Bug 413531

Summary: Web browser accepted languages configuration causes dsgw CGI binaries to segfault
Product: [Retired] 389 Reporter: madams
Component: UI - Gateway/PhonebookAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 1.0.4Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://directory.fedoraproject.org/wiki/Directory_Server_Gateway
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:37:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434912, 452721, 453229, 453916    
Attachments:
Description Flags
strace of BROKEN/SEGFAULT auth binary process. Note exceptionally large number of stat64 entries for alternate language codes
none
strace of FUNCTIONAL auth binary process. Note far fewer occurances of of stat64 entries for alternate language codes.
none
cvs commit log for 8.0 branch
none
urls
none
cvs commit log - HEAD
none
cvs commit log - use XP_AccLangList in dsgw none

Description madams 2007-12-06 06:32:06 UTC 
Description of problem:

Certain web browser accepted languages configurations can cause the dsgw CGI
binaries to segfault unexpectedly.


Version-Release number of selected component (if applicable): 

fedora-ds-1.0.4-1.FC5.i386.opt.rpm running on Debian etch


How reproducible:

Using above release of Fedora DS and Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.8) Gecko/20071004 Iceweasel/2.0.0.8 (Debian-2.0.0.6+2.0.0.8-0etch1)


Steps to Reproduce:

1. Open up web browser, connect to dsgw, confirm web application is working
2. Open up new tab in web browser, edit preferences via about:config.  Change
intl.accept_languages property to
"en-US,en,en-CA,en-us,EN-US,EN,es-ES,es,no-NO,no,en-gb,ro-RO,ro,utf-8,utf,de-DE,d"
3. Reload dsgw web application.  Verify that most of the web application no
longer functions.
4. Edit web browser preferences & reset intl.accept_languages to default value
of "en-us, en"
5. Reload dsgw web application.  Verify that web application now functions
correctly.
  
Actual results:

dsgw CGI binaries segfault returning a blank web page

admin-serv error log records error messages similar to the following 

[Wed Dec 05 18:18:55 2007] [error] [client 192.168.16.250] Premature end of
script headers: search, referer:
https://exodus:3890/clients/dsgw/bin/lang?context=dsgw&file=csearchtitle.html

Expected results:


Additional info:
Comment 1 madams 2007-12-06 06:32:06 UTC 
Created attachment 279251 [details]
strace of BROKEN/SEGFAULT auth binary process.  Note exceptionally large number of stat64 entries for alternate language codes
Comment 2 madams 2007-12-06 06:37:12 UTC 
Created attachment 279261 [details]
strace of FUNCTIONAL auth binary process.  Note far fewer occurances of of stat64 entries for alternate language codes.
Comment 3 Rich Megginson 2007-12-06 16:36:23 UTC 
Excellent detective work.  Thanks!
Comment 5 Rich Megginson 2008-02-29 22:20:58 UTC 
This appears to be fixed.  I'm not exactly sure what did it, but I did make
charset/locale handling more dynamic.  I have test scripts that run the CGI
programs under valgrind with a wide variety of arguments and inputs, and they
all use this:
HTTP_ACCEPT_LANGUAGE="en-US,en,en-CA,en-us,EN-US,EN,es-ES,es,no-NO,no,en-gb,ro-RO,ro,utf-8,utf,de-DE,d"
; export HTTP_ACCEPT_LANGUAGE

valgrind reports no problems, and there were no core dumps.
Comment 6 Anh Nguyen 2008-06-26 18:27:46 UTC 
Performed step 2, and received the error below; marking this bug verified.

the Internal Server Error

The server encountered an internal error or misconfiguration and was unable to
complete your request.

Please contact the server administrator, [no address given] and inform them of
the time the error occurred, and anything you might have done that may have
caused the error.

More information about this error may be available in the server error log.
Apache/2.0 Server at gopher.dsqa.sjc2.redhat.com Port
Comment 7 Rich Megginson 2008-06-26 18:36:24 UTC 
Which request is this?  Is it this one:
[Thu Jun 26 11:08:57 2008] [error] [client 10.14.52.5] Premature end of script
headers: dosearch, referer:
http://gopher.dsqa.sjc2.redhat.com:9830/dsgwcmd/csearch?context=dsgw&file=string

?

Premature end of script headers is bad - that usually indicates a core dump.
Comment 8 Rich Megginson 2008-06-26 23:11:16 UTC 
Yep - it's core dumping - only on HP-UX.
Comment 15 Rich Megginson 2008-07-14 21:30:25 UTC 
Created attachment 311780 [details]
cvs commit log for 8.0 branch
Comment 17 Chandrasekar Kannan 2008-08-08 05:34:29 UTC 
Created attachment 313783 [details]
urls

urls I tested are shown in the attachment
Comment 18 Rich Megginson 2008-08-27 19:57:30 UTC 
Created attachment 315136 [details]
cvs commit log - HEAD
Comment 19 Fedora Update System 2008-08-28 19:20:04 UTC 
adminutil-1.1.7-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/adminutil-1.1.7-1.fc9
Comment 20 Rich Megginson 2008-09-04 02:46:58 UTC 
Created attachment 315716 [details]
cvs commit log - use XP_AccLangList in dsgw

Fix Description: Use XP_AccLangList from adminutil rather than the local AcceptLangList and get rid of the local AcceptLangList function.
Comment 21 Fedora Update System 2008-09-04 19:57:55 UTC 
fedora-ds-dsgw-1.1.1-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/fedora-ds-dsgw-1.1.1-1.fc8
Comment 22 Fedora Update System 2008-09-04 19:58:42 UTC 
fedora-ds-dsgw-1.1.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/fedora-ds-dsgw-1.1.1-1.fc9
Comment 23 Fedora Update System 2008-09-10 06:49:52 UTC 
adminutil-1.1.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2008-09-10 07:18:07 UTC 
adminutil-1.1.7-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Fedora Update System 2008-09-11 17:04:26 UTC 
fedora-ds-dsgw-1.1.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 26 Fedora Update System 2008-09-11 17:10:25 UTC 
fedora-ds-dsgw-1.1.1-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.