[Touch-packages] [Bug 1914481] Re: use the size of the data when determing the server response
** Description changed: - whoopsie's server_response code is using "g_string_append" instead of - "g_string_append_len" which has the knock on effect of sending too much - data to its "handle_response". This ends up being a problem if the daisy - servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. + [Impact] + whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. This becomes more problematic when daisy requests a core dump from the client as the CORE command won't match and the client will never send the core dump. + + [Test Case] + Setup a Bionic version of the Error Tracker: + 0) modify /etc/hosts so daisy.staging.ubuntu.com points to the IP of the apache server for daisy + 1) sudo service stop whoopsie + 2) sudo CRASH_DB_URL=https://daisy.staging.ubuntu.com whoopsie -f + 3) Run test/submit-crash test-crashes/hirsute/amd64/_bin_cat.2001.crash + 4) check the whoopsie log file for "Got command: OOPSID" and extra data. + + With the version of whoopsie from -proposed this will not happen. + Additionally, a regression test should be run against the staging + version of the error tracker by removing the entry from /etc/hosts for + the daisy.staging server. After confirming that one test crash works one + should also send a python crash, and an end of life release crash as + those all generate different response codes from the server. + + [Regression Potential] + The code being changed is clearly wrong and doesn't confirm to the curl API https://curl.se/libcurl/c/CURLOPT_WRITEFUNCTION.html. Additionallly, this is similar to the code before r707 of daisy which introduced this change so there is little chance of regression. That being said we are running a regression test to ensure whoopsie works with servers running Ubuntu 16.04. ** Summary changed: - use the size of the data when determing the server response + use the size of the data when determining the server response -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1914481 Title: use the size of the data when determining the server response Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Focal: In Progress Status in whoopsie source package in Groovy: In Progress Status in whoopsie source package in Hirsute: Fix Released Bug description: [Impact] whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. This becomes more problematic when daisy requests a core dump from the client as the CORE command won't match and the client will never send the core dump. [Test Case] Setup a Bionic version of the Error Tracker: 0) modify /etc/hosts so daisy.staging.ubuntu.com points to the IP of the apache server for daisy 1) sudo service stop whoopsie 2) sudo CRASH_DB_URL=https://daisy.staging.ubuntu.com whoopsie -f 3) Run test/submit-crash test-crashes/hirsute/amd64/_bin_cat.2001.crash 4) check the whoopsie log file for "Got command: OOPSID" and extra data. With the version of whoopsie from -proposed this will not happen. Additionally, a regression test should be run against the staging version of the error tracker by removing the entry from /etc/hosts for the daisy.staging server. After confirming that one test crash works one should also send a python crash, and an end of life release crash as those all generate different response codes from the server. [Regression Potential] The code being changed is clearly wrong and doesn't confirm to the curl API https://curl.se/libcurl/c/CURLOPT_WRITEFUNCTION.html. Additionallly, this is similar to the code before r707 of daisy which introduced this change so there is little chance of regre
[Touch-packages] [Bug 1914481] Re: use the size of the data when determing the server response
** Description changed: whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID - command. + command. This becomes more problematic when daisy requests a core dump + from the client as the CORE command won't match and the client will + never send the core dump. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1914481 Title: use the size of the data when determing the server response Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Focal: New Status in whoopsie source package in Groovy: New Status in whoopsie source package in Hirsute: Fix Released Bug description: whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. This becomes more problematic when daisy requests a core dump from the client as the CORE command won't match and the client will never send the core dump. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1914481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914481] Re: use the size of the data when determing the server response
** Branch linked: lp:whoopsie -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1914481 Title: use the size of the data when determing the server response Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Focal: New Status in whoopsie source package in Groovy: New Status in whoopsie source package in Hirsute: Fix Released Bug description: whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1914481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914481] Re: use the size of the data when determing the server response
For fixing this via an SRU for focal and groovy, the Ubuntu Security team is okay with the result of this going to the security pocket, assuming the update is built in a ppa where only security updates are enabled. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1914481 Title: use the size of the data when determing the server response Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Focal: New Status in whoopsie source package in Groovy: New Status in whoopsie source package in Hirsute: Fix Released Bug description: whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1914481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1914481] Re: use the size of the data when determing the server response
This bug was fixed in the package whoopsie - 0.2.75 --- whoopsie (0.2.75) hirsute; urgency=medium * src/whoopsie.c: modify server_response() so that it does not incorrectly assume that data is null-terminated and actually use the size of the data. (LP: #1914481) -- Brian Murray Wed, 03 Feb 2021 15:46:59 -0800 ** Changed in: whoopsie (Ubuntu Hirsute) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1914481 Title: use the size of the data when determing the server response Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Focal: New Status in whoopsie source package in Groovy: New Status in whoopsie source package in Hirsute: Fix Released Bug description: whoopsie's server_response code is using "g_string_append" instead of "g_string_append_len" which has the knock on effect of sending too much data to its "handle_response". This ends up being a problem if the daisy servers are running on Ubuntu 18.04 instead of Ubuntu 16.04. Here's an example when using whoopsie on groovy to send a crash to a bionic daisy server: [15:35:30] Sent; server replied with: No error [15:35:30] Response code: 200 [15:35:30] Initial response data is: 2bbb776e-64e6-11eb-a8d6-00163eddedf4 OOPSID 0 [15:35:30] Got command: OOPSID We can see a fair number of extra characters (\n0\n\n) after the OOSID command. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1914481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
