Bug #5248
Tvheadend crashes from bad(???) data from webif/api
Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Start date:
2018-10-10
Due date:
% Done:
0%
Estimated time:
Found in version:
4.3
Affected Versions:
Description
When testing some scripts for retrieving data using the api, I managed to cause some crashes.
command:
# curl -v --data-urlencode @filter.json 'http://admin:admin@localhost:9981/api' * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 9981 (#0) * Server auth using Basic with user 'admin' > POST /api HTTP/1.1 > Host: localhost:9981 > Authorization: Basic YWRtaW46YWxpZW4y > User-Agent: curl/7.52.1 > Accept: */* > Content-Length: 387 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 387 out of 387 bytes * Curl_http_done: called premature == 0 * Empty reply from server * Connection #0 to host localhost left intact curl: (52) Empty reply from server
filter.json:
filter=[ { "field" : "title", "type" : "string", "value" : "movie" } ]
printf add to source to see problem:
static int webui_api_handler ( http_connection_t *hc, const char *remain, void *opaque ) { int r; http_arg_t *ha; htsmsg_t *args, *resp = NULL; /* Build arguments */ args = htsmsg_create_map(); TAILQ_FOREACH(ha, &hc->hc_req_args, link) { printf(" key: %s val: %s \n", ha->key, ha->val); htsmsg_add_str(args, ha->key, ha->val); }
crash:
2018-10-10 10:45:58.571 [ NOTICE] START: HTS Tvheadend version 4.3-1432~g7ae79cb1d-dirty started, running as PID:13681 UID:118 GID:44, CWD:/root CNF:/home/hts/.hts/tvheadend printf: key: filter=[ { "field" : "title", "type" : "string", "value" : "movie" } ] val: (null) 2018-10-10 10:46:01.219 [ TRACE] http: HTTP/1.1 POST /api?filter=[ { "field" : "title", "type" : "string", "value" : "movie" } ] =(null){{Host=localhost:9981,Authorization=Basic,User-Agent=curl/7.52.1,Accept=*/*,Content-Length=387,Content-Type=application/x-www-form-urlencoded}} 2018-10-10 10:46:01.219 [ ALERT] CRASH: Signal: 11 in PRG: /home/builder/tvheadend_official/tvheadend/build.linux/tvheadend (4.3-1432~g7ae79cb1d-dirty) [57046cc8b3d327c0197c818e4d1224e77c029e64] CWD: /root 2018-10-10 10:46:01.219 [ ALERT] CRASH: Fault address (nil) (Address not mapped) 2018-10-10 10:46:01.219 [ ALERT] CRASH: Loaded libraries: linux-vdso.so.1 /usr/lib/x86_64-linux-gnu/libdvbcsa.so.1 /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libz.so.1 /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 /usr/lib/x86_64-linux-gnu/liburiparser.so.1 /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 /usr/lib/x86_64-linux-gnu/libva.so.1 /usr/lib/x86_64-linux-gnu/libva-x11.so.1 /usr/lib/x86_64-linux-gnu/libva-drm.so.1 /lib/x86_64-linux-gnu/libdbus-1.so.3 /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/libm.so.6 /lib/x86_64-linux-gnu/librt.so.1 /lib/x86_64-linux-gnu/libmvec.so.1 /usr/lib/x86_64-linux-gnu/libstdc++.so.6 /usr/lib/x86_64-linux-gnu/libX11.so.6 /usr/lib/x86_64-linux-gnu/libvdpau.so.1 /lib/x86_64-linux-gnu/libc.so.6 /usr/lib/x86_64-linux-gnu/libXext.so.6 /usr/lib/x86_64-linux-gnu/libXfixes.so.3 /usr/lib/x86_64-linux-gnu/libdrm.so.2 /lib/x86_64-linux-gnu/libsystemd.so.0 /lib64/ld-li 2018-10-10 10:46:01.219 [ ALERT] CRASH: Register dump [23]: 