Project

General

Profile

Bug #5248

Tvheadend crashes from bad(???) data from webif/api

Added by Joe User about 6 years ago. Updated over 4 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Start date:
2018-10-10
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3
Affected Versions:

Description

When testing some scripts for retrieving data using the api, I managed to cause some crashes.

command:

# curl -v --data-urlencode @filter.json 'http://admin:admin@localhost:9981/api'

* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9981 (#0)
* Server auth using Basic with user 'admin'
> POST /api HTTP/1.1
> Host: localhost:9981
> Authorization: Basic YWRtaW46YWxpZW4y
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Length: 387
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 387 out of 387 bytes
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server

filter.json:

filter=[
            {
                "field" : "title",
                "type"  : "string",
                "value" : "movie" 
             }
        ]

printf add to source to see problem:

static int
webui_api_handler
  ( http_connection_t *hc, const char *remain, void *opaque )
{
  int r;
  http_arg_t *ha;
  htsmsg_t *args, *resp = NULL;

  /* Build arguments */
  args = htsmsg_create_map();
  TAILQ_FOREACH(ha, &hc->hc_req_args, link) {
printf(" key: %s   val: %s \n",  ha->key, ha->val);
    htsmsg_add_str(args, ha->key, ha->val);
  }

crash:
2018-10-10 10:45:58.571 [ NOTICE] START: HTS Tvheadend version 4.3-1432~g7ae79cb1d-dirty started, running as PID:13681 UID:118 GID:44, CWD:/root CNF:/home/hts/.hts/tvheadend

printf:

 key: filter=[
            {
                "field" : "title",
                "type"  : "string",
                "value" : "movie" 
             }
        ]
   val: (null) 

2018-10-10 10:46:01.219 [  TRACE] http: HTTP/1.1 POST /api?filter=[
            {
                "field" : "title",
                "type"  : "string",
                "value" : "movie" 
             }
        ]
=(null){{Host=localhost:9981,Authorization=Basic,User-Agent=curl/7.52.1,Accept=*/*,Content-Length=387,Content-Type=application/x-www-form-urlencoded}}
2018-10-10 10:46:01.219 [  ALERT] CRASH: Signal: 11 in PRG: /home/builder/tvheadend_official/tvheadend/build.linux/tvheadend (4.3-1432~g7ae79cb1d-dirty) [57046cc8b3d327c0197c818e4d1224e77c029e64] CWD: /root  
2018-10-10 10:46:01.219 [  ALERT] CRASH: Fault address (nil) (Address not mapped)
2018-10-10 10:46:01.219 [  ALERT] CRASH: Loaded libraries: linux-vdso.so.1 /usr/lib/x86_64-linux-gnu/libdvbcsa.so.1 /usr/lib/x86_64-linux-gnu/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 /lib/x86_64-linux-gnu/libz.so.1 /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 /usr/lib/x86_64-linux-gnu/liburiparser.so.1 /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 /usr/lib/x86_64-linux-gnu/libva.so.1 /usr/lib/x86_64-linux-gnu/libva-x11.so.1 /usr/lib/x86_64-linux-gnu/libva-drm.so.1 /lib/x86_64-linux-gnu/libdbus-1.so.3 /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/libm.so.6 /lib/x86_64-linux-gnu/librt.so.1 /lib/x86_64-linux-gnu/libmvec.so.1 /usr/lib/x86_64-linux-gnu/libstdc++.so.6 /usr/lib/x86_64-linux-gnu/libX11.so.6 /usr/lib/x86_64-linux-gnu/libvdpau.so.1 /lib/x86_64-linux-gnu/libc.so.6 /usr/lib/x86_64-linux-gnu/libXext.so.6 /usr/lib/x86_64-linux-gnu/libXfixes.so.3 /usr/lib/x86_64-linux-gnu/libdrm.so.2 /lib/x86_64-linux-gnu/libsystemd.so.0 /lib64/ld-li
2018-10-10 10:46:01.219 [  ALERT] CRASH: Register dump [23]: 00007f249d72aa7e00000000000000af0000000000000073000000000000000000007f246000094000007f246e1ef74000000000000000000000000000000000000000000000000000007f2460000940000000000000000000007f24600008c000000000000000000000000000000000000000000000000000007f246e1ef40800007f249d6496760000000000010293002b0000000000330000000000000004000000000000000efffffffe7ffbba130000000000000000
2018-10-10 10:46:01.219 [  ALERT] CRASH: STACKTRACE
2018-10-10 10:46:01.254 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/trap.c:176 0x55f1b9d2ec9a 0x55f1b9b14000
2018-10-10 10:46:01.293 [  ALERT] CRASH: ??:0 0x7f249e9750c0 0x7f249e964000
2018-10-10 10:46:01.293 [  ALERT] CRASH: strlen+0x26  (/lib/x86_64-linux-gnu/libc.so.6)
2018-10-10 10:46:01.326 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/htsmsg.c:351 0x55f1b9d268d5 0x55f1b9b14000
2018-10-10 10:46:01.360 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/webui/webui_api.c:40 (discriminator 3) 0x55f1b9d8b637 0x55f1b9b14000
2018-10-10 10:46:01.386 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1194 0x55f1b9cff512 0x55f1b9b14000
2018-10-10 10:46:01.423 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1331 0x55f1b9d008bc 0x55f1b9b14000
2018-10-10 10:46:01.456 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1486 0x55f1b9cffa74 0x55f1b9b14000
2018-10-10 10:46:01.485 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:1971 0x55f1b9d00c3b 0x55f1b9b14000
2018-10-10 10:46:01.514 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/http.c:2022 0x55f1b9d00ef5 0x55f1b9b14000
2018-10-10 10:46:01.548 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/tcp.c:717 0x55f1b9cf8032 0x55f1b9b14000
2018-10-10 10:46:01.576 [  ALERT] CRASH: /home/builder/tvheadend_official/tvheadend/src/wrappers.c:181 0x55f1b9cf3701 0x55f1b9b14000
2018-10-10 10:46:01.621 [  ALERT] CRASH: ??:0 0x7f249e96b494 0x7f249e964000
Segmentation fault

