I encountered a segmentation fault within the HttpManager::HttpWorkerThread method when making HTTPS requests that fail SSL verification. The segmentation fault occurs specifically when attempting to access properties (status, body, headers) of a null HTTP response object, which is null due to an SSL server verification error.
Steps to Reproduce
Configure Eluna module to make an HTTPS request to a server with a self-signed certificate or a certificate that fails SSL verification.
Observe that the HttpManager::HttpWorkerThread method experiences a segmentation fault due to a null dereference when attempting to process the HTTP response.
Expected Behavior
The module should handle SSL verification errors gracefully without causing a segmentation fault. There should be error handling to check for null HTTP response objects and log or manage the error without crashing.
Actual Behavior
The application crashes with a segmentation fault when the HTTP response object is null due to an SSL server verification failure.
Environment
AzerothCore Version: a2f21bd
Module: Eluna
OS: Ubuntu 22.04
Compiler: clang
Debug Information
GDB backtrace revealed that the crash occurs at:
HttpManager::HttpWorkerThread (this=0x7ffff29aafc0) at /path/to/HttpManager.cpp:170
170 responseQueue.push(new HttpResponse(req->funcRef, res->status, res->body, res->headers));
The HTTP response object (res) was null due to an httplib::Error::SSLServerVerification error.
Workaround
Installing a valid SSL certificate (e.g., from Let's Encrypt) on the server being queried resolved the issue by allowing SSL verification to succeed.
Suggested Fix
Implement additional error handling within the HttpManager::HttpWorkerThread method to check for null HTTP response objects before attempting to access their properties. Consider logging SSL verification failures and other HTTP errors in a way that does not lead to a null dereference and application crash.
I encountered a segmentation fault within the HttpManager::HttpWorkerThread method when making HTTPS requests that fail SSL verification. The segmentation fault occurs specifically when attempting to access properties (status, body, headers) of a null HTTP response object, which is null due to an SSL server verification error.
Steps to Reproduce
Expected Behavior
The module should handle SSL verification errors gracefully without causing a segmentation fault. There should be error handling to check for null HTTP response objects and log or manage the error without crashing.
Actual Behavior
The application crashes with a segmentation fault when the HTTP response object is null due to an SSL server verification failure.
Environment
AzerothCore Version: a2f21bd Module: Eluna OS: Ubuntu 22.04 Compiler: clang Debug Information GDB backtrace revealed that the crash occurs at:
Workaround
Installing a valid SSL certificate (e.g., from Let's Encrypt) on the server being queried resolved the issue by allowing SSL verification to succeed.
Suggested Fix
Implement additional error handling within the HttpManager::HttpWorkerThread method to check for null HTTP response objects before attempting to access their properties. Consider logging SSL verification failures and other HTTP errors in a way that does not lead to a null dereference and application crash.