00007f249d72aa7e00000000000000af0000000000000073000000000000000000007f246000094000007f246e1ef74000000000000000000000000000000000000000000000000000007f2460000940000000000000000000007f24600008c000000000000000000000000000000000000000000000000000007f246e1ef40800007f249d6496760000000000010293002b0000000000330000000000000004000000000000000efffffffe7ffbba130000000000000000 2018-10-10 10:46:01.219 [ ALERT] CRASH: STACKTRACE 2018-10-10 10:46:01.254 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/trap.c:176 0x55f1b9d2ec9a 0x55f1b9b14000 2018-10-10 10:46:01.293 [ ALERT] CRASH: ??:0 0x7f249e9750c0 0x7f249e964000 2018-10-10 10:46:01.293 [ ALERT] CRASH: strlen+0x26 (/lib/x86_64-linux-gnu/libc.so.6) 2018-10-10 10:46:01.326 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/htsmsg.c:351 0x55f1b9d268d5 0x55f1b9b14000 2018-10-10 10:46:01.360 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/webui/webui_api.c:40 (discriminator 3) 0x55f1b9d8b637 0x55f1b9b14000 2018-10-10 10:46:01.386 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1194 0x55f1b9cff512 0x55f1b9b14000 2018-10-10 10:46:01.423 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1331 0x55f1b9d008bc 0x55f1b9b14000 2018-10-10 10:46:01.456 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1486 0x55f1b9cffa74 0x55f1b9b14000 2018-10-10 10:46:01.485 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1971 0x55f1b9d00c3b 0x55f1b9b14000 2018-10-10 10:46:01.514 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:2022 0x55f1b9d00ef5 0x55f1b9b14000 2018-10-10 10:46:01.548 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/tcp.c:717 0x55f1b9cf8032 0x55f1b9b14000 2018-10-10 10:46:01.576 [ ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/wrappers.c:181 0x55f1b9cf3701 0x55f1b9b14000 2018-10-10 10:46:01.621 [ ALERT] CRASH: ??:0 0x7f249e96b494 0x7f249e964000 Segmentation fault
Without "urlencode", no crash:
# curl -v --data @filter.json 'http://admin:admin@localhost:9981/api' * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 9981 (#0) * Server auth using Basic with user 'admin' > POST /api HTTP/1.1 > Host: localhost:9981 > Authorization: Basic YWRtaW46YWxpZW4y > User-Agent: curl/7.52.1 > Accept: */* > Content-Length: 146 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 146 out of 146 bytes < HTTP/1.1 400 Bad Request < Server: HTS/tvheadend < Cache-Control: no-cache < Connection: Keep-Alive < Content-Type: text/html < Content-Length: 155 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>400 Bad Request</TITLE> </HEAD><BODY> <H1>400 Bad Request</H1> </BODY></HTML> * Curl_http_done: called premature == 0 * Connection #0 to host localhost left intact
log:
2018-10-10 10:55:22.789 [ NOTICE] START: HTS Tvheadend version 4.3-1432~g7ae79cb1d-dirty started, running as PID:14358 UID:118 GID:44, CWD:/root CNF:/home/hts/.hts/tvheadend printf: key: filter val: [ { "field" : "title", "type" : "string", "value" : "movie" } ] 2018-10-10 10:55:51.944 [ TRACE] http: HTTP/1.1 POST /api?filter=[ { "field" : "title", "type" : "string", "value" : "movie" } ]{{Host=localhost:9981,Authorization=Basic,User-Agent=curl/7.52.1,Accept=*/*,Content-Length=146,Content-Type=application/x-www-form-urlencoded}} 2018-10-10 10:55:51.944 [ ERROR] http: 127.0.0.1: HTTP/1.1 POST (3) /api -- 400
Note also, the url just has to have "/api" the data is parsed before the api is looked for...
It seems there should be a "null" check, but not sure if it is better to be done in webui_api.c or htsmsg.c??