Skip Menu |
 

This queue is for tickets about the RPC-XML CPAN distribution.

Report information
The Basics
Id: 101386
Status: open
Priority: 0/
Queue: RPC-XML

People
Owner: rjray [...] blackperl.com
Requestors: virii [...] c3l.lu
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.78
Fixed in: (no value)



Subject: Malformed input crashes server
Download (untitled) / with headers
text/plain 273b
Hi When sending malformed/unclosed namespaces the server simply chrashes. Tested under 62bit and 32bit, Debian GNU/Linux 8.0 and Ubuntu 14.04.1 with Perl v5.18.2 and v5.20.1 Here's my server example and custom client for testing. You can play around with the namespaces.
Subject: crash_rpc_server.pl
Download crash_rpc_server.pl
text/x-perl 804b
#!/usr/bin/env perl use IO::Socket::INET; $msg =<<'EOF'; <?xml version="1.0" encoding="us-ascii"?> <methodCall> <methodName>chrash.this by a simple < </methodName> <params> <param><value><string>Malformed string</string></value></param> </params> </methodCall> EOF $socket = new IO::Socket::INET(PeerAddr => '127.0.0.1', PeerPort => 8001, Type => SOCK_STREAM, Proto => 'tcp') || die $!; print $socket "POST / HTTP/1.0\r\n"; print $socket "Accept-Encoding: deflate\r\n"; print $socket "Host: 127.0.0.1:8001\r\n"; print $socket "User-Agent: RPC::XML::Client/1.42 libwww-perl/6.08\r\n"; print $socket "Content-Length: " , length $msg , "\r\n"; print $socket "Content-Type: text/xml\r\n\n"; print $socket $msg;
Subject: simple_rpc_server.pl
#!/usr/bin/env perl use RPC::XML; use RPC::XML::Server; $daemon = RPC::XML::Server->new(host => '127.0.0.1', port => 8001 ); $daemon->add_method({ name => 'chrash.this', signature => ['string'], code => \&chrash_this }); $daemon->server_loop(); sub chrash_this { return "foobar"; }
Download (untitled) / with headers
text/plain 1019b
On Wed Jan 07 17:09:51 2015, w32.perforin@gmail.com wrote: Show quoted text
> Hi > > When sending malformed/unclosed namespaces the server simply chrashes. > > Tested under 62bit and 32bit, Debian GNU/Linux 8.0 and Ubuntu 14.04.1 > with Perl v5.18.2 and v5.20.1 > > Here's my server example and custom client for testing. You can play > around with the namespaces.
It turns out that this is due to the client immediately exiting after sending the message, without reading the response from the server. The server catches the parse error, but when it tries to send an error response to the client the socket is already closed and a SIGPIPE is triggered. That said, I can put in better handling in the relevant places, and using the send_error() method from HTTP::Daemon isn't that useful since it creates an HTML message and any client is not going to be expecting HTML in the response. So I need to re-do most of the error handling/reporting in this section anyway. Randy -- Randy J. Ray rjray@blackperl.com randy.j.ray@gmail.com


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.