Bug 413531 - Web browser accepted languages configuration causes dsgw CGI binaries to segfault
Web browser accepted languages configuration causes dsgw CGI binaries to segf...
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: UI - Gateway/Phonebook (Show other bugs)
1.0.4
All Linux
low Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
http://directory.fedoraproject.org/wi...
: Reopened
Depends On:
Blocks: 434912 FDS112 453229 CVE-2008-2928
  Show dependency treegraph
 
Reported: 2007-12-06 01:32 EST by madams
Modified: 2015-12-07 11:37 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:37:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strace of BROKEN/SEGFAULT auth binary process. Note exceptionally large number of stat64 entries for alternate language codes (231.08 KB, text/plain)
2007-12-06 01:32 EST, madams
no flags Details
strace of FUNCTIONAL auth binary process. Note far fewer occurances of of stat64 entries for alternate language codes. (221.33 KB, text/plain)
2007-12-06 01:37 EST, madams
no flags Details
cvs commit log for 8.0 branch (5.76 KB, text/plain)
2008-07-14 17:30 EDT, Rich Megginson
no flags Details
urls (205.40 KB, text/plain)
2008-08-08 01:34 EDT, Chandrasekar Kannan
no flags Details
cvs commit log - HEAD (176 bytes, text/plain)
2008-08-27 15:57 EDT, Rich Megginson
no flags Details
cvs commit log - use XP_AccLangList in dsgw (357 bytes, text/plain)
2008-09-03 22:46 EDT, Rich Megginson
no flags Details

  None (edit)
Description madams 2007-12-06 01:32:06 EST
Description of problem:

Certain web browser accepted languages configurations can cause the dsgw CGI
binaries to segfault unexpectedly.


Version-Release number of selected component (if applicable): 

fedora-ds-1.0.4-1.FC5.i386.opt.rpm running on Debian etch


How reproducible:

Using above release of Fedora DS and Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.8) Gecko/20071004 Iceweasel/2.0.0.8 (Debian-2.0.0.6+2.0.0.8-0etch1)


Steps to Reproduce:

1. Open up web browser, connect to dsgw, confirm web application is working
2. Open up new tab in web browser, edit preferences via about:config.  Change
intl.accept_languages property to
"en-US,en,en-CA,en-us,EN-US,EN,es-ES,es,no-NO,no,en-gb,ro-RO,ro,utf-8,utf,de-DE,d"
3. Reload dsgw web application.  Verify that most of the web application no
longer functions.
4. Edit web browser preferences & reset intl.accept_languages to default value
of "en-us, en"
5. Reload dsgw web application.  Verify that web application now functions
correctly.
  
Actual results:

dsgw CGI binaries segfault returning a blank web page

admin-serv error log records error messages similar to the following 

[Wed Dec 05 18:18:55 2007] [error] [client 192.168.16.250] Premature end of
script headers: search, referer:
https://exodus:3890/clients/dsgw/bin/lang?context=dsgw&file=csearchtitle.html

Expected results:


Additional info:
Comment 1 madams 2007-12-06 01:32:06 EST
Created attachment 279251 [details]
strace of BROKEN/SEGFAULT auth binary process.  Note exceptionally large number of stat64 entries for alternate language codes
Comment 2 madams 2007-12-06 01:37:12 EST
Created attachment 279261 [details]
strace of FUNCTIONAL auth binary process.  Note far fewer occurances of of stat64 entries for alternate language codes.
Comment 3 Rich Megginson 2007-12-06 11:36:23 EST
Excellent detective work.  Thanks!
Comment 5 Rich Megginson 2008-02-29 17:20:58 EST
This appears to be fixed.  I'm not exactly sure what did it, but I did make
charset/locale handling more dynamic.  I have test scripts that run the CGI
programs under valgrind with a wide variety of arguments and inputs, and they
all use this:
HTTP_ACCEPT_LANGUAGE="en-US,en,en-CA,en-us,EN-US,EN,es-ES,es,no-NO,no,en-gb,ro-RO,ro,utf-8,utf,de-DE,d"
; export HTTP_ACCEPT_LANGUAGE

valgrind reports no problems, and there were no core dumps.
Comment 6 Anh Nguyen 2008-06-26 14:27:46 EDT
Performed step 2, and received the error below; marking this bug verified.

the Internal Server Error

The server encountered an internal error or misconfiguration and was unable to
complete your request.

Please contact the server administrator, [no address given] and inform them of
the time the error occurred, and anything you might have done that may have
caused the error.

More information about this error may be available in the server error log.
Apache/2.0 Server at gopher.dsqa.sjc2.redhat.com Port
Comment 7 Rich Megginson 2008-06-26 14:36:24 EDT
Which request is this?  Is it this one:
[Thu Jun 26 11:08:57 2008] [error] [client 10.14.52.5] Premature end of script
headers: dosearch, referer:
http://gopher.dsqa.sjc2.redhat.com:9830/dsgwcmd/csearch?context=dsgw&file=string

?

Premature end of script headers is bad - that usually indicates a core dump.
Comment 8 Rich Megginson 2008-06-26 19:11:16 EDT
Yep - it's core dumping - only on HP-UX.
Comment 15 Rich Megginson 2008-07-14 17:30:25 EDT
Created attachment 311780 [details]
cvs commit log for 8.0 branch
Comment 17 Chandrasekar Kannan 2008-08-08 01:34:29 EDT
Created attachment 313783 [details]
urls

urls I tested are shown in the attachment
Comment 18 Rich Megginson 2008-08-27 15:57:30 EDT
Created attachment 315136 [details]
cvs commit log - HEAD
Comment 19 Fedora Update System 2008-08-28 15:20:04 EDT
adminutil-1.1.7-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/adminutil-1.1.7-1.fc9
Comment 20 Rich Megginson 2008-09-03 22:46:58 EDT
Created attachment 315716 [details]
cvs commit log - use XP_AccLangList in dsgw

Fix Description: Use XP_AccLangList from adminutil rather than the local AcceptLangList and get rid of the local AcceptLangList function.
Comment 21 Fedora Update System 2008-09-04 15:57:55 EDT
fedora-ds-dsgw-1.1.1-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/fedora-ds-dsgw-1.1.1-1.fc8
Comment 22 Fedora Update System 2008-09-04 15:58:42 EDT
fedora-ds-dsgw-1.1.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/fedora-ds-dsgw-1.1.1-1.fc9
Comment 23 Fedora Update System 2008-09-10 02:49:52 EDT
adminutil-1.1.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2008-09-10 03:18:07 EDT
adminutil-1.1.7-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Fedora Update System 2008-09-11 13:04:26 EDT
fedora-ds-dsgw-1.1.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 26 Fedora Update System 2008-09-11 13:10:25 EDT
fedora-ds-dsgw-1.1.1-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.