[Libwebsockets] return values for callback_function

Charles Prévot prevot at cervval.com
Fri Nov 20 09:15:59 CET 2015


2015-11-19 18:50 GMT+01:00 Andy Green <andy at warmcat.com>:

>
>
> On 20 November 2015 01:29:37 GMT+08:00, "Charles Prévot" <
> prevot at cervval.com> wrote:
> >Thanks for your answer.
> >I have another small problem, in the case of a POST request, is there a
> >way
> >to figure out the size of the body (other than relying on the
> >Content-Length header) during the LWS_CALLBACK_HTTP call ?
>
> No... that is what Content-Length is for.  That's a http thing not an lws
> thing.
>
> >Because currently, if the body of the POST request is empty, I have no
> >other callback called (no LWS_CALLBACK_HTTP_BODY_COMPLETION) so the
> >server
> >waits for a body that never arrives and the client won't have a
> >response.
>
> Is there a Content-Length: 0 header coming in that case?
>
Yes there is, so I can use it to solve my problem. But that means a bad
browser (or a forged request) could mess with the server behaviour by
sending an empty POST with no Content-Length header. I can live with that,
but that could be a security issue (ie if allocating some memory for a
response that will never be sent, a DoS might occur).

Thanks for your quick replies.

>
> -Andy
>
> >2015-11-19 17:18 GMT+01:00 Andy Green <andy at warmcat.com>:
> >
> >>
> >>
> >> On 19 November 2015 21:55:01 GMT+08:00, "Charles Prévot" <
> >> prevot at cervval.com> wrote:
> >> >Hello,
> >> >I have a quick question regarding the return values of callback. I
> >get
> >> >that
> >> >return 0 will continue and return -1 will close the connection, but
> >in
> >> >test-server.c you also use return 1 (when building http headers). I
> >> >failed
> >> >to find any reference on that, is there a difference with returning
> >-1
> >> >?
> >>
> >> For all the 'normal' callbacks the choice is just 0 = ok and nonzero
> >=
> >> die.  Originally <0 was die which is why -1 was popular.
> >>
> >> >Also, the family of http_header functions are not documented either
> >so
> >> >I'm
> >> >not sure of the meaning of a non-zero return from their side...
> >>
> >> These were introduced to hide whether the underlying connection is
> >using
> >> http2 or not.  Http2 deals with headers in a radically different,
> >> binary-coded way, with multiple different options for header encoding
> >> including huffman tables, and the codebook is dynamically updated
> >during
> >> the kept-alive connection lifetime.  In particular you can't just
> >slide
> >> from headers to content in one packet with http2 as you could with
> >http1.x.
> >>
> >> Anyway for both http1.x and http2 connections, they will return
> >nonzero in
> >> the case your requested header couldn't fit in the buffer you gave
> >it.
> >>
> >> -Andy
> >>
> >> >Sincerely,
> >>
> >>
>
>


-- 
<http://www.cervval.com/private/logoColor128.png>
*Charles Prévot*
*02 90 26 21 10*
*CERVVAL **140 avenue Graham Bell - **29280 Plouzané*
<http://www.cervval.com/private/logoColor128.png>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20151120/7251a1c9/attachment-0001.html>


More information about the Libwebsockets mailing list