Bug 595524

Summary: Satellite 5.3: ISE when accessing http://server.hostname/ks/dist (should display more graceful permission error page instead of java.lang.ArrayIndexOutOfBoundsException)
Product: Red Hat Satellite 5 Reporter: Xixi <xdmoon>
Component: ServerAssignee: Justin Sherrill <jsherril>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Minar <mminar>
Severity: medium Docs Contact:
Priority: medium    
Version: 530CC: cperry, mkoci, mminar, msuchy, xdmoon
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-28 15:01:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 487678    

Description Xixi 2010-05-24 21:23:59 UTC
Description of problem:
Internal Server Erroris thrown when trying to access http://<URL>/ks/dist.  
In the past (on Satellite 4.x), this URL would at least give you a "page not found"..apparently it was protecting those areas of the tree...but, now it throws an ISE.

It should handle the url more gracefully and display a readable page (permission denied etc.) instead of ISE + traceback with java.lang.ArrayIndexOutOfBoundsException

catalina.out shows:
2010-05-24 17:04:18,936 [TP-Processor1] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back
javax.servlet.ServletException: Array index out of range: 2
        at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:237)
        at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:82)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
...
Caused by:
java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 2
        at com.redhat.rhn.frontend.action.common.DownloadFile.parseDistUrl(DownloadFile.java:158)
        at com.redhat.rhn.frontend.action.common.DownloadFile.handleKickstartDownload(DownloadFile.java:184)
        at com.redhat.rhn.frontend.action.common.DownloadFile.execute(DownloadFile.java:100)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        ... 40 more
2010-05-24 17:04:18,943 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 2
        at com.redhat.rhn.frontend.action.common.DownloadFile.parseDistUrl(DownloadFile.java:158)
        at com.redhat.rhn.frontend.action.common.DownloadFile.handleKickstartDownload(DownloadFile.java:184)
        at com.redhat.rhn.frontend.action.common.DownloadFile.execute(DownloadFile.java:100)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        at 
...

Version-Release number of selected component (if applicable):
Red Hat Network (RHN) Satellite 5.3.0

How reproducible:
Always.

Steps to Reproduce:
1. try to access http://<5.3 satellite fqdn>/ks/dist

Actual results:
ISE and traceback + above stacktrace in catalina.out

Expected results:
A readable page on UI explaining page cannot be accessed, no traceback or stacktrace in catalina.out

Additional info:

Comment 1 Xixi 2010-05-24 21:36:16 UTC
Proposed fix is to add checks for url validity in spacewalk-java-0.5.44/code/src/com/redhat/rhn/frontend/action/common/DownloadFile.java below. For example /ks/dist would not have split[2], resulting in ArrayIndexOutOfBoundsException.
...
    public static Map<String, String> parseDistUrl(String url) {
        Map<String, String> ret = new HashMap<String, String>();

        if (url.charAt(0) == '/') {
            url = url.substring(1);
        }

        String[] split = url.split("/");
        int labelPos = 2;
        if (split[2].equals("org")) {
            ret.put("orgId",  split[3]);
            labelPos = 4;
        }
..

Comment 2 Justin Sherrill 2010-07-28 19:43:34 UTC
Fixed in master:  ff77e9b12ac95fb2bd0a31cc3ea07f1c03b3279b

Throws a file not found error now.

Comment 4 Miroslav Suchý 2010-10-20 11:59:11 UTC
verified in stage

Comment 5 Clifford Perry 2010-10-28 14:56:36 UTC
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford