ig3 opened a new issue #3976: URL: https://github.com/apache/couchdb/issues/3976
[NOTE]: # ( ^^ Provide a general summary of the issue in the title above. ^^ ) ## Description Sending a request with a malformed JWT token in Authorization header causes CouchDB to crash and restart. I was trying out JWT authentication and my first attempt was with a malformed JWT token. Subsequent tests with good tokens work as expected and various other token errors are handled without crashing and with appropriate error responses and logs. ## Steps to Reproduce curl -v http://localhost:5984/test \ -H "Accept: application/json" \ -H "Content-Type: application/json; charset=utf-8" \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZvbyJ9.eyJraWQiOiJmb28iLCJzdWIiOiJhZG1pbiIsIm5hbWUiOiJhZG1pbiIsInJvbGVzIjpbInRlc3QxIiwidGVzdDIiXX0=.xftH2byj7LV9/YqqacmyZfcxQt+/h0etsgtRj6aL4AE=" ## Expected Behaviour Request fails with an error and the server does not crash. ## Your Environment [TIP]: # ( Include as many relevant details about your environment as possible. ) [TIP]: # ( You can paste the output of curl http://YOUR-COUCHDB:5984/ here. ) * CouchDB version used: 3.2.0 compiled from source on Debian Bullseye on x86_64 and armv7l * Browser name and version: n/a: testing with curl and NodeJS based clients. * Operating system and version: Debian Bullseye ## Additional Context With each failed request there are two logs, similar to the following: >Mar 29 13:15:45 tecra couchdb[108694]: [error] 2022-03-29T00:15:45.553476Z [email protected] <0.15259.2> -------- CRASH REPORT Process (<0.15259.2>) with 0 neighbors crashed with reason: {invalid_ejson,{bad_block,88}} at jiffy:encode/2(line:99) <= couch_httpd:before_response/4(line:1207) <= couch_httpd:handle_response/5(line:1199) <= couch_httpd:send_response_no_cors/4(line:798) <= chttpd:process_request/1(line:318) <= chttpd:handle_request_int/1(line:249) <= mochiweb_http:headers/6(line:150) <= proc_lib:init_p_do_apply/3(line:226); initial_call: {mochiweb_acceptor,init,['Argument__1','Argument__2',...]}, ancestors: [chttpd,chttpd_sup,<0.352.0>], message_queue_len: 0, links: [<0.356.0>,#Port<0.44>], dictionary: [{couch_rewrite_count,0},{dont_log_response,true},{chttpd_stats,{st,...}},...], trap_exit: false, status: running, heap_size: 1598, stack_size: 28, reductions: 6583 >Mar 29 13:15:45 tecra couchdb[108694]: [error] 2022-03-29T00:15:45.553930Z [email protected] <0.15259.2> -------- CRASH REPORT Process (<0.15259.2>) with 0 neighbors crashed with reason: {invalid_ejson,{bad_block,88}} at jiffy:encode/2(line:99) <= couch_httpd:before_response/4(line:1207) <= couch_httpd:handle_response/5(line:1199) <= couch_httpd:send_response_no_cors/4(line:798) <= chttpd:process_request/1(line:318) <= chttpd:handle_request_int/1(line:249) <= mochiweb_http:headers/6(line:150) <= proc_lib:init_p_do_apply/3(line:226); initial_call: {mochiweb_acceptor,init,['Argument__1','Argument__2',...]}, ancestors: [chttpd,chttpd_sup,<0.352.0>], message_queue_len: 0, links: [<0.356.0>,#Port<0.44>], dictionary: [{couch_rewrite_count,0},{dont_log_response,true},{chttpd_stats,{st,...}},...], trap_exit: false, status: running, heap_size: 1598, stack_size: 28, reductions: 6583 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
