[note: x-posted to modperl]
[note: i sent this earlier from an unsubscribed address. that
shouldn't go through. if it does, apologies in advance ]
I wrote a web services module to incorporate the TrackBack protocol
into my mod_perl application
I started testing it using WordPress - the php blog software
It seems to have set a cookie (see details below) , that causes an
automatic error in modperl
The error in the logs is :"Expected token not present"
It was touched briefly in :
[mp2] "Expected token not present" error in logs
Date: Sun, 8 Jan 2006 11:18:10 -0500
The extent to which it was discussed was:
Joe Schaefer
It probably means that the request's Cookie: header was missing an
"=" sign.
Philip M. Gollucci
joes: any possibility of improving that error message in 2.07-dev ?
And then the conversation died.
The issue seems to be definitively caused by an issue in the way that
wordpress encodes the cookie and safari sends it
http://wordpress.org/support/topic/52813
http://www.darcynorman.net/2005/12/21/upgrading-blog-to-wp-20-rc3
From the headers_in , it seems that WordPress includes raw-php code
(instead of executing it), and either wordpress or safari doesn't
properly escape the = sign in the cookies.
In production I see little chance this will affect me or any other
user -- the invalid cookie isn't going to be sent to the box.
BUT it brings up this issue - a corrupt cookie of this sort seems to
call a die() in modperl once libapreq attempts to parse it. i'd say
50% of the dies are met with a segfault. i don't know why its not a
1:1 ratio.
I couldn't seem to find any way to provide a defense against this.
Just calling cookiejar->cookie() will cause the error.
my $cookiejar = Apache2::Cookie::Jar->new( $self->{'apr'} );
my @names = $cookiejar->cookies();
the segfault, natually, occurs whether or not the code is wrapped in
an eval block. an eval block didn't seem to catch the other error
either (sorry, but i can't discern what it is)
Can someone suggest an approach? Maybe some sort of validation regex
needs to be in/updated on the cookie parsing code? I'm a little
uneasy with the idea that sending a bad cookie gives a 50% chance to
segfault a server.
I've enclosed a Data::Dumper representation of the the APR::Table
headers_in atfer the cookie info. I'll be happy to pull it into any
other format if instructed how.
To recreate this, you can use:
wordpress-2.0.1 (current)
mac osx 10.4 + safari 2.0.3
libapreq 2.07
httpd 2.055
===
Created
193189633
Domain
g5.local
Expires
2007-02-14T23:47:13Z
Name
dbx-postmeta
Path
/
Value
grabit=0-,1-,2-,3-,4-,5-,6-&advancedstuff=0-,1+,2-
===
$headers_in = bless( {
'Accept' => '*/*',
'Accept-Language' => 'en',
'Accept-Encoding' => 'gzip, deflate',
'Cookie' =>
'wordpressuser_c580712eb86cad2660b3601ac04202b2=admin;
wordpresspass_c580712eb86cad2660b3601ac04202b2=7ebeeed42ef50720940f5b8db
2f9db49; rs_session=59ae9b8b503e3af7d17b97e7f77f7ea5; dbx-
postmeta=grabit=0-,1-,2-,3-,4-,5-,6-&advancedstuff=0-,1+,2-',
'User-Agent' => 'Mozilla/5.0 (Macintosh; U;
PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8',
'Connection' => 'keep-alive',
'Host' => 'g5.local:8082'
}, 'APR::Table' );