fix(netxlite): robust {ReadAll,Copy}Context with wrapped io.EOF (#661)

* chore(netxlite): add currently failing test case This diff introduces a test cases that will fail because of the reason explained in https://github.com/ooni/probe/issues/1965. * chore(netxlite/iox_test.go): add failing unit tests These tests directly show how the Go implementation of ReadAll and Copy has the issue of checking for io.EOF equality. * fix(netxlite): make {ReadAll,Copy}Context robust to wrapped io.EOF The fix is simple: we just need to check for `errors.Is(err, io.EOF)` after either io.ReadAll or io.Copy has returned. When this condition is true, we need to convert the error back to `nil` as it ought to be. While there, observe that the unit tests I committed in the previous commit are wrongly asserting that the error must be wrapped. This assertion is not correct, because in both cases we have just ensured that the returned error is `nil` (i.e., success). See https://github.com/ooni/probe/issues/1965. * cleanup: remove previous workaround for wrapped io.EOF These workarounds were partial, meaning that they would cover some cases in which the issue occurred but not all of them. Handling the problem in `netxlite.{ReadAll,Copy}Context` is the right thing to do _as long as_ we always use these functions instead of `io.{ReadAll,Copy}`. This is why it's now important to ensure we clearly mention that inside of the `CONTRIBUTING.md` guide and to also ensure that we're not using these functions in the code base. * fix(urlgetter): repair tests who assumed to see EOF error Now that we have established that we should normalize EOF when reading bodies like the stdlib does and now that it's clear why our behavior diverged from the stdlib, we also need to repair all the tests that assumed this incorrect behavior. * fix(all): don't use io{,util}.{Copy,ReadAll} * feat: add checks to ensure we don't use io.{Copy,ReadAll} * doc(netxlite): document we know how to deal w/ wrapped io.EOF * fix(nocopyreadall.bash): add exception for i/n/iox.go
2022-01-12 14:26:10 +01:00
parent d3c6c11e48
commit b5da8be183
11 changed files with 166 additions and 83 deletions
@@ -1,12 +1,14 @@
 package filtering

 import (
+	"context"
 	"crypto/tls"
 	"errors"
-	"io"
 	"net"
 	"strings"
 	"sync"
+
+	"github.com/ooni/probe-cli/v3/internal/netxlite"
 )

 // TLSAction is a TLS filtering action that this proxy should take.
@@ -235,5 +237,5 @@ func (p *TLSProxy) connectingToMyself(conn net.Conn) bool {
 // forward will forward the traffic.
 func (p *TLSProxy) forward(wg *sync.WaitGroup, left net.Conn, right net.Conn) {
 	defer wg.Done()
-	io.Copy(left, right)
+	netxlite.CopyContext(context.Background(), left, right)
 }
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"net/http/httptest"
 	"net/url"
 	"testing"
 	"time"
@@ -16,6 +17,7 @@ import (
 	"github.com/ooni/probe-cli/v3/internal/netxlite"
 	"github.com/ooni/probe-cli/v3/internal/netxlite/filtering"
 	"github.com/ooni/probe-cli/v3/internal/netxlite/quictesting"
+	"github.com/ooni/probe-cli/v3/internal/runtimex"
 	utls "gitlab.com/yawning/utls.git"
 )

@@ -490,6 +492,35 @@ func TestHTTPTransport(t *testing.T) {
 		resp.Body.Close()
 		client.CloseIdleConnections()
 	})
+
+	t.Run("we can read the body when the connection is closed", func(t *testing.T) {
+		// See https://github.com/ooni/probe/issues/1965
+		srvr := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			hj := w.(http.Hijacker) // panic if not possible
+			conn, bufrw, err := hj.Hijack()
+			runtimex.PanicOnError(err, "hj.Hijack failed")
+			bufrw.WriteString("HTTP/1.0 302 Found\r\n")
+			bufrw.WriteString("Location: /text\r\n\r\n")
+			bufrw.Flush()
+			conn.Close()
+		}))
+		defer srvr.Close()
+		txp := netxlite.NewHTTPTransportStdlib(model.DiscardLogger)
+		req, err := http.NewRequest("GET", srvr.URL, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		resp, err := txp.RoundTrip(req)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer resp.Body.Close()
+		data, err := netxlite.ReadAllContext(req.Context(), resp.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+		t.Log(string(data))
+	})
 }

 func TestHTTP3Transport(t *testing.T) {
@@ -2,6 +2,7 @@ package netxlite

 import (
 	"context"
+	"errors"
 	"io"
 )

