[
https://issues.apache.org/jira/browse/SOLR-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hoss Man resolved SOLR-2631.
----------------------------
Resolution: Fixed
Uwe, sorry for my brevity -- my point was that you had fixed the infinite loop
by adding an sanity check that will throw an error, but the example & test
configs should also be improved to demonstrate better practices when using the
PingRequestHandler so people using them can never encounter the sanity checking
you added.
Committed revision 1142722. - trunk
Committed revision 1142730. - trunk stupid mistake
Committed revision 1142731. - 3x
> PingRequestHandler can infinite loop if called with a qt that points to
> itsself
> -------------------------------------------------------------------------------
>
> Key: SOLR-2631
> URL: https://issues.apache.org/jira/browse/SOLR-2631
> Project: Solr
> Issue Type: Bug
> Components: search, web gui
> Affects Versions: 1.4, 3.1, 3.2, 3.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Labels: security
> Fix For: 3.4, 4.0
>
> Attachments: SOLR-2631.patch
>
>
> We got a security report to [email protected], that Solr can infinite
> loop, use 100% CPU and stack overflow, if you execute the following HTTP
> request:
> - http://localhost:8983/solr/select?qt=/admin/ping
> - http://localhost:8983/solr/admin/ping?qt=/admin/ping
> The qt paramter instructs PingRequestHandler to call the given request
> handler. This leads to an infinite loop. This is not an security issue, but
> for an unprotected Solr server with unprotected /solr/select path this makes
> it stop working.
> The fix is to prevent infinite loop by disallowing calling itsself.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
