[ http://issues.apache.org/jira/browse/AXIS2C-89?page=all ]
Samisa Abeysinghe closed AXIS2C-89:
-----------------------------------
Fix Version: M0.5
Resolution: Fixed
There was a double free of om_builder (see comment in code)
> Server segs if client sends invalid XML in SOAP
> -----------------------------------------------
>
> Key: AXIS2C-89
> URL: http://issues.apache.org/jira/browse/AXIS2C-89
> Project: Axis2-C
> Type: Bug
> Components: core/transport, xml/om
> Versions: Current (Nightly)
> Reporter: Samisa Abeysinghe
> Assignee: Samisa Abeysinghe
> Priority: Critical
> Fix For: M0.5
>
> SOAP:
> POST /axis2/services/echo/echo HTTP/1.1
> User-Agent:Axis2/C
> SOAPAction:
> Content-Length:599
> Content-Type:application/soap+xml
> Host:localhost
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";><soapenv:Header
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";><wsa:ReplyTo><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:ReferenceProperties></wsa:ReferenceProperties><wsa:MessageID>2efefcca-abf6-1da1-25e1-001125b4c063</wsa:MessageID></soapenv:Header><soapenv:Body><ns1:echoString
>
> xmlns:ns1="http://localhost:9090/axis2/services/echo";><s:text>echo5<s:/text></ns1:echoString></soapenv:Body></soapenv:Envelope>
> gdb Trace:
> [critical] libxml2_reader_wrapper.c(838) Namespace prefix s on text is not
> defined
> -- SEVERITY_ERROR
> [critical] libxml2_reader_wrapper.c(838) Failed to parse QName 's:'
> -- SEVERITY_ERROR
> [critical] libxml2_reader_wrapper.c(838) error parsing attribute name
> -- SEVERITY_ERROR
> [critical] libxml2_reader_wrapper.c(838) attributes construct error
> -- SEVERITY_ERROR
> [critical] libxml2_reader_wrapper.c(838) Couldn't find end of Start Tag s:
> -- SEVERITY_ERROR
> [critical] libxml2_reader_wrapper.c(433) critical error occured in xml reader
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1208775760 (LWP 3318)]
> 0x0065d3c3 in axis2_http_transport_utils_process_http_post_request
> (env=0xb7f383d8, msg_ctx=0x921db60,
> in_stream=0x9283eb8, out_stream=0x921bca8, content_type=0x9283cd0
> "application/soap+xml", content_length=599,
> soap_action_header=0x9277160 "", request_uri=0x921bce8
> "http://127.0.0.1:8080/axis2/services/echo/echo";)
> at ../transport/http/http_transport_utils.c:210
> 210 AXIS2_OM_STAX_BUILDER_FREE(om_builder, env);
> (gdb) bt
> #0 0x0065d3c3 in axis2_http_transport_utils_process_http_post_request
> (env=0xb7f383d8, msg_ctx=0x921db60,
> in_stream=0x9283eb8, out_stream=0x921bca8, content_type=0x9283cd0
> "application/soap+xml", content_length=599,
> soap_action_header=0x9277160 "", request_uri=0x921bce8
> "http://127.0.0.1:8080/axis2/services/echo/echo";)
> at ../transport/http/http_transport_utils.c:210
> #1 0x0065c0b9 in axis2_http_worker_process_request (http_worker=0x9282540,
> env=0xb7f383d8, svr_conn=0x92771a0,
> simple_request=0x9277148) at ../transport/http/http_worker.c:304
> #2 0x0012ba30 in worker_func (thd=0x92395f8, data=0x9281528) at
> http_svr_thread.c:316
> #3 0x00fd755a in dummy_worker (opaque=0x92395f8) at thread_unix.c:84
> #4 0x00735b80 in start_thread () from /lib/libpthread.so.0
> #5 0x00396dee in clone () from /lib/libc.so.6
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
