Special HTTP GET character crashes MiServer 2.x

MiServer is Dyalog's APL-based web development framework

Special HTTP GET character crashes MiServer 2.x

Postby woody on Wed Apr 10, 2019 1:42 pm

Greetings,

I've noticed over the years ... that occasionally ... somehow .. a special (non standard) character is passed through an HTTP GET that causes MiServer to crash.

Have you seen this before?

BadCharacter.JPG


I'm running MiServer 2.X (the latest GITHUB version)

Thanks!

//W
Woodley Butler
Automatonics, Inc.
"Find your head in the APL Cloud"
http://www.APLcloud.com
User avatar
woody
 
Posts: 111
Joined: Tue Dec 28, 2010 12:54 am
Location: Atlanta, Georgia USA

Re: Special HTTP GET character crashes MiServer 2.x

Postby Adam|Dyalog on Mon Apr 15, 2019 3:11 pm

Hi Woody,

Do you have an example data value from when that happens so we can get an idea about what's going on?
User avatar
Adam|Dyalog
 
Posts: 59
Joined: Thu Jun 25, 2015 1:13 pm

Re: Special HTTP GET character crashes MiServer 2.x

Postby woody on Tue May 21, 2019 7:36 pm

I just changed my CONFIG to allow the APL Error to POP without trapping?

<TrapErrors>0</TrapErrors><!-- Valid: 0=Crash, 1=Trap and Log errors -->

So, I'll learn more soon .. when it crashes again...


This is what I see.. but it seems to be error trapped.

I need to find out the value of "data"


IPv4 172.31.52.237:56054 172 31 52 237 56054 200 OK
DOMAIN ERROR
Make[42] Content←'UTF-8'⎕UCS data

DOMAIN ERROR
Error[5] :ElseIf no>10000

Web server 'SRV00000000' stopped
Woodley Butler
Automatonics, Inc.
"Find your head in the APL Cloud"
http://www.APLcloud.com
User avatar
woody
 
Posts: 111
Joined: Tue Dec 28, 2010 12:54 am
Location: Atlanta, Georgia USA

Re: Special HTTP GET character crashes MiServer 2.x

Postby woody on Sat Jun 01, 2019 3:39 pm

OK... APL running MiServer v2.x stopped with the data error.

The symptom is some invalid number or sequence in the numerical simple vector: data

Here's the function Make that is in the HTTPRequest.dyalog namespace for MiServer v2x.

See the line:
:Else
Content←'UTF-8'⎕UCS data
Data←0 2⍴⊂''
:EndIf

Code: Select all
    ∇ Make(cmd data);buf;input;args;req;hdrs;i;z;pars;mask;new;s;cookies
      :Access Public Instance
      :Implements Constructor
⍝ Decode an HTTP command line: get /page&arg1=x&arg2=y
⍝ Return namespace containing:
⍝ Command: HTTP Command ('get' or 'post')
⍝ Headers: HTTP Headers as 2 column matrix or name/value pairs
⍝ Page:    Requested page
⍝ Arguments: Arguments to the command (cmd?arg1=value1&arg2=value2) as 2 column matrix of name/value pairs

      Response←⎕NS''
      Response.(Status StatusText Headers File HTML HTMLHead PeerAddr NoWrap Bytes)←200 'OK'(0 2⍴⊂'')0 '' '' '' 0(0 0)
      Response.Request←cmd,data
      PeerCert←0 0⍴⊂'' ⋄ Data←0 2⍴⊂''
      PeerAddr←''
      MSec←⎕AI[3]
     
      input←1⊃,req←2⊃DecodeHeader cmd
      Input←input
      hdrs←{(0≠⊃∘⍴¨⍵[;1])⌿⍵}1 0↓req
      Headers←hdrs
     
      Command buf←' 'split input
      Command←#.Strings.lc Command
     
      buf z←'HTTP/'split buf
      Page args←'?'split ¯1↓buf
      Page←ArgXLT Page
     
      Arguments←1 URLDecodeArgs args
     
⍝ PeerCert←conns.PeerCert
     
      :If (1↑⍴hdrs)≥i←hdrs[;1]⍳⊂'content-type'
      :AndIf 'multipart/form-data'begins z←{(+/∧\⍵=' ')↓⍵}⊃hdrs[i;2]
          z←'UTF-8'⎕UCS'--',(8+('boundary='⍷z)⍳1)↓z ⍝ boundary string
          Data←↑DecodeMultiPart¨¯1↓z{(⍴⍺)↓¨(⍺⍷⍵)⊂⍵}data ⍝ ¯1↓ because last boundary has '--' appended
      :ElseIf 'application/x-www-form-urlencoded'begins z
          Data←1 URLDecodeArgs'UTF-8'⎕UCS data
      :ElseIf 'text/plain'begins z
          Data←1 2⍴'Data'('UTF-8'⎕UCS data) ⍝ if text, create artificial "Data" entry
      :Else
          Content←'UTF-8'⎕UCS data
          Data←0 2⍴⊂''
      :EndIf
     
