Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > how to close STDIN

Reply
Thread Tools

how to close STDIN

 
 
Larry
Guest
Posts: n/a
 
      10-11-2008
Hi,

i have a script running on a web server (Apache) that accepts data
from STDIN and saves it:

#!/perl

use IO::Handle '_IONBF';
use constant BUFSIZE => 1024 * 2;

my $io = new IO::Handle;

if ( $io->fdopen(fileno(STDIN),"r") )
{
while($io->read($buf, BUFSIZE))
{
# ... save $buf ...
}
$io->close;
}

__END__;

I decided to check out if a user can upload to this script or else my
web server would screw up. So I put this on top of my script:

if ($ENV{"HTTP_USER_PASS"} ne 'mypassword')
{
close STDIN;
exit;
}

then I sent a couple of MBs of data thru http without the USER_PASS
header, i was struck by my finding out the script sort of died but I was
still sending raw data to the script...I though close STDIN would drop
the connection, too bad it didn't...how can I sort this out?

thanks
 
Reply With Quote
 
 
 
 
Peter J. Holzer
Guest
Posts: n/a
 
      10-11-2008
On 2008-10-11 14:42, Larry <(E-Mail Removed)> wrote:
> i have a script running on a web server (Apache) that accepts data
> from STDIN and saves it:
>
> #!/perl
>

[no "use CGI" other module which might do something under the hood]

> if ($ENV{"HTTP_USER_PASS"} ne 'mypassword')
> {
> close STDIN;
> exit;
> }


Your script not only closes stdin, it also exits.


> then I sent a couple of MBs of data thru http without the USER_PASS
> header, i was struck by my finding out the script sort of died but I was
> still sending raw data to the script...


You can't send it to the script, since the script is already dead. You
might still be sending it to the web server. That makes it a web server
specific question and you should ask in an Apache group.

hp
 
Reply With Quote
 
 
 
 
Larry
Guest
Posts: n/a
 
      10-11-2008
In article <(E-Mail Removed)>,
"Peter J. Holzer" <(E-Mail Removed)> wrote:

> You can't send it to the script, since the script is already dead. You
> might still be sending it to the web server. That makes it a web server
> specific question and you should ask in an Apache group.


well, the thing is i tried to send the data to the following:

#!/usr/bin/perl

use strict;
use warnings;
use CGI;
my $q = new CGI();

$CGI:ISABLE_UPLOADS = 1;

print "content-type: text/plain\n\n";

__END__;

it just keeps on accetping the data...so i tried ps -ux on the web server

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
claudio 531 0.0 0.0 0 0 ? Z 19:13 0:00 [receiver.cgi]
<defunct>

what is <defunct>?? i tried to kill it, yet i didnt get...thats so
strange!
 
Reply With Quote
 
Ben Morrow
Guest
Posts: n/a
 
      10-11-2008

Quoth Larry <(E-Mail Removed)>:
> In article <(E-Mail Removed)>,
> "Peter J. Holzer" <(E-Mail Removed)> wrote:
>
> > You can't send it to the script, since the script is already dead. You
> > might still be sending it to the web server. That makes it a web server
> > specific question and you should ask in an Apache group.

>
> well, the thing is i tried to send the data to the following:
>
> #!/usr/bin/perl
>
> use strict;
> use warnings;
> use CGI;
> my $q = new CGI();
>
> $CGI:ISABLE_UPLOADS = 1;
>
> print "content-type: text/plain\n\n";
>
> __END__;
>
> it just keeps on accetping the data...so i tried ps -ux on the web server
>
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> claudio 531 0.0 0.0 0 0 ? Z 19:13 0:00 [receiver.cgi]
> <defunct>
>
> what is <defunct>?? i tried to kill it, yet i didnt get...thats so
> strange!


The <defunct> (and the STAT Z: Z is for 'zombie') mean that the process
has exitted, but its parent hasn't waited for it yet. Since the process
is already dead, you can't kill it again . Presumably the httpd child
is receiving all the uploaded data and just throwing it away, and once
it's finished it'll perform the wait(2).

