You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Tim Funk <fu...@joedog.org> on 2003/08/31 17:14:23 UTC

[5] Infinite loop potential in processing error in StandardWrapperValve.java ??

When I added the code to use PropertyUtils.getProperty in determining the 
root cause, I noticed it can cause an infinite loop.

// Extra aggressive rootCause finding
do {
     try {
         rootCauseCheck = (Throwable)PropertyUtils.getProperty
                                     (rootCause, "rootCause");
         if (rootCauseCheck!=null)
             rootCause = rootCauseCheck;

     } catch (...) {
         rootCauseCheck = null;
     }
} while (rootCauseCheck != null);

------------------------------------------
If we have a malicious user who does this:
{
   ...
   ServletException e = new ServletException();
   throw new ServletException(e);
}

We can get a non-recursive infinite loop in the error handling logic.


Is this a cause for concern? I would guess so in shared environments but this 
is not a problem in tightly controlled (enterprise/private) environments.

Comments?

-Tim

Re: [5] Infinite loop potential in processing error in StandardWrapperValve.java ??

Posted by Remy Maucherat <re...@apache.org>.

Tim Funk wrote:
> When I added the code to use PropertyUtils.getProperty in determining 
> the root cause, I noticed it can cause an infinite loop.
> 
> // Extra aggressive rootCause finding
> do {
>     try {
>         rootCauseCheck = (Throwable)PropertyUtils.getProperty
>                                     (rootCause, "rootCause");
>         if (rootCauseCheck!=null)
>             rootCause = rootCauseCheck;
> 
>     } catch (...) {
>         rootCauseCheck = null;
>     }
> } while (rootCauseCheck != null);
> 
> ------------------------------------------
> If we have a malicious user who does this:
> {
>   ...
>   ServletException e = new ServletException();
>   throw new ServletException(e);
> }
> 
> We can get a non-recursive infinite loop in the error handling logic.
> 
> 
> Is this a cause for concern? I would guess so in shared environments but 
> this is not a problem in tightly controlled (enterprise/private) 
> environments.
> 
> Comments?

Yes, well, I had seen that flaw in the code. However, if there's a 
"malicious" user out there, he can just add while (true) { 
doSomethingStupid(); } in his code ;-) So I chose not to care about it.

Anyway, +1 to add a max recursion int (there are a few places that use 
this type of code).

Remy