ashkulz
commented
2 years ago Not sure how this relates to packaging, should probably be opened on the main repo.
Closed Cyborgscode closed 2 years ago
ashkulz
commented
2 years ago Not sure how this relates to packaging, should probably be opened on the main repo.
Cyborgscode
commented
2 years ago my mistake..
OS: Fedora 33 Package used last: CentOS 8 Version affected: most likely * <= 0.12.6 tested on: wkhtmltox-0.12.4_linux-generic-amd64 wkhtmltox-0.12.6-1.centos8.x86_64
Description:
When none local image paths are used like this:
https://sub.domain.tld/truelogo.png
instead of an absolute local path:
/home/username/sub/truelogo.png
wkhtmltopdf <= 1.12.6 is entering an endless loop OR, most likely, just waits forever on a socket operation like select() for a signal which never happens. It MAY BE a special requirement, that the sub.domain is refering to the local webserver, on which wkhtmltopdf has be started by the webserver, WE DID NOT TEST IT with an external domainname.
This can cause a DOS situation, by exhausting the webservers ressources on memory at least, but also on the number of processes available to the webserver. This depends massively on the setup of the webservice i.e. if user seperation and resource limits are used or not.
In a pstree with user seperation and limits this looks like this:
Depending on how wkhtmltopdf is called inside php or other webscripts, the php mainprocess can also hang after wkhtmltopdf died. Best for all would be, if wkhtmltopdf would exit/work properly on those https links. The https:// links were publicable available under this subdomain, so IMHO the bug is inside wkhtmltopdf https handling.