@@ -13,10 +14,18 @@ import (
 // the long-running goroutine, close the connection
 // bound to the reader. Until such a connection is closed,
 // you're leaking the backround goroutine and doing I/O.
+//
+// As of Go 1.17.6, ReadAllContext additionally deals
+// with wrapped io.EOF correctly, while io.ReadAll does
+// not. See https://github.com/ooni/probe/issues/1965.
 func ReadAllContext(ctx context.Context, r io.Reader) ([]byte, error) {
 	datach, errch := make(chan []byte, 1), make(chan error, 1) // buffers
 	go func() {
 		data, err := io.ReadAll(r)
+		if errors.Is(err, io.EOF) {
+			// See https://github.com/ooni/probe/issues/1965
+			err = nil
+		}
 		if err != nil {
 			errch <- err
 			return
@@ -37,10 +46,18 @@ func ReadAllContext(ctx context.Context, r io.Reader) ([]byte, error) {
 // when the context expires. This function has the same
 // caveats of ReadAllContext regarding the temporary leaking
 // of the background I/O goroutine.
+//
+// As of Go 1.17.6, CopyContext additionally deals
+// with wrapped io.EOF correctly, while io.Copy does
+// not. See https://github.com/ooni/probe/issues/1965.
 func CopyContext(ctx context.Context, dst io.Writer, src io.Reader) (int64, error) {
 	countch, errch := make(chan int64, 1), make(chan error, 1) // buffers
 	go func() {
 		count, err := io.Copy(dst, src)
+		if errors.Is(err, io.EOF) {
+			// See https://github.com/ooni/probe/issues/1965
+			err = nil
+		}
 		if err != nil {
 			errch <- err
 			return
@@ -24,6 +24,37 @@ func TestReadAllContext(t *testing.T) {
 		}
 	})

+	t.Run("with success and wrapped io.EOF", func(t *testing.T) {
+		// See https://github.com/ooni/probe/issues/1965
+		wg := &sync.WaitGroup{}
+		wg.Add(1)
+		r := &mocks.Reader{
+			MockRead: func(b []byte) (int, error) {
+				defer wg.Done()
+				// "When Read encounters an error or end-of-file condition
+				// after successfully reading n > 0 bytes, it returns
+				// the number of bytes read. It may return the (non-nil)
+				// error from the same call or return the error (and n == 0)
+				// from a subsequent call.""
+				//
+				// See https://pkg.go.dev/io#Reader
+				//
+				// Note: Returning a wrapped error to ensure we address
+				// https://github.com/ooni/probe/issues/1965
+				return len(b), NewErrWrapper(classifyGenericError,
+					ReadOperation, io.EOF)
+			},
+		}
+		out, err := ReadAllContext(context.Background(), r)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(out) <= 0 {
+			t.Fatal("we expected to see a positive number of bytes here")
+		}
+		wg.Wait()
+	})
+
 	t.Run("with failure and background context", func(t *testing.T) {
 		expected := errors.New("mocked error")
 		r := &mocks.Reader{
@@ -123,6 +154,37 @@ func TestCopyContext(t *testing.T) {
 		}
 	})

+	t.Run("with success and wrapped io.EOF", func(t *testing.T) {
+		// See https://github.com/ooni/probe/issues/1965
+		wg := &sync.WaitGroup{}
+		wg.Add(1)
+		r := &mocks.Reader{
+			MockRead: func(b []byte) (int, error) {
+				defer wg.Done()
+				// "When Read encounters an error or end-of-file condition
+				// after successfully reading n > 0 bytes, it returns
+				// the number of bytes read. It may return the (non-nil)
+				// error from the same call or return the error (and n == 0)
+				// from a subsequent call.""
+				//
+				// See https://pkg.go.dev/io#Reader
+				//
+				// Note: Returning a wrapped error to ensure we address
+				// https://github.com/ooni/probe/issues/1965
+				return len(b), NewErrWrapper(classifyGenericError,
+					ReadOperation, io.EOF)
+			},
+		}
+		out, err := CopyContext(context.Background(), io.Discard, r)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if out <= 0 {
+			t.Fatal("we expected to see a positive number of bytes here")
+		}
+		wg.Wait()
+	})
+
 	t.Run("with failure and background context", func(t *testing.T) {
 		expected := errors.New("mocked error")
 		r := &mocks.Reader{