Bug 8574 - POSTing with to web services with unkown Content-Type results in a traceback
Summary: POSTing with to web services with unkown Content-Type results in a traceback
Status: CLOSED DUPLICATE of bug 8396
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.19.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-04-16 11:23 CEST by William Sjöblom
Modified: 2025-04-16 14:01 CEST (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description William Sjöblom cendio 2025-04-16 11:23:43 CEST
This can be reproduced by running:
> curl --insecure --header "Content-Type: text/plain" --request POST https://localhost:300/
which results in the following traceback in the log:
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1] ----------------------------------------
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1] Traceback (most recent call last):
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1]   File "/opt/thinlinc/modules/thinlinc/tlwebaccess/server.py", line 144, in do_POST
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1]     Oooo0o0oO0 = parse_post_request ( self . rfile , self . headers )
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1]   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 453, in parse_post_request
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1]     raise ValueError ( 'Handling for Content-Type "%s" not implemented.' % o0oOO000Oo0 )
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1] ValueError: Handling for Content-Type "text/plain" not implemented.
> 2025-04-16 11:15:40 ERROR tlwebaccess[603179]: [::1] ----------------------------------------

With webaccess is exposed to the internet, it is not uncommon that malicious bots will try to POST data using unhandled Content-Types, which may produce a lot of these stack traces.
Comment 1 William Sjöblom cendio 2025-04-16 12:47:47 CEST

*** This bug has been marked as a duplicate of bug 8396 ***

Note You need to log in before you can comment on or make changes to this bug.