      Cookies←0 2⍴⊂''
      :If (1↑⍴hdrs)≥i←hdrs[;1]⍳⊂'cookie'
          cookies←CookieSplit⊃hdrs[i;2]
          :If ~0∊⍴cookies←(2=⊃∘⍴¨cookies)/cookies
              Cookies←↑{(' '~⍨1⊃⍵)(2⊃⍵)}¨cookies
          :EndIf
      :EndIf
     
     
      :If ∨/mask←(Data⍪Arguments)[;1]{⍵≡(-⍴⍵)↑⍺}¨⊂'serialized' ⍝ do we have any serialized form data from AJAX?
          new←0 2⍴⊂''
          :For s :In mask/(Data⍪Arguments)[;2]
              new⍪←1 URLDecodeArgs s
          :EndFor
          Data←((~(⊃⍴Data)↑mask)⌿Data)⍪new
      :EndIf
     
     
⍝BPB - I think this section can be removed, so I've commented it out to see if there is any effect
⍝      :If 9=⎕NC'SessionHandler' ⍝ Was a SessionHandler assigned?
⍝          SessionHandler.HandleRequest ⎕THIS ⍝ If so, let it do its stuff
⍝      :EndIf
    ∇


I played with data and discovered 2 invalid numbers ... there may be others.

Note the HEADER entry:
content-type application/octet-stream

Reference: https://kb.iu.edu/d/agtj

The Make function does not have a specific case for application/octet-stream
and defaults to the ELSE line that generates the error.


Code: Select all
1632:DOMAIN ERROR: Invalid UTF-8 sequence
Make[42] Content←'UTF-8'⎕UCS data
        ∧
      ⍴data
7080
      ⌈/data
255
      ⌊/data
0
      10↑data
61 93 124 174 49 232 218 144 213 133

      Content←'UTF-8'⎕UCS 100↑data
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS 100↑data
     ∧

      Content←'UTF-8'⎕UCS 10↑data
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS 10↑data
     ∧

      Content←'UTF-8'⎕UCS 1↑data
      Content←'UTF-8'⎕UCS 2↑data
      Content←'UTF-8'⎕UCS 3↑data
      Content←'UTF-8'⎕UCS 4↑data
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS 4↑data
     ∧

      d←data[4]
      d
174
      4×d
696
      Content←'UTF-8'⎕UCS d
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS d
     ∧

⍝ Checking the IF, ELSEIF and ELSE  logic inside   Make   function:

     (1↑⍴hdrs)≥i←hdrs[;1]⍳⊂'content-type'
1
    'multipart/form-data'begins z←{(+/∧\⍵=' ')↓⍵}⊃hdrs[i;2]
0
   'application/x-www-form-urlencoded'begins z
0
  'text/plain'begins z
0

⍝ Tried to remove invalid UTF-8  value   174    but still got invalid UCS

      +/174=data
26
        Content←'UTF-8'⎕UCS data~174
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS data~174
     ∧

      Content←'UTF-8'⎕UCS 5↑data~174
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS 5↑data~174
     ∧

      Content←'UTF-8'⎕UCS 4↑data~174
     (data~174)[5]
232
      Content←'UTF-8'⎕UCS 5↑data~174 232
1632:DOMAIN ERROR: Invalid UTF-8 sequence
      Content←'UTF-8'⎕UCS 5↑data~174 232
     ∧

          hdrs
 connection       Keep-Alive
 content-type     application/octet-stream
 accept-encoding  gzip
 cookie           K=C8J+5AhWvssry9DOD5V4n+zVaxHHg6bmFqirOSOminEoPCSAcKldjRbrkg5r+hqW3KR/MMTzzQazA5NXlVZXiToUHnIKYuMuVS2XuG
 host             Localhost.com:8016
 max-forwards     10
 x-original-host  contentrentals.com
 x-original-url   /
 x-forwarded-for  5.232.155.14:2287
 x-arr-log-id     a62f8a1e-d4a2-4831-926d-816a419e288c
 content-length   7080




      6jyJR5SepmcQ0CWc40XNZ1D7xySrdmPV3g6z1TZxDcJTqm4e938jwamvfVCQxYIduN0zbLrmr6AH5HJ8mVviM+XORNFM+oO+LvhpdE8NYE/VWpztc6GK











      teKnYkCVS4jCyqPjT8hvo746MVaSSNVuUu0u7LuDT7C5zqV7RQbyadCWtR4qNyxk7C+pWC9vrpBsbuxekPoQYyfhdGB01LYNQGNYH7

⍝ Verify data is all numbers:

    +/data
899043

     ⍴hdrs
11 2


⍝ Gave up ... and posted this into the forum


Thoughts?
Woodley Butler
Automatonics, Inc.
"Find your head in the APL Cloud"
http://www.APLcloud.com
User avatar
woody
 
Posts: 111
Joined: Tue Dec 28, 2010 12:54 am
Location: Atlanta, Georgia USA


Return to MiServer

Who is online

Users browsing this forum: No registered users and 0 guests