|
David Fraser
davidf at sjsoft.com
Mon Nov 24 14:23:47 EST 2003
Manera, Villiam wrote: >we have had the same behavior with ':&' > > Thanks, this was interesting... >Da: Cassiano, Marco >Inviato: lunedì 16 giugno 2003 11.53 >A: 'security at apache.org' >Cc: 'Gregory (Grisha) Trubetskoy' >Oggetto: Apache 2.0.46 - Possible DOS with particularly crafted HREF > >I would like to inform you of the behaviour of Apache when a link with a >particular HREF is clicked. > >First of all, our configuration is : > >Windows 2000 Server SP3 >Apache 2.0.46 >Mod-python 3.0.3 >Active State Python 2.2.2 > > >We have a python script that runs under mod-python which looks into the >database to find some articles and builds a table with the links to >"explode" each article and look into its details. This HTML table contains a >HREF for each article. Each HREF actually contains a call to another python >script that does the "explode" job. We pass the parameters to this script in >the usual "&" concatenation form. >It happened that one of the articles had a semicolon (";") as the final >character of its description >so the HREF was built in following way : "descriptionwithfinal;&next parm". >In other words the HREF contained the sequence ";&". >When we clicked on this link we got a "Page not found" error on the browser >but what really Apache did is the following (excerpt from error.log) : > > > >[Fri Jun 13 10:58:02 2003] [notice] Parent: child process exited with status >3221225477 -- Restarting. > > >-----Messaggio originale----- >Da: mod_python-bounces at modpython.org >[mailto:mod_python-bounces at modpython.org]Per conto di David Fraser >Inviato: giovedì 20 novembre 2003 13.20 >A: mod_python at modpython.org >Oggetto: [mod_python] Apache child process restarting under Win32 - >import errors > > >Hi > >We are having trouble with our application suddenly producing crashes >for all browsers connected to the system. >We are running under Windows, with Apache 2.0.47 and mod_python 3.0.3 >It seems that the problem is that a module that was imported correctly >somehow is not anymore... > >In trying to track this down, I found the following in the Apache error log: >[Wed Nov 19 08:53:31 2003] [notice] Parent: child process exited with >status 3221225477 -- Restarting. >[Wed Nov 19 08:53:31 2003] [notice] Parent: Created child process 4304 >[Wed Nov 19 08:53:32 2003] [notice] Child 4304: Child process is running >[Wed Nov 19 08:53:32 2003] [notice] Child 4304: Acquired the start mutex. >[Wed Nov 19 08:53:32 2003] [notice] Child 4304: Starting 250 worker threads. > >This happens directly before the first occurence of the problem (I've >taken off the date, [error], [client ip-address]: >PythonHandler jToolkit.web: Traceback (most recent call last):, referer: >http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 >PythonHandler jToolkit.web: File >"D:\Python22\Lib\site-packages\mod_python\apache.py", line 332, in >HandlerDispatch > result = object(req), referer: http://amvjoslbook/srf/grid.htm? >&TIMEFILTERENDDATE=19/11/03 08:53:22 >PythonHandler jToolkit.web: File >"D:\Python22\Lib\site-packages\jToolkit\web\__init__.py", line 99, in >handler > server = getserver(modulename, instancename), referer: >http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 >PythonHandler jToolkit.web: File >"D:\Python22\Lib\site-packages\jToolkit\web\__init__.py", line 82, in >getserver > raise AttributeError(errormessage), referer: >http://amvjoslbook/srf/grid.htm?&TIMEFILTERENDDATE=19/11/03 08:53:22 >PythonHandler jToolkit.web: AttributeError: module >'jLogbook.python.config' has no attribute 'AmerivenIndexPage' > >I made it print out the contents of the module at this point in the >error log: >module is <module 'jLogbook.python.config' from >'D:\Python22\lib\site-packages\jLogbook\python\config.pyc'>, attributes >are ['ADOProviders', '__builtins__', '__doc__', '__file__', '__name__', >'os', 'sys'] >This seems to indicate that only half of this module was imported... >perhaps because one of the other imports failed (these seem to be some >win32 extension modules) > >I was wondering if anyone else has experienced problems with Apache >restarting, and why this happens... > >David > > >_______________________________________________ >Mod_python mailing list >Mod_python at modpython.org >http://mailman.modpython.org/mailman/listinfo/mod_python > > >
|