Bug 604

Summary: server crashs because of bad http/1.1 request of blacklist
Product: UPPAAL Reporter: JC <chabada.bada>
Component: EngineAssignee: Marius Mikučionis <marius>
Status: ASSIGNED ---    
Severity: normal CC: adavid
Priority: P5    
Version: 4.1.14   
Hardware: PC   
OS: All   
Attachments: output of the server command run without arguments

Description JC 2016-02-18 11:18:55 CET
Created attachment 287 [details]
output of the server command run without arguments

I am unable to launch the uppaal server.
The cause is:
- I am behind a transparent proxy
- I do not know how the HTTP request is done but I guess the "Host: blabla" HTTP header is missing since the proxy cannot answer
- This makes the server crash with a "core dump"

Two things to fix:
- Fix the HTTP header so that it passes through transparent proxies
- Fix the core dump when the answer is not what is expected from the server

I would also suggest HTTPS with a shipped X.509 certificate to prevent some man-in-the-middle malicious exploit any buffer overflow bug in the code downloading this blacklist (like this bug). As a side effect, you would give a bit more trouble to people wanting to bypass the blacklist verification: with the current system, adding some entry is /etc/hosts and running a web server is enough.
Comment 1 Marius Mikučionis 2017-02-20 10:02:40 CET
I need more information about "transparent proxy".
Also is this really an issue in 4.1.14, perhaps 4.0.14?
4.1.14 should not need any HTTP in the first place.