Bug 45610 - status-worker: Bug in request parameter parsing for update action
status-worker: Bug in request parameter parsing for update action
Status: RESOLVED FIXED
Product: Tomcat Connectors
Classification: Unclassified
Component: Common
unspecified
PC Linux
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2008-08-11 00:36 UTC by Guido Jäkel
Modified: 2009-12-21 15:36 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Guido Jäkel 2008-08-11 00:36:01 UTC
Hi,

using mod_jk 1.2.26, i noticed an serious error in parameter parsing of the status worker using the update action:

In a service script i'm using an URL like

  $STATUS_URL/jk-status?mime=txt&cmd=update&w=$CLUSTER&sw=$WORKER&wa=$STATE

to switch the workers of clustered tomcat setup. In principle, all things work right. But if i (erroneously) set the empty value for the sub-worker tag (...&sw=&...), something completely wrong will happen: You'll got an "OK"-message and the sticky session attribute will be disabled!

Looks to me like a typical overwriting of a parameter block through a dangling pointer.

There might be more of this kind of bugs, one may do a complete revision of the parameter parsing.
Comment 1 Rainer Jung 2009-12-21 15:36:51 UTC
Erroneous unsetting of sticky_session has been fixed in

http://svn.apache.org/viewvc?rev=893028&view=rev

It was not dangling pointer issue, simply a wrong handling of default values for sticky_session and sticky_session_force.

Being less tolerant for an empty sub worker param has been added in

http://svn.apache.org/viewvc?rev=893032&view=rev

Note: this will only forbid "sw=" (no value) but not "sw" without "=".

Thanks for reporting the issue. Both fixes will be part of version 1.2.29.