You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Olivier Mengué (JIRA)" <ji...@apache.org> on 2010/03/09 15:26:27 UTC
[jira] Created: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
crash in axis2_http_sender_configure_proxy_auth
-----------------------------------------------
Key: AXIS2C-1465
URL: https://issues.apache.org/jira/browse/AXIS2C-1465
Project: Axis2-C
Issue Type: Bug
Components: core/transport
Affects Versions: 1.6.0, Current (Nightly)
Reporter: Olivier Mengué
Priority: Critical
My application crashes in function axis2_http_sender_configure_proxy_auth.
Here is how the proxy is defined in axis2.xml:
<transportSender name="http" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="xml-declaration" insert="false"/>
<!--parameter name="Transfer-Encoding">chunked</parameter-->
<!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
<parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
locked="false"/>
</transportSender>
Here is the block where the crash occurs:
if(auth_type)
{
auth_type_end = axutil_strchr(auth_type, ' ');
*auth_type_end = AXIS2_ESC_NULL;
auth_type_end++;
/*Read the realm and the rest stuff now from auth_type_end */
}
Local variables:
force_proxy_auth=0
auth_type="NTLM"
So auth_type_end is NULL and writing to *auth_type_end is invalid.
Here is the full stack trace:
unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843065#action_12843065 ]
Olivier Mengué commented on AXIS2C-1465:
----------------------------------------
Here is the full HTTP response header:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-F998621D699625D2=2; Path=/
Connection: close
Content-Length: 1842
Of course I understand NTLM is not supported by Axis2/C core transport, however it should not crash and report an error.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12843065#action_12843065 ]
Olivier Mengué commented on AXIS2C-1465:
----------------------------------------
Here is the full HTTP response header:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-F998621D699625D2=2; Path=/
Connection: close
Content-Length: 1842
Of course I understand NTLM is not supported by Axis2/C core transport, however it should not crash and report an error.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847406#action_12847406 ]
Olivier Mengué commented on AXIS2C-1465:
----------------------------------------
This is a security issue as a bad server could exploit the failure in a client at least for DoS.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Updated: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivier Mengué updated AXIS2C-1465:
-----------------------------------
Attachment: pwgen.c
proxy.h
proxy.c
Attached the test program. However I suppose the problem comes from the response returned by the proxy.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Updated: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivier Mengué updated AXIS2C-1465:
-----------------------------------
Attachment: pwgen.c
proxy.h
proxy.c
Attached the test program. However I suppose the problem comes from the response returned by the proxy.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1465) crash in
axis2_http_sender_configure_proxy_auth
Posted by "Olivier Mengué (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847406#action_12847406 ]
Olivier Mengué commented on AXIS2C-1465:
----------------------------------------
This is a security issue as a bad server could exploit the failure in a client at least for DoS.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx", soap_action = "http://www.mellbourn.com/WebServices/get_Password"), line 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org