Ben

--
All persons, living or dead, are entirely coincidental.
http://www.velocityreviews.com/forums/(E-Mail Removed) Kurt Vonnegut
 
Reply With Quote
 
Larry
Guest
Posts: n/a
 
      10-12-2008
In article <(E-Mail Removed)>,
Ben Morrow <(E-Mail Removed)> wrote:

> Presumably the httpd child
> is receiving all the uploaded data and just throwing it away, and once
> it's finished it'll perform the wait(2).


hopefully. Do you think that may affect/screw up my web server? I mean
the httpd child throwing the data away...
 
Reply With Quote
 
Larry
Guest
Posts: n/a
 
      10-12-2008
In article <(E-Mail Removed)>,
"Peter J. Holzer" <(E-Mail Removed)> wrote:

> You can't send it to the script, since the script is already dead.


ok, so back to my question...is ok to close STDIN and exit in order to
stop my script if a user fails to auth?

thanks
 
Reply With Quote
 
RedGrittyBrick
Guest
Posts: n/a
 
      10-12-2008

Larry wrote:
> In article <(E-Mail Removed)>,
> Ben Morrow <(E-Mail Removed)> wrote:
>
>> Presumably the httpd child
>> is receiving all the uploaded data and just throwing it away, and once
>> it's finished it'll perform the wait(2).

>
> hopefully. Do you think that may affect/screw up my web server? I mean
> the httpd child throwing the data away...


No, it may waste resources though.

If you need to authenticate uploaders you might find it better to use
the web-server's authentication and authorisation mechanisms (e.g. see
Apache's .htaccess). That ought to prevent the situation you describe.


--
RGB
 
Reply With Quote
 
C.DeRykus
Guest
Posts: n/a
 
      10-13-2008
On Oct 12, 5:57 am, Larry <(E-Mail Removed)> wrote:
> In article <(E-Mail Removed)>,
> "Peter J. Holzer" <(E-Mail Removed)> wrote:
>
> > You can't send it to the script, since the script is already dead.

>
> ok, so back to my question...is ok to close STDIN and exit in order to
> stop my script if a user fails to auth?
>


But if authentication fails, you could return a "401 Unauthorized"
before you even begin reading:

if ( $ENV{"HTTP_USER_PASS"} ne ... ) {
print $q->header(
-status="401 Unauthorized"), ...,
"Wrong password....";
} else {
if ( $io->fdopen(fileno(STDIN),"r") )
{
... # read
}
}
exit;

--
Charles DeRykus
 
Reply With Quote
 
C.DeRykus
Guest
Posts: n/a
 
      10-13-2008
On Oct 13, 3:13 pm, "C.DeRykus" <(E-Mail Removed)> wrote:
> On Oct 12, 5:57 am, Larry <(E-Mail Removed)> wrote:
>
> > In article <(E-Mail Removed)>,
> > "Peter J. Holzer" <(E-Mail Removed)> wrote:

>
> > > You can't send it to the script, since the script is already dead.

>
> > ok, so back to my question...is ok to close STDIN and exit in order to
> > stop my script if a user fails to auth?

>
> But if authentication fails, you could return a "401 Unauthorized"
> before you even begin reading:
> ...


Of course, this won't alleviate the data push,
but at least you'll be failing gracefully with
the appropriate status.

--
Charles DeRykus

 
Reply With Quote
 
Petr Vileta \(fidokomik\)
Guest
Posts: n/a
 
      10-13-2008
C.DeRykus wrote:
> On Oct 12, 5:57 am, Larry <(E-Mail Removed)> wrote:
> But if authentication fails, you could return a "401 Unauthorized"
> before you even begin reading:
>
> if ( $ENV{"HTTP_USER_PASS"} ne ... ) {
> print $q->header(
> -status="401 Unauthorized"), ...,
> "Wrong password....";


Or you can simply write

if ( $ENV{"HTTP_USER_PASS"} ne ... ) {
print "Status: 401 Unauthorized\n\n");
exit;
}


--
Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail.
Send me your mail from another non-spammer site please.)
Please reply to <petr AT practisoft DOT cz>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
peek at stdin, flush stdin Johnathan Doe C Programming 5 05-17-2013 04:30 PM
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
How to close a TCP socket? (TCPSocket#close doesn't close it) IƱaki Baz Castillo Ruby 7 01-12-2010 01:32 PM
How to pass stdin of a C++ program to the stdin of a process createdwith ShellExecute() Ben C Programming 2 08-29-2009 09:47 PM
Reading stdin once confuses second stdin read Charlie Zender C Programming 6 06-21-2004 01:39 PM



Advertisments