Without "urlencode", no crash:

# curl -v --data @filter.json 'http://admin:admin@localhost:9981/api'

* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9981 (#0)
* Server auth using Basic with user 'admin'
> POST /api HTTP/1.1
> Host: localhost:9981
> Authorization: Basic YWRtaW46YWxpZW4y
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Length: 146
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 146 out of 146 bytes
< HTTP/1.1 400 Bad Request
< Server: HTS/tvheadend
< Cache-Control: no-cache
< Connection: Keep-Alive
< Content-Type: text/html
< Content-Length: 155
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>400 Bad Request</H1>
</BODY></HTML>
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact

log:
2018-10-10 10:55:22.789 [ NOTICE] START: HTS Tvheadend version 4.3-1432~g7ae79cb1d-dirty started, running as PID:14358 UID:118 GID:44, CWD:/root CNF:/home/hts/.hts/tvheadend

printf:
 key: filter   val: [            {                "field" : "title",                "type"  : "string",                "value" : "movie"             }      

  ] 

2018-10-10 10:55:51.944 [  TRACE] http: HTTP/1.1 POST /api?filter=[            {                "field" : "title",                "type"  : "string",                "value" : "movie"             }        ]{{Host=localhost:9981,Authorization=Basic,User-Agent=curl/7.52.1,Accept=*/*,Content-Length=146,Content-Type=application/x-www-form-urlencoded}}
2018-10-10 10:55:51.944 [  ERROR] http: 127.0.0.1: HTTP/1.1 POST (3) /api -- 400

Note also, the url just has to have "/api" the data is parsed before the api is looked for...

It seems there should be a "null" check, but not sure if it is better to be done in webui_api.c or htsmsg.c??

History

#1

Updated by Flole Systems over 4 years ago

  • Status changed from New to Fixed

Also available in: Atom PDF