[ejabberd] BOSH infinite loop followed by an ejabberd crash.

Christopher Zorn christopher.zorn at gmail.com
Mon Nov 29 17:58:49 MSK 2010


I have tested and this fix is ok. However under high load stream:features is
not returned on session creation. This breaks clients waiting  for
stream:features or creates an extra round trip to get stream:features. This
is not ideal.

The following patch prevents the DOS when wait='0' and prevents the extra
round trip for sending stream:features

diff --git a/src/web/ejabberd_http_bind.erl b/src/web/ejabberd_http_bind.erl
index bde401c..ca23db4 100644
--- a/src/web/ejabberd_http_bind.erl
+++ b/src/web/ejabberd_http_bind.erl
@@ -947,8 +947,7 @@ prepare_outpacket_response(#http_bind{id=Sid, wait=Wait,
                                StreamTail]
                end,
            case OutEls of
-               [] ->
-                   prepare_response(Sess, Rid, OutPacket, true);
+               [] when Wait > 0 -> prepare_response(Sess, Rid, OutPacket,
true);
                [{xmlelement,
                  "stream:error",_,_}] ->
                    {200, ?HEADER, "<body type='terminate' "


Is wait='0' valid? That seems to destroy the purpose of long polling. :)


On Mon, Nov 29, 2010 at 9:05 AM, Christopher Zorn <
christopher.zorn at gmail.com> wrote:

> On Mon, Nov 29, 2010 at 8:56 AM, Badlop <badlop at gmail.com> wrote:
>
>> 2010/11/29 Christopher Zorn <christopher.zorn at gmail.com>:
>> > I just looked at the patch briefly and have not tested it. Did this
>> patch
>> > get tested?
>>
>> I briefly tested that:
>> * Now there isn't an infinite loop
>> * BOSH clients (Gajim and Oneteam) can login correctly as usual
>>
>> The patch is committed in 2.1.x branch.
>>
>>
> Ok. Cool. I am testing now as well.
>
>
>>
>> > I will take a look. I think the problem has something to do with the
>> > wait='0' value in that test data.
>>
>> > Originally there was a sleep that delayed all requests by 100ms and I
>> > believe that was put in to make sure sessions were created in mnesia. In
>> my
>> > patch this loop happens when there is not session data in the mnesia
>> table,
>> > but should be. This patch removes that.
>> > With the current change, if session data is not in the mnesia table then
>> it
>> > will return bad data. I agree the loop should be removed but its removal
>> > causes a bug. There needs to be a cleaner solution on making sure things
>> are
>> > returned correctly when the session creation is finished.
>>
>> Ok. If you take a look and find any problem in the patch, or
>> have an alternative/cleaner solution to the loop problem, please comment
>> it.
>>
>>
> Looking now, I will commit what I find. Thanks.
>
>
>>
>> ---
>> Badlop
>> ProcessOne
>> _______________________________________________
>> ejabberd mailing list
>> ejabberd at jabber.ru
>> http://lists.jabber.ru/mailman/listinfo/ejabberd
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20101129/df57cc53/attachment-0001.html>


More information about the ejabberd mailing list