|
Manera, Villiam
vmanera at manord.com
Fri Nov 21 18:00:18 EST 2003
we have had the same behavior with ':&' Da: Cassiano, Marco Inviato: lunedì 16 giugno 2003 11.53 A: 'security at apache.org' Cc: 'Gregory (Grisha) Trubetskoy' Oggetto: Apache 2.0.46 - Possible DOS with particularly crafted HREF I would like to inform you of the behaviour of Apache when a link with a particular HREF is clicked. First of all, our configuration is : Windows 2000 Server SP3 Apache 2.0.46 Mod-python 3.0.3 Active State Python 2.2.2 We have a python script that runs under mod-python which looks into the database to find some articles and builds a table with the links to "explode" each article and look into its details. This HTML table contains a HREF for each article. Each HREF actually contains a call to another python script that does the "explode" job. We pass the parameters to this script in the usual "&" concatenation form. It happened that one of the articles had a semicolon (";") as the final character of its description so the HREF was built in following way : "descriptionwithfinal;&next parm". In other words the HREF contained the sequence ";&". When we clicked on this link we got a "Page not found" error on the browser but what really Apache did is the following (excerpt from error.log) : [Fri Jun 13 10:58:02 2003] [notice] Parent: child process exited with status 3221225477 -- Restarting. -----Messaggio originale----- Da: mod_python-bounces at modpython.org [mailto:mod_python-bounces at modpython.org]Per conto di David Fraser Inviato: giovedì 20 novembre 2003 13.20 A: mod_python at modpython.org Oggetto: [mod_python] Apache child process restarting under Win32 - import errors Hi We are having trouble with our application suddenly producing crashes for all browsers connected to the system. We are running under Windows, with Apache 2.0.47 and mod_python 3.0.3 It seems that the problem is that a module that was imported correctly somehow is not anymore... In trying to track this down, I found the following in the Apache error log: [Wed Nov 19 08:53:31 2003] [notice] Parent: child process exited with status 3221225477 -- Restarting. [Wed Nov 19 08:53:31 2003] [notice] Parent: Created child process 4304 [Wed Nov 19 08:53:32 2003] [notice] Child 4304: Child process is running [Wed Nov 19 08:53:32 2003] [notice] Child 4304: Acquired the start mutex. [Wed Nov 19 08:53:32 2003] [notice] Child 4304: Starting 250 worker threads. This happens directly before the first occurence of the problem (I've taken off the date, [error], [client ip-address]: PythonHandler jToolkit.web: Traceback (most recent call last):, referer: http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 PythonHandler jToolkit.web: File "D:\Python22\Lib\site-packages\mod_python\apache.py", line 332, in HandlerDispatch result = object(req), referer: http://amvjoslbook/srf/grid.htm? &TIMEFILTERENDDATE=19/11/03 08:53:22 PythonHandler jToolkit.web: File "D:\Python22\Lib\site-packages\jToolkit\web\__init__.py", line 99, in handler server = getserver(modulename, instancename), referer: http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 PythonHandler jToolkit.web: File "D:\Python22\Lib\site-packages\jToolkit\web\__init__.py", line 82, in getserver raise AttributeError(errormessage), referer: http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 PythonHandler jToolkit.web: AttributeError: module 'jLogbook.python.config' has no attribute 'AmerivenIndexPage' I made it print out the contents of the module at this point in the error log: module is <module 'jLogbook.python.config' from 'D:\Python22\lib\site-packages\jLogbook\python\config.pyc'>, attributes are ['ADOProviders', '__builtins__', '__doc__', '__file__', '__name__', 'os', 'sys'] This seems to indicate that only half of this module was imported... perhaps because one of the other imports failed (these seem to be some win32 extension modules) I was wondering if anyone else has experienced problems with Apache restarting, and why this happens... David _______________________________________________ Mod_python mailing list Mod_python at modpython.org http://mailman.modpython.org/mailman/listinfo/mod_python
|