Bug 176093

Summary: kio_http process reuse sends requests to wrong server
Product: [Unmaintained] kio Reporter: makosoft
Component: httpAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: ahartmetz, faure, sven.burmeister, uwolfer
Priority: NOR    
Version: 4.1   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description makosoft 2008-11-25 21:55:31 UTC 
Version:            (using Devel)
Compiler:          gcc (Gentoo 4.3.2 p1.1) 4.3.2
 
OS:                Linux
Installed from:    Compiled sources

There appears to be an issue whereby, under certain circumstances, a reused kio_http process will incorrectly send a subsequent request intended for a different server to the same server as a previous request.

Specifically, if it receives a request for a URL on foo.com that's a cache miss, it connects to foo.com and sets m_prevRequest to the information in that request. 

If it then receives a subsequent request for a URL on bar.com that's satisfied from cache, m_prevRequest is updated with this URL (in HTTPProtocol::proceedUntilResponseHeader) but it doesn't call httpCloseConnection to disconnect from foo.com (since HTTPProtocol::sendQuery returns early before this is done.)

If its next request is for a non-cached URL on bar.com, this is then sent to foo.com. Since the request's host matches that in m_prevRequest (bar.com), HTTPProtocol::httpShouldCloseConnection returns false and we use the same IP/port (and possibly, though not always, the same connection) as the last request sent, which was to foo.com.

This can be reproduced (usually) by going to http://www.battech.co.uk/shop/control/category/~category_id=BAT_LAPTOP_ACER/~VIEW_SIZE=12/~VIEW_INDEX=3?&pageno=3 and going repeatedly between pages 1, 2, and 3. If done with no other pages open, you should eventually get a 404 message from Google. (This probably won't work if you're using a proxy, since connection reuse works differently then. Also, cache must be enabled.)

(The reason the test case works is that the images are cached files from www.battech.co.uk, but the page itself and a tracking GIF from www.google-analytics.com are uncached. As a result, the request for the page ends up going to www.google-analytics.com some of the time due to this bug, depending on which kio_http process is used for what.)
Comment 1 Andreas Hartmetz 2008-12-07 06:37:44 UTC 
Very good bug report, thanks a lot!
This is likely the source of spurious image load errors as well. Testing a cleanup of the code involved for a couple of days now, will commit if it works.
(I basically forgot to review this code with my changes at the time and changed it somewhat anyway. Bad idea.)
The bug is related to HTTP keep-alive connection handling. For details read the bug report :)
Comment 2 Andreas Hartmetz 2008-12-07 22:51:24 UTC 
SVN commit 894092 by ahartmetz:

Remove the PrevRequest structure and data members again and instead use
the server connection state and the current request information where
each makes sense. I left the auth code as is because when it is invoked
the server state is filled in so the information is there then.
Changes include updating the server state only when a request is actually
sent, as opposed to getting the response from the disk cache.
Regressions in corner cases (say proxy+HTTPS+proxy auth) are possible.
BUG:176093, 171256



 M  +64 -57    http.cpp  
 M  +35 -40    http.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=894092