|Summary:||server crashs because of bad http/1.1 request of blacklist|
|Component:||Engine||Assignee:||Marius Mikučionis <marius>|
|Attachments:||output of the server command run without arguments|
Description JC 2016-02-18 11:18:55 CET
Created attachment 287 [details] output of the server command run without arguments I am unable to launch the uppaal server. The cause is: - I am behind a transparent proxy - I do not know how the HTTP request is done but I guess the "Host: blabla" HTTP header is missing since the proxy cannot answer - This makes the server crash with a "core dump" Two things to fix: - Fix the HTTP header so that it passes through transparent proxies - Fix the core dump when the answer is not what is expected from the server I would also suggest HTTPS with a shipped X.509 certificate to prevent some man-in-the-middle malicious exploit any buffer overflow bug in the code downloading this blacklist (like this bug). As a side effect, you would give a bit more trouble to people wanting to bypass the blacklist verification: with the current system, adding some entry is /etc/hosts and running a web server is enough.
Comment 1 Marius Mikučionis 2017-02-20 10:02:40 CET
I need more information about "transparent proxy". Also is this really an issue in 4.1.14, perhaps 4.0.14? 4.1.14 should not need any HTTP in the first place.