[
https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847406#action_12847406
]
Olivier Mengué commented on AXIS2C-1465:
----------------------------------------
This is a security issue as a bad server could exploit the failure in a client
at least for DoS.
> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
> Key: AXIS2C-1465
> URL: https://issues.apache.org/jira/browse/AXIS2C-1465
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.6.0, Current (Nightly)
> Reporter: Olivier Mengué
> Priority: Critical
> Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
> <transportSender name="http" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <!--parameter name="Transfer-Encoding">chunked</parameter-->
> <!--parameter name="HTTP-Authentication" username="" password=""
> locked="true"/-->
> <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn"
> proxy_username="" proxy_password=""
> locked="false"/>
> </transportSender>
> Here is the block where the crash occurs:
> if(auth_type)
> {
> auth_type_end = axutil_strchr(auth_type, ' ');
> *auth_type_end = AXIS2_ESC_NULL;
> auth_type_end++;
> /*Read the realm and the rest stuff now from auth_type_end */
> }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28,
> env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in
> "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8,
> msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env =
> 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url =
> "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx";,
> soap_action = "http://www.mellbourn.com/WebServices/get_Password";), line
> 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx =
> 0x2001fb78, out = 0x2001fe18, str_url =
> "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx";,
> soap_action = "http://www.mellbourn.com/WebServices/get_Password";), line
> 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env
> = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18,
> om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env =
> 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8,
> msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx =
> 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line
> 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env =
> 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1),
> line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env =
> 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in
> "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8,
> payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
