[
https://issues.apache.org/jira/browse/SLING-4749?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joerg Hoh closed SLING-4749.
----------------------------
> Request using "sling:bg=true" causes StackOverflow when no read access to /var
> ------------------------------------------------------------------------------
>
> Key: SLING-4749
> URL: https://issues.apache.org/jira/browse/SLING-4749
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Background Servlets 1.0.0
> Reporter: Joerg Hoh
> Assignee: Bertrand Delacretaz
> Priority: Major
>
> I have a system, where the anonymous user does not have read access to
> /var/bg. When I do a call to it (for example:
> http://localhost:4503/?sling:bg=true";, it returns with a internal server
> error. The log shows a stackoverflow exception, caused by
> {code}
> ...
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> ...
> {code}
> Looking at this line in the code I see a recursive call of deepCreateNode,
> which is executed, when the item itself does not exist. Which is true from
> the view of an anonymous session, which doesn't have read access to nodes
> beneath /var.
> The code should be improved, so it does either check with an admin session
> that the path exists, but is simply not readable, or preferably add some
> detection, that it has already reached "/" and that it doesn't make sense to
> continue then.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
