| Summary: | server crashs because of bad http/1.1 request of blacklist | ||
|---|---|---|---|
| Product: | UPPAAL | Reporter: | JC <chabada.bada> |
| Component: | Engine | Assignee: | Marius Mikučionis <marius> |
| Status: | ASSIGNED --- | ||
| Severity: | normal | CC: | adavid |
| Priority: | P5 | ||
| Version: | 4.1.14 | ||
| Hardware: | PC | ||
| OS: | All | ||
| Architecture: | |||
| Attachments: | output of the server command run without arguments | ||
I need more information about "transparent proxy". Also is this really an issue in 4.1.14, perhaps 4.0.14? 4.1.14 should not need any HTTP in the first place. |
Created attachment 287 [details] output of the server command run without arguments I am unable to launch the uppaal server. The cause is: - I am behind a transparent proxy - I do not know how the HTTP request is done but I guess the "Host: blabla" HTTP header is missing since the proxy cannot answer - This makes the server crash with a "core dump" Two things to fix: - Fix the HTTP header so that it passes through transparent proxies - Fix the core dump when the answer is not what is expected from the server I would also suggest HTTPS with a shipped X.509 certificate to prevent some man-in-the-middle malicious exploit any buffer overflow bug in the code downloading this blacklist (like this bug). As a side effect, you would give a bit more trouble to people wanting to bypass the blacklist verification: with the current system, adding some entry is /etc/hosts and running a web server is enough.