gotwebd: avoid calloc/free per fcgi record

From:: Stefan Sperling <stsp@stsp.name>
Subject:: Re: gotwebd: avoid calloc/free per fcgi record
To:: Omar Polo <op@omarpolo.com>
Cc:: gameoftrees@openbsd.org
Date:: Fri, 29 Jul 2022 15:42:30 +0200

Download raw body.

Thread

2022-07-29 13:28 Omar Polo:
gotwebd: avoid calloc/free per fcgi record
- 2022-07-29 13:42 Stefan Sperling:
  gotwebd: avoid calloc/free per fcgi record
- - 2022-07-29 14:16 Omar Polo:
    gotwebd: avoid calloc/free per fcgi record
  - - 2022-07-29 14:53 Omar Polo:
      gotwebd: avoid calloc/free per fcgi record

On Fri, Jul 29, 2022 at 03:28:09PM +0200, Omar Polo wrote:
> to send something to the browser we have to go through
> fcgi_send_response.
> 
> diff below uses a static buffer in fcgi_send_response (now
> send_response) to avoid dynamically allocating ~16K for each bit of the
> reply.

Are you sure this approach is safe?
Doesn't this introduce a risk where cross-request data leaks could
become a potential issue?

2022-07-29 13:28 Omar Polo:
gotwebd: avoid calloc/free per fcgi record
- 2022-07-29 13:42 Stefan Sperling:
  gotwebd: avoid calloc/free per fcgi record
- - 2022-07-29 14:16 Omar Polo:
    gotwebd: avoid calloc/free per fcgi record
  - - 2022-07-29 14:53 Omar Polo:
      gotwebd: avoid calloc/free per fcgi record