On Wed, 17 Mar 2010, Andrew Mortensen wrote:
>
> On Mar 17, 2010, at 10:23 AM, Graeme Wood wrote:
>
>> Hi,
>>
>> We are seeing a dozen or so instances daily of logins failing with no
>> content_type errors. When this happens the CGI is rather unforgiving and
>> forces an Apache error which is a bit unfriendly to our users. So the
>> first question is are others seeing these mis-posted form errors?
>
> I haven't heard any other reports of this. Do you have the user agent of
> the clients running into the problem? Are they coming from a small group
> of client IPs?
I don't have reliable data. One of them was definitely using Safari. The
one from last night was using XP and I suspect IE8. The addresses are all
over: one was from our local network, the one reported from last night was
from his home ISP. There appears to be no pattern. The issue is rare but
consistent. We see about 60,000 logins per day and out of that we see less
than a dozen of these errors.
>> And the second question is can we do something a bit better than just
>> dumping an Apache error?
>
> Presumably this is happening when the cgi_post routine fails due to the
> missing CONTENT_TYPE environment variable. cgi_post failures appear to
> be the one error condition in cosign.cgi which do not result in a
> template-based error page. Rather than dump out a friendly error page,
> the cgi exits without doing anything, leaving Apache to return a generic
> error status.
>
> I'm not sure why cgi_post didn't merit error output. Try the attached
> patch, which applies to cosign 3.1.1.
Thanks. I didn't know if there was a reason why it was coded the way it
was or not.
> andrew
>
> --
>
> diff --git a/cgi/cgi.c b/cgi/cgi.c
> index ae4ec41..63c0d3e 100755
> --- a/cgi/cgi.c
> +++ b/cgi/cgi.c
> @@ -678,7 +678,10 @@ main( int argc, char *argv[] )
> }
>
> if ( cgi_post( cgi, cl ) != 0 ) {
> - exit( 1 );
> + sl[ SL_TITLE ].sl_data = "Error: Client Login";
> + sl[ SL_ERROR ].sl_data = "Bad client request when logging in.";
> + subfile( ERROR_HTML, sl, 0 );
> + exit( 0 );
> }
>
> if ( cl[ CL_REF ].cl_data != NULL ) {
>
--
Graeme Wood, Unix Section of the IT Infrastructure Division,
Information Services, The University of Edinburgh
Email: [email protected] Phone: +44 131 650 5003 Fax: +44 131 650 6552
The University of Edinburgh is a charitable body,
registered in Scotland, with registration number SC005336.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
