RestRserve icon indicating copy to clipboard operation
RestRserve copied to clipboard

Published 20 hours ago verified publisher icon rexyai

[BUG] "discarding buffer because too big" in ssl example

Open richarddmorey opened this issue 2 years ago • 3 comments

Describe the bug

When I run the examples/ssl/app.R, ie

  1. I generate keys with get-ssl-cert.sh
  2. Run Rscript app.R

I can access https://localhost:8443/hello as expected, and get the output "Hello, World!"

I noticed that the example also seems to use port 6313, so I tried "http://localhost:6313/hello". I get in the RestRserve log:

WARNING: discarding buffer because too big (awaiting 3409317639492036655 bytes)

and the browser appears to be loading, but never stops.

This occurs with any url that points to port 6313, eg http://localhost:6313/hello2 although it isn't routed anywhere yields:

WARNING: discarding buffer because too big (awaiting 5788344091110893615 bytes)

and the browser appears to be loading but never stops.

I'm assuming that awaiting several quintillion bytes is a mistake.

To Reproduce

See above. It's just the included example.

Expected behavior

I expected non-HTTPS connections to be rejected, given that in the example they appear to be disabled.

Environment information

sessionInfo()
R version 4.3.0 (2023-04-21)
Platform: aarch64-apple-darwin20 (64-bit)
Running under: macOS Ventura 13.4.1

Matrix products: default
BLAS:   /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 
LAPACK: /Library/Frameworks/R.framework/Versions/4.3-arm64/Resources/lib/libRlapack.dylib;  LAPACK version 3.11.0

locale:
[1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

time zone: Europe/London
tzcode source: internal

attached base packages:
[1] stats     graphics  grDevices datasets  utils     methods   base     

loaded via a namespace (and not attached):
[1] compiler_4.3.0 tools_4.3.0    renv_0.17.3

Additional context

  • RestRserve: 1.2.1 (CRAN)
  • Browser: Firefox 114.0.2 (64-bit)

Question: When looking at the example, I wondered why the argument port is defined, while http_port = -1. If you only intend to use HTTPS, do you need to define both port and https.port?

richarddmorey avatar Jul 03 '23 11:07 richarddmorey

@richarddmorey the port 6313 is for the QAP Rserve protocol which has nothing to do with HTTP/S. Since it's an entirely different binary protocol the sizes you are sending with a http client make no sense. I would recommend setting qap=FALSE in the app to not expose the QAP endpoint.

That said, It's unclear why it is used in the example since it has nothing to do with the webserve function - @dselivanov I would argue that QAP should be disabled by default (unless I'm missing some additional use here...).

s-u avatar Jul 03 '23 13:07 s-u

I've confirmed that if I set qap=FALSE, connections to that port are then refused.

richarddmorey avatar Jul 04 '23 09:07 richarddmorey