Opened 19 years ago

Closed 16 years ago

#1378 closed defect (worksforme)

getLegendGraphic Denial of Service

Reported by: refractions Owned by: mapserverbugs
Priority: high Milestone:
Component: WMS Server Version: 4.4
Severity: major Keywords:
Cc: tomkralidis

Description (last modified by dmorissette)

When requesting a GetLegendGraphic on a <Layer> that is in fact a Mapserver
GROUP, mapserver blows up to maximum memory size and never returns. So, if your
map file is 

MAP
 LAYER
   NAME bar1
   GROUP foo
 LAYER 
   NAME bar2
   GROUP foo

With appropriate wms_group_* information set, then requesting a GetLegendGraphic
for the 'foo' group will cause death and destruction.

Change History (3)

comment:1 by dmorissette, 19 years ago

Status: newassigned
Paul, can you please post a complete mapfile and URL to reproduce this? After
quickly hacking one of my mapfiles to use groups, and doing a GetLegendGraphic
on that group, I get a service Exception instead of the error that you mentioned.

<?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE ServiceExceptionReport SYSTEM
"http://schemas.opengeospatial.net/wms/1.1.1/exception_1_1_1.dtd">
<ServiceExceptionReport version="1.1.1">
<ServiceException code="LayerNotDefined">
msWMSGetLegendGraphic(): WMS server error. Invalid layer given in the LAYER
parameter.
</ServiceException>
</ServiceExceptionReport>

comment:2 by tomkralidis, 16 years ago

Cc: tomkralidis added

FYI When I run this test against trunk, I get the identical error as Daniel, and no DoS. Should we mark this invalid?

comment:3 by dmorissette, 16 years ago

Description: modified (diff)
Resolution: worksforme
Status: assignedclosed

I say we close as worksforme since we didn't get a testcase to reproduce.

Note: See TracTickets for help on using tickets.