Hi all,
I'm currently implementing a website using Hunchentoot (which I gotta say is a top bit of work!) and have stumbled upon a problem whilst trying to use sessions. The symptom is that, when a call to 'start-session' is made I run into the error:
"Error when creating REQUEST object: Array index 16 out of bounds for #(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0)"
Now, hunchentoot passes the client browser info string (not sure what is called, but here is an example "Opera/9.80 (Windows NT 6.1; WOW64; U; Edition United Kingdom Local; en) Presto/2.10.289 Version/12.00") to the hunchentoot:md5-hex function. The interesting thing here is that the example I just gave will give an error but if you access it from another browser (e.g. Maxthon), there is no error. The difference is in the length of the "client browser info string" that the browser passes - it is shorter.
I have followed the problem to the 'finalize-md5-state' function in the md5 package, if this function is called with a string of 119 characters or less, everything is fine. However, call it with 120 characters or more and it will throw the aforementioned error.
I have managed whittle the problem down to the following piece of code in the function definition of 'finalize-md5-state' in the md5 package:
;; Create new fully 0 padded block (loop for index of-type (integer 0 16) from 0 below 16 do (setf (aref block index) #x00000000)))
If this is changed to:
;; Create new fully 0 padded block (loop for index from 0 below 16 do (setf (aref block index) #x00000000)))
Then all is well, the function can be called with a string of more than 119 characters and start-session will work fine with browsers that choose to use long self identification strings. Now, I am not particularly sure why doing this solves the problem, I don't *think* it should matter (looks like a bug to me, its just optimisation code, right?) but I am certainly not well enough versed with lisp to be able to pass any judgment.
In case this is an implementation thing, I am running Hunchentoot on Clozure on Debian Squeeze. Also, this error occurs with versions 1.3 and 1.5 of the md5 package (according to Cliki, 1.5 is the most recent release, and I cannot find a newer version).
Thought I'd best post it to the Hunchentoot list, even though technically it is an MD5 problem, as I'm sure someone else using Hunchentoot will bump into this problem sooner or later (or maybe one of your sites is a victim to it - Opera is not that popular a browser!), plus, I'm having trouble finding out where to post it for the maintainer of MD5 to see it.
Cheers, Kyle
Hi Kyle,
thank you for your bug report. This is a CCL bug and I have opened a bug in their bug tracking system for it (http://trac.clozure.com/ccl/ticket/990). Meanwhile, you may want to try an older CCL release or use another Lisp if the problem stops you from making progress.
-Hans
On Tue, Jun 26, 2012 at 8:41 PM, K B orbisignis@msn.com wrote:
Hi all,
I'm currently implementing a website using Hunchentoot (which I gotta say is a top bit of work!) and have stumbled upon a problem whilst trying to use sessions. The symptom is that, when a call to 'start-session' is made I run into the error:
"Error when creating REQUEST object: Array index 16 out of bounds for #(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0)"
Now, hunchentoot passes the client browser info string (not sure what is called, but here is an example "Opera/9.80 (Windows NT 6.1; WOW64; U; Edition United Kingdom Local; en) Presto/2.10.289 Version/12.00") to the hunchentoot:md5-hex function. The interesting thing here is that the example I just gave will give an error but if you access it from another browser (e.g. Maxthon), there is no error. The difference is in the length of the "client browser info string" that the browser passes - it is shorter.
I have followed the problem to the 'finalize-md5-state' function in the md5 package, if this function is called with a string of 119 characters or less, everything is fine. However, call it with 120 characters or more and it will throw the aforementioned error.
I have managed whittle the problem down to the following piece of code in the function definition of 'finalize-md5-state' in the md5 package:
;; Create new fully 0 padded block (loop for index of-type (integer 0 16) from 0 below 16 do (setf (aref block index) #x00000000)))
If this is changed to:
;; Create new fully 0 padded block (loop for index from 0 below 16 do (setf (aref block index) #x00000000)))
Then all is well, the function can be called with a string of more than 119 characters and start-session will work fine with browsers that choose to use long self identification strings. Now, I am not particularly sure why doing this solves the problem, I don't *think* it should matter (looks like a bug to me, its just optimisation code, right?) but I am certainly not well enough versed with lisp to be able to pass any judgment.
In case this is an implementation thing, I am running Hunchentoot on Clozure on Debian Squeeze. Also, this error occurs with versions 1.3 and 1.5 of the md5 package (according to Cliki, 1.5 is the most recent release, and I cannot find a newer version).
Thought I'd best post it to the Hunchentoot list, even though technically it is an MD5 problem, as I'm sure someone else using Hunchentoot will bump into this problem sooner or later (or maybe one of your sites is a victim to it - Opera is not that popular a browser!), plus, I'm having trouble finding out where to post it for the maintainer of MD5 to see it.
Cheers, Kyle
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
On Wed, Jun 27, 2012 at 11:46 AM, Hans Hübner hans.huebner@gmail.com wrote:
thank you for your bug report. This is a CCL bug and I have opened a bug in their bug tracking system for it (http://trac.clozure.com/ccl/ticket/990). Meanwhile, you may want to try an older CCL release or use another Lisp if the problem stops you from making progress.
This bug is indeed a CCL bug that has been fixed since release 1.8. Please go to your CCL directory, use "svn update" to pull the latest patches and use "ccl -e '(ccl:rebuild-ccl)'" to rebuild your Lisp.
-Hans
Hans Hübner hans.huebner@gmail.com writes:
On Wed, Jun 27, 2012 at 11:46 AM, Hans Hübner hans.huebner@gmail.com wrote:
thank you for your bug report. This is a CCL bug and I have opened a bug in their bug tracking system for it (http://trac.clozure.com/ccl/ticket/990). Meanwhile, you may want to try an older CCL release or use another Lisp if the problem stops you from making progress.
This bug is indeed a CCL bug that has been fixed since release 1.8. Please go to your CCL directory, use "svn update" to pull the latest patches and use "ccl -e '(ccl:rebuild-ccl)'" to rebuild your Lisp.
ccl -e '(ccl:rebuild-ccl :full t)' might be better.
-
Hans Hübner -
K B -
Stas Boukarev