Closed joseph-reynolds closed 4 years ago
edtanous
commented
4 years ago A fix for this is already in review. https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35707
Can you run your tests with it to verify it fixes this problem before its merged?
joseph-reynolds
commented
4 years ago Nope. Sorry, it already merged. I commented on it anyway. :-) I understand George plans to test it. I would like to see HTTP status 400 (bad request) for this, if possible.
edtanous
commented
4 years ago "I would like to see HTTP status 400 (bad request) for this, if possible." That's one possibility, on the other hand, they've broken the HTTP specification for urls, so bmcweb is fully within its rights to simply close the connection entirely.
I believe today it will return 404.
joseph-reynolds
commented
4 years ago
BMCWeb crashes when given a URL with a syntax error. For example,
curl https://$bmc/'redfish\['. I get the response,curl: (52) Empty reply from serverand logs from the commandjournalctl -u bmcwebshows (excerpts):This happens in recent versions only, like beginning July/August 2020. I believe a number of other syntax errors will also hit this problem. Note that systemd restarts bmcweb after it crashes.
I believe the problem was introduced here: https://github.ibm.com/openbmc/bmcweb/commit/5a7e877e5fd7da96022d3959fbfec84bfa3d0f7f#diff-a14a24ada9556db683fbdd6a15d3d084 Specifically, line 731 (
req->urlView = boost::urls::url_view(req->target());) constructs an url_view which throws boost::urls::invalid_part. See https://github.com/CPPAlliance/url/blob/master/include/boost/url/url_view.hppA fix could be to catch the exception and issue HTTP status 400 (bad request). (I do not intend to submit a fix, but will help test it.) Please take a look. @feistjj