search

melowntech / vts-mapproxy

VTS Mapproxy
BSD 2-Clause "Simplified" License
30 stars 5 forks source link

Invalid requests terminates mapproxy #10

Closed komackaj closed 4 years ago

komackaj commented 4 years ago

Our security checks found out possible DoS using simple invalid URL request /this_server/all_settings.shtml

Sometimes mapproxy will handle it without problem

2019-10-22 09:25:02 I2 [14383(shttp:1)]: [conn:2] HTTP "GET /this_server/all_settings.shtml HTTP/1.1". {http.cpp:prelogAndProcess():313}
2019-10-22 09:25:02 E1 [14383(shttp:1)]: <this_server> is not known reference frame. {fileinfo.cpp:checkReferenceFrame():109}
2019-10-22 09:25:02 I1 [14383(shttp:1)]: [conn:2] ServerConnection opened. {http.cpp:start():465}
2019-10-22 09:25:02 I3 [14383(shttp:1)]: [conn:2] HTTP "GET /this_server/all_settings.shtml HTTP/1.1" 404 274 [<this_server> is not known reference frame. @{fileinfo.cpp:checkReferenceFrame():109}]. {http.cpp:p
ostLog():333}

sometimes it will terminate

2019-10-22 09:25:02 I1 [14384(gdal)]: Total: 310781 KB, limit: 26214400 KB {gdalsupport.cpp:killLeviathan():682}
2019-10-22 09:25:06 I1 [14383(shttp:1)]: [conn:3] ServerConnection opened. {http.cpp:start():465}
2019-10-22 09:25:06 I2 [14383(shttp:27)]: [conn:3] HTTP "GET /this_server/all_settings.shtml HTTP/1.1". {http.cpp:prelogAndProcess():313}
2019-10-22 09:25:06 E1 [14383(shttp:27)]: <this_server> is not known reference frame. {fileinfo.cpp:checkReferenceFrame():109}
terminate called without an active exception
2019-10-22 09:25:06 I3 [14384(gdal)]: Stopping GDAL warper worker processes. {gdalsupport.cpp:runManager():639}

We use version 1.61-0jessie with parameters

[core]
threadCount = 28

[http]
enableBrowser = false
threadCount = 28

[gdal]
processCount = 28
rssLimit = 25600
vaclavblazek commented 4 years ago

The reported problem is caused by defective libstc++ in gcc-4.9 (the only gcc available in Debian/Jessie): once an exception is re-thrown via std::rethrow_exception the exception counter is not updated properly and std::uncaught_exception() keeps returning true while the is no uncaught exception causing havoc in the code expecting proper behaviour.

More info about this bug can be found at: https://bugs.launchpad.net/ubuntu/+source/gcc-4.9/+bug/1439451 .

Closing without any fixes since this is a 3rd-party error.