Welcome to MSDN Blogs Sign in | Join | Help

Http.sys makes the news (not in a good way)

InformationWeek has an article about a reliability update posted to Windows Update for http.sys. The problem was that http.sys plus a recent update to a certain vendor's anti-virus software leads to a blue screen. Because of the type of failure, it took a while for the Windows Error Reporting crashes to get debugged back to us. We released a fix for the bug and attached it to the Error Reporting bucket. This meant that after the crash occured and you reported it to Microsoft, the UI would inform you of a patch, and let you install it. Still the crashes continued to come in, in bigger numbers. It was time to do something more, so we decided that the best thing for our customers was to get it released on windows update for everyone.
Published Thursday, February 24, 2005 11:40 AM by WebTransports
Filed under:

Comments

# re: Http.sys makes the news (not in a good way)

The mind boggles why this is in kernel mode, IE shouldnt BSOD the platform.

THIS IS DUMB.
Thursday, February 24, 2005 11:53 AM by .

# re: Http.sys makes the news (not in a good way)

anyhow,
http.sys and the related IIS6 architecture is a fantastic piece of software, if not the best ever to come out of Microsoft
Thursday, February 24, 2005 12:13 PM by stefan demetz

# re: Http.sys makes the news (not in a good way)

Responding to the first comment: http.sys isn't part of IE, it is a server http stack. In windows XP, it is used by UPNP.
Thursday, February 24, 2005 4:53 PM by Ari Pernick

# re: Http.sys makes the news (not in a good way)

I would like to know who's bug was it? Was the 3rd party doing something 'surprising/you shouldnt have done that' that caused the http.sys to 'crap', or was the fault at MS.

So does the fix any real bug, or just create a 'hack' to allow the AV-vendors pos code to not crash the system.
Thursday, February 24, 2005 11:56 PM by zzz

# re: Http.sys makes the news (not in a good way)

The KB article has it right, there was a code path that has never returned asyncronously, and the coding error was in http.sys. The antivirus driver works by inserting itself into driver stack, intercepting and inspecting every call. However they turn a normal syncronous call into an asyc call. This is completly legal but it exposed a small bit of code in http.sys that we hadn't been able to reach before. This async return handler had a stack corruption bug in it.
I guess that if either sp2 or the virus-detection vendor's product or we had shipped a month or two earlier then it did, we or they would have found the issue in testing, but that's just speculation.
We are updating our test tools to be able to force these sort of conditions, and hopefully we can get this type of test into driververifier so that we can kill off this type of issue from windows completly. (Driververifier is a test product in the DDK to help detect driver coding and interaction issues)
Friday, February 25, 2005 8:27 AM by Ari Pernick

# Interesting finds this week

Interesting finds this week
Saturday, February 26, 2005 8:36 AM by Jason Haley
Anonymous comments are disabled
 
Page view tracker