EldoS | Feel safer!

Software components for data protection, secure storage and transfer

HTTPSServer.OnRequestHeadersReceived: Accepted?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#22101
Posted: 10/22/2012 08:25:02
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

I am working on a file transfer client/server and when sending large files I want to abort the sending of the file if some of the post vars (in the url or headers) is not correct.

I tried to do this by checking the headers in OnRequestHeadersReceived and setting the Accepted parameter to False. Hoewever, this seems to do nothing (even in SBHTTPSServer.pas the Accept var seems to do nothing).
I also think that OnRequestHeadersReceived is not a good place to send a response and close the connection if the right parameters are not set.

What would be a good approach to send a correct response to the client and close the connection before the client can send the whole (large) file?
#22112
Posted: 10/22/2012 10:26:23
by Vsevolod Ievgiienko (EldoS Corp.)

Indeed, Accepted parameter does nothing. We'll fix this in the future build. For now you can explicitly close a connection inside OnRequestHeadersReceived using this code:

Code
procedure HTTPSServer.OnRequestHeadersReceived(Sender: TObject; RequestInfo : TElHTTPServerRequestParams; var Accepted : TSBBoolean);
begin
  // send error code
  ...
  TElHTTPSServer(Sender).Close(true);
end;
#23466
Posted: 02/15/2013 05:05:40
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

In the newer SBB releases setting the Accepted to False parameter sends an ErrorCode and closes the connection.

However it seems that TElHTTPSServer.IntDoData will continue to process the incoming data that is in the buffer (I am posting a file that I want to refuse on the server). When TElHTTPSServer.ProcessRawData is called then still the FConnState = csHeader. The rest of the buffer (which seems to be the beginning of the content) is then processed with TElHTTPSServer.ParseHeader which leads to an exception (SB_HTTP_ERROR_CANT_PARSE_REQUEST).

I'm not sure if my observation is correct. Is it possible that the client sends the header and the beginning of the body so that they are both in the buffer? Can I change something in my code to stop processing data after Accepted = False or must something be changed in the SBB code?
#23467
Posted: 02/15/2013 05:17:35
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Quote
Is it possible that the client sends the header and the beginning of the body so that they are both in the buffer?


Yes its possible. Try to modify TElHTTPSServer.ParseHeader this way:

Code
...
DoRequestHeadersReceived(FCurrentRequestParams, Accept);
if not Accept then
begin
  // cleanup buffer
  SetLength(FInBuffer, 0); // ADD THIS LINE
  
  Resp := TElHTTPServerResponseParams.Create;
  Resp.StatusCode := 403;
...
#23468
Posted: 02/15/2013 05:38:51
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

That didn't fix it, I think because the length of FInBuffer is not checked. But I changed the added line to this:

Code
Result := 0;
SetLength(Header, 0);


And that seems to work. Can you verify that this is correct?
#23470
Posted: 02/15/2013 06:28:12
by Vsevolod Ievgiienko (EldoS Corp.)

Indeed. I believe adding

Code
Result := -1;


will be enough.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 669 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!