[pkg-lua-devel] Bug#1010566: lua-socket: socket.http ignores HTTP trailing headers

Ronald Lembcke rle at codemanufaktur.com
Wed May 4 14:41:36 BST 2022 

Package: lua-socket
Version: 3.0~rc1+git+ac3201d-6
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: rle at codemanufaktur.com

Dear maintainers,

Trailing HTTP headers (which are specified for Chunked Transfer Coding
in RFC7230, RFC7231) get ignored, despite the mechanism for handling
them is mostly implemented.

There is generally little support for these, but it's the only
reasonable way to pass performance/processing time information back from
the server with chunked encoding (header/trailer field Server-Timing),
without modifying the HTTP body itself.

The bug lies in the fact, that the value passed for the "headers"
parameter is missing/nil instead of a table. This later gets
default-initialized with a new table, which is not the table being
passed back:

socket.sourcet["http-chunked"] = function(sock, headers)
                                                ^^^^^^^
                                        called with nil

The patch below resolves this by checking passing on the "headers"
parameter in case of a Chunked Transfer:

$ diff -u /usr/share/lua/5.1/socket/http.lua_orig /usr/share/lua/5.1/socket/http.lua
--- /usr/share/lua/5.1/socket/http.lua_orig	2022-05-04 15:03:22.032195296 +0200
+++ /usr/share/lua/5.1/socket/http.lua	2022-05-04 15:08:16.775942030 +0200
@@ -164,12 +164,15 @@
 function metat.__index:receivebody(headers, sink, step)
     sink = sink or ltn12.sink.null()
     step = step or ltn12.pump.step
-    local length = base.tonumber(headers["content-length"])
     local t = headers["transfer-encoding"] -- shortcut
     local mode = "default" -- connection close
-    if t and t ~= "identity" then mode = "http-chunked"
-    elseif base.tonumber(headers["content-length"]) then mode = "by-length" end
-    return self.try(ltn12.pump.all(socket.source(mode, self.c, length),
+    local param
+    if t and t ~= "identity" then
+        mode, param = "http-chunked", headers
+    elseif base.tonumber(headers["content-length"]) then
+        mode, param = "by-length", base.tonumber(headers["content-length"])
+    end
+    return self.try(ltn12.pump.all(socket.source(mode, self.c, param),
         sink, step))
 end



-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-1-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lua-socket depends on:
ii  libc6  2.33-7

lua-socket recommends no packages.

lua-socket suggests no packages.

-- no debconf information

More information about the pkg-lua-devel mailing list