Bug 5032 - Backtrace when getting malformed XML-RPC data
Summary: Backtrace when getting malformed XML-RPC data
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
Depends on:
Blocks: 7659
  Show dependency treegraph
Reported: 2014-03-20 16:02 CET by Henrik Andersson
Modified: 2022-01-31 10:49 CET (History)
0 users

See Also:
Acceptance Criteria:


Description Henrik Andersson cendio 2014-03-20 16:02:57 CET
iconv get_public_sessioninfo.post -t latin1  | nc localhost 9000
2014-03-20 16:00:37 DEBUG vsmserver: Handling connection from ('', 62113)
2014-03-20 16:00:37 ERROR vsmserver: Unhandled XMLRPC exception: <class 'thinlinc.vsm.xmlrpc.XMLDeMarshallingError'> ['not well-formed (invalid token): line 5, column 33', '<?xml version="1.0"?>\r\n<methodCall>\r\n   <methodName>get_public_sessioninfo</methodName>\r\n      <params>\r\n         <param><value><string>he\xe5n01</string></value></param>\r\n         <param><value><string>dhcp-252-250</string></value></param>\r\n         <param><value><int>1</int></value></param>\r\n      </params>\r\n</methodCall>\r\n'] Traceback (most recent call last):
  File "/opt/thinlinc/modules/thinlinc/vsm/async.py", line 112, in iii11
    obj . handle_read_event ( )
  File "/usr/lib64/python2.6/asyncore.py", line 428, in handle_read_event
  File "/usr/lib64/python2.6/asynchat.py", line 140, in handle_read
  File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 530, in found_terminator
    self . handle_request ( )
  File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 542, in handle_request
    raise XMLDeMarshallingError , [ str ( ooO ) , self . payload ]
XMLDeMarshallingError: ['not well-formed (invalid token): line 5, column 33', '<?xml version="1.0"?>\r\n<methodCall>\r\n   <methodName>get_public_sessioninfo</methodName>\r\n      <params>\r\n         <param><value><string>he\xe5n01</string></value></param>\r\n         <param><value><string>dhcp-252-250</string></value></param>\r\n         <param><value><int>1</int></value></param>\r\n      </params>\r\n</methodCall>\r\n']
Comment 1 Henrik Andersson cendio 2014-03-21 08:09:43 CET
User-Agent: Curl v125125
Host: localhost
Content-Type: text/xml
Content-Length: 324

<?xml version="1.0"?>
Comment 2 Pierre Ossman cendio 2021-03-09 16:58:50 CET
That is a malformed request as XML should be UTF-8 unless otherwise specified.

This happens no matter how the data is malformed, e.g. this can trigger it:

> (printf "POST /RPC2 HTTP/1.1\r\nContent-Length: 10\r\n\r\n" ; dd if=/dev/urandom) | nc localhost 904

It also happens to both vsmserver and vsmagent as they use the same parser.

Note You need to log in before you can comment on or make changes to this bug.