This issue tracker is closed. Please visit UPPAAL issue tracker at Github instead.

Bug 604 - server crashs because of bad http/1.1 request of blacklist
Summary: server crashs because of bad http/1.1 request of blacklist
Status: ASSIGNED
Alias: None
Product: UPPAAL
Classification: Unclassified
Component: Engine (show other bugs)
Version: 4.1.14
Hardware: PC All
: P5 normal
Assignee: Marius Mikučionis
URL:
Depends on:
Blocks:
 
Reported: 2016-02-18 11:18 CET by JC
Modified: 2017-02-20 10:02 CET (History)
1 user (show)

See Also:
Architecture:

Attachments
output of the server command run without arguments (1.49 KB, text/plain)
2016-02-18 11:18 CET, JC 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description JC 2016-02-18 11:18:55 CET 
Created attachment 287 [details]
output of the server command run without arguments

I am unable to launch the uppaal server.
The cause is:
- I am behind a transparent proxy
- I do not know how the HTTP request is done but I guess the "Host: blabla" HTTP header is missing since the proxy cannot answer
- This makes the server crash with a "core dump"

Two things to fix:
- Fix the HTTP header so that it passes through transparent proxies
- Fix the core dump when the answer is not what is expected from the server

I would also suggest HTTPS with a shipped X.509 certificate to prevent some man-in-the-middle malicious exploit any buffer overflow bug in the code downloading this blacklist (like this bug). As a side effect, you would give a bit more trouble to people wanting to bypass the blacklist verification: with the current system, adding some entry is /etc/hosts and running a web server is enough.
Comment 1 Marius Mikučionis 2017-02-20 10:02:40 CET 
I need more information about "transparent proxy".
Also is this really an issue in 4.1.14, perhaps 4.0.14?
4.1.14 should not need any HTTP in the first place.