getLegendGraphic Denial of Service

[tbonfort]

Reporter: refractions Date: 2005/06/13 - 22:41

When requesting a GetLegendGraphic on a <Layer> that is in fact a Mapserver
GROUP, mapserver blows up to maximum memory size and never returns. So, if your
map file is 

MAP
 LAYER
   NAME bar1
   GROUP foo
 LAYER 
   NAME bar2
   GROUP foo

With appropriate wms_group_* information set, then requesting a GetLegendGraphic
for the 'foo' group will cause death and destruction.

[tbonfort]

Author: dmorissette Date: 2005/06/14 - 16:42

Paul, can you please post a complete mapfile and URL to reproduce this? After
quickly hacking one of my mapfiles to use groups, and doing a GetLegendGraphic
on that group, I get a service Exception instead of the error that you mentioned.

<?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE ServiceExceptionReport SYSTEM
"http://schemas.opengeospatial.net/wms/1.1.1/exception_1_1_1.dtd">
<ServiceExceptionReport version="1.1.1">
<ServiceException code="LayerNotDefined">
msWMSGetLegendGraphic(): WMS server error. Invalid layer given in the LAYER
parameter.
</ServiceException>
</ServiceExceptionReport>

[tbonfort]

Author: tomkralidis Date: 2008/01/24 - 19:45 FYI When I run this test against trunk, I get the identical error as Daniel, and no DoS. Should we mark this invalid?

[tbonfort]

Author: dmorissette Date: 2008/01/24 - 21:58 I say we close as worksforme since we didn't get a testcase to reproduce.