Bug 595524 - Satellite 5.3: ISE when accessing http://server.hostname/ks/dist (should display more graceful permission error page instead of java.lang.ArrayIndexOutOfBoundsException)
Satellite 5.3: ISE when accessing http://server.hostname/ks/dist (should disp...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
530
All Linux
medium Severity medium
: ---
: ---
Assigned To: Justin Sherrill
Martin Minar
:
Depends On:
Blocks: sat540-blockers
  Show dependency treegraph
 
Reported: 2010-05-24 17:23 EDT by Xixi
Modified: 2016-07-03 20:55 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-28 11:01:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Xixi 2010-05-24 17:23:59 EDT
Description of problem:
Internal Server Erroris thrown when trying to access http://<URL>/ks/dist.  
In the past (on Satellite 4.x), this URL would at least give you a "page not found"..apparently it was protecting those areas of the tree...but, now it throws an ISE.

It should handle the url more gracefully and display a readable page (permission denied etc.) instead of ISE + traceback with java.lang.ArrayIndexOutOfBoundsException

catalina.out shows:
2010-05-24 17:04:18,936 [TP-Processor1] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back
javax.servlet.ServletException: Array index out of range: 2
        at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:237)
        at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:82)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
...
Caused by:
java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 2
        at com.redhat.rhn.frontend.action.common.DownloadFile.parseDistUrl(DownloadFile.java:158)
        at com.redhat.rhn.frontend.action.common.DownloadFile.handleKickstartDownload(DownloadFile.java:184)
        at com.redhat.rhn.frontend.action.common.DownloadFile.execute(DownloadFile.java:100)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        ... 40 more
2010-05-24 17:04:18,943 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 2
        at com.redhat.rhn.frontend.action.common.DownloadFile.parseDistUrl(DownloadFile.java:158)
        at com.redhat.rhn.frontend.action.common.DownloadFile.handleKickstartDownload(DownloadFile.java:184)
        at com.redhat.rhn.frontend.action.common.DownloadFile.execute(DownloadFile.java:100)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        at 
...

Version-Release number of selected component (if applicable):
Red Hat Network (RHN) Satellite 5.3.0

How reproducible:
Always.

Steps to Reproduce:
1. try to access http://<5.3 satellite fqdn>/ks/dist

Actual results:
ISE and traceback + above stacktrace in catalina.out

Expected results:
A readable page on UI explaining page cannot be accessed, no traceback or stacktrace in catalina.out

Additional info:
Comment 1 Xixi 2010-05-24 17:36:16 EDT
Proposed fix is to add checks for url validity in spacewalk-java-0.5.44/code/src/com/redhat/rhn/frontend/action/common/DownloadFile.java below. For example /ks/dist would not have split[2], resulting in ArrayIndexOutOfBoundsException.
...
    public static Map<String, String> parseDistUrl(String url) {
        Map<String, String> ret = new HashMap<String, String>();

        if (url.charAt(0) == '/') {
            url = url.substring(1);
        }

        String[] split = url.split("/");
        int labelPos = 2;
        if (split[2].equals("org")) {
            ret.put("orgId",  split[3]);
            labelPos = 4;
        }
..
Comment 2 Justin Sherrill 2010-07-28 15:43:34 EDT
Fixed in master:  ff77e9b12ac95fb2bd0a31cc3ea07f1c03b3279b

Throws a file not found error now.
Comment 4 Miroslav Suchý 2010-10-20 07:59:11 EDT
verified in stage
Comment 5 Clifford Perry 2010-10-28 10:56:36 EDT
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford

Note You need to log in before you can comment on or make changes to this bug.