Bug 56262 - ab does not work with extremely long cookies
Summary: ab does not work with extremely long cookies
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: support (show other bugs)
Version: 2.4.7
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2014-03-14 15:07 UTC by Kambiz Aghaiepour
Modified: 2014-03-14 15:07 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Kambiz Aghaiepour 2014-03-14 15:07:12 UTC
Attempting to use "ab" with cookies that are greater than 2048 characters causes ab to hang.  I'm attempting to use "ab" against an openstack installation and it appears that the cookie is getting truncated, and the connection to the web server then hangs.

Reproduce as such:



tmpfile=`mktemp /tmp/horizonXXXXXX`
cookies=`mktemp /tmp/cookiesXXXXXX`
cookies2=`mktemp /tmp/cookies2XXXXXX`
results=`mktemp /tmp/resultsXXXXXX`
postfile=`mktemp /tmp/postfileXXXXXX`

wget --save-headers --keep-session-cookies --save-cookies=$cookies -q -O - $url > $tmpfile

region=`grep 'name="region" value=' $tmpfile  | awk -F\" '{ print $6 }' | sed -e 's/:/%3A/g' -e 's,/,%2F,g'`

token=`grep csrfmiddlewaretoken $tmpfile | sed "s/.*value='\(.*\)'.*/\1/g"`

echo "csrfmiddlewaretoken=$token&region=$region&username=$username&password=$password" > $postfile

wget --save-headers -q -O - --load-cookies=$cookies --keep-session-cookies --save-cookies=$cookies2 --post-data="csrfmiddlewaretoken=$token&region=$region&username=$username&password=$password" $url/dashboard/auth/login/ > $results


At this point, attempt to use ab as such:

ab -v4 -n 1 -H 'Cookie: sessionid=< place the sessionid from $cookies2 here, including double quotes>; csrftoken=< place the csrftoken from $cookies2>' $url/dashboard/admin/

and note that the cookie is not fully getting sent.

I've attempted increasing the hardcoded value in ab.c for:

char _request[2048];

and this seems to get me slightly further in that I see the initial 200 OK from the server, however, somewhere else (perhaps in the apr libraries?) something is truncating the reply back from the server, and subsequent cookies are malformed.