Opened 13 years ago
Closed 13 years ago
#1705 closed defect (fixed)
MAPAGENT call crashes webservers (IIS & Apache)
| Reported by: | zspitzer | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 2.2 |
| Component: | Map Agent | Version: | 2.2.0 |
| Severity: | critical | Keywords: | |
| Cc: | External ID: |
Description
The webserver crashes if you send a request like:
Apache crashes at the first request, IIS after 7 to 10 requests.
We use MGOS 2.2 Windows Server 2003 SP2 Apache 2.2
it's the parsing of this parameter causing the problem SETVIEWCENTERX=3549113%a5'%20having%201=1--&
Attachments (1)
Change History (9)
comment:1 by , 13 years ago
comment:3 by , 13 years ago
The SETVIEWCENTERX parameter you have in this request is not being properly created.
The "%a5'%20having%201=1--" is garbage that should not be part of the request parameter.
It should be a single numerical value like this: SETVIEWCENTERX=3549113
How are you generating this request?
comment:4 by , 13 years ago
this was reported by a user on the mailing list, who had ordered some security checks http://osgeo-org.1803224.n2.nabble.com/mapagent-crashes-td6410737.html
comment:5 by , 13 years ago
I did some digging on this matter with a 2.2 branch copy.
The offending line is here:
http://trac.osgeo.org/mapguide/browser/branches/2.2/MgDev/Web/src/ApacheAgent/ApacheAgent.cpp#L153
This method is throwing a MgInvalidArgumentException with the error id MgInvalidStringConversion
The root location where this exception is thrown is at MgUtil::MultiByteToWideChar
http://trac.osgeo.org/mapguide/browser/branches/2.2/MgDev/Common/Foundation/System/Util.cpp#L287
The mgmapagent_handler() function does not have an exception handler for any MgException (or derivatives) and because of this the MgInvalidArgumentException that is thrown is unhandled and derails the Apache Web Server process
Perhaps we should have an exception handler for MgException here, and write out a bad request string response?
Perhaps something similar is happening with the ISAPI and CGI handlers?
comment:6 by , 13 years ago
Thanks for digging into this. I agree that we should add exception handling because a bad request shouldn't crash the web server.
by , 13 years ago
| Attachment: | 1705.patch added |
|---|
Add exception handling in the Apache and ISAPI agents around the MapAgentGetParser::Parse call
comment:7 by , 13 years ago
Ok, it seems this ticket is another case of the 2.2 branch being severely behind from the trunk version as the trunk already has these safeguards in place
http://trac.osgeo.org/mapguide/changeset/5071
So the fix is simply to backport this to the 2.2 branch, should a 2.2.x point release ever arise.
comment:8 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
it also occurs when appending that string to the version parameter
http://localhost:8008/mapguide/mapagent/mapagent.fcgi?OPERATION=GETDYNAMICMAPOVERLAYIMAGE&FORMAT=PNG&VERSION=2.1.0%a5%27%20having%201=1--&SESSION=70c85ffc-8760-11e0-8000-00237deca616_en_7F0000010AFC0AFB0AFA&MAPNAME=map&SEQ=0.23651071377519906&CLIENTAGENT=Ajax Viewer&BEHAVIOR=2&SETDISPLAYDPI=96&SETDISPLAYWIDTH=474&SETDISPLAYHEIGHT=444&SETVIEWSCALE=175421.11033589157&SETVIEWCENTERX=3549113&SETVIEWCENTERY=5805500&CLIENTAGENT=Ajax Viewer