fix(server): Drain requests on drop.

[seanmonstar]

If a client sent an illegal request (like a GET request with a message
body), or if there was a legal request with a body but the Handler
didn't read all of it, the remaining bytes would be left in the stream.
The next request to come from the same client would error, as the server
would confuse the remaining bytes, and think the request was malformed.

Fixes #197
Fixes #309

[seanmonstar]

@reem fixed the draining logic. I just use copy to a NullWriter.

Switching to new io will just require changing NullWriter to Sink. The EOF logic is handled inside copy, so nothing to screw up.

[reem]

Looks great.

[reem]

Actually, this is a horrible idea security-wise, I think. I may start reading a request body, see it's super long, and quit. I do not expect hyper to silently read the other 40 GB of that request.

[seanmonstar]

Oh dang, good catch. I'll look at nodejs for inspiration.

On Sat, Feb 14, 2015, 3:12 PM Jonathan Reem [email protected]
wrote:

Actually, this is a horrible idea security-wise, I think. I may start
reading a request body, see it's super long, and quit. I do not expect
hyper to silently read the other 40 GB of that request.

—
Reply to this email directly or view it on GitHub
#310 (comment).