |
In reply to this post by Sven Van Caekenberghe-2
On Mon, May 13, 2013 at 03:58:12PM +0200, Sven Van Caekenberghe wrote:
> ZnEntityTooLarge is a condition that is signaled by the server when it is > receiving (reading) an incoming entity that is too large. This is done to > protect the server. This condition is only applicable to ZnEntity and > subclasses. A ZnRequest consists of other parts as well (request line and > headers). For these other conditions apply: ZnLineTooLong and > ZnTooManyDictionaryEntries. > > In the above example, you could try to add 4096 $a's to trigger a > ZnLineTooLong. > > To trigger ZnEntityTooLarge you should PUT or POST data. Sven, thanks for your explanation. I did trigger ZnLineTooLong during my experimentation. -- Pierce Ng http://samadhiweb.com/blog/ |
In reply to this post by Sven Van Caekenberghe-2
On Tue, May 14, 2013 at 01:51:15PM +0200, Sven Van Caekenberghe wrote:
> If you do > ConfigurationOfZincHTTPComponents project bleedingEdge load. > from > http://mc.stfx.eu/ZincHTTPComponents > you will find some new ZnServerTests > http://ws.stfx.eu/D8X1CFAEQODI Cool! I'll try that. Thanks again Sven. -- Pierce Ng http://samadhiweb.com/blog/ |
Free forum by Nabble | Edit this page |