Return-Path: X-Original-To: apmail-lucene-dev-archive@www.apache.org Delivered-To: apmail-lucene-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2B8DE4ED6 for ; Fri, 1 Jul 2011 20:43:52 +0000 (UTC) Received: (qmail 44329 invoked by uid 500); 1 Jul 2011 20:43:50 -0000 Delivered-To: apmail-lucene-dev-archive@lucene.apache.org Received: (qmail 43932 invoked by uid 500); 1 Jul 2011 20:43:49 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 43916 invoked by uid 99); 1 Jul 2011 20:43:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2011 20:43:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2011 20:43:48 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 729CD43FEB4 for ; Fri, 1 Jul 2011 20:43:28 +0000 (UTC) Date: Fri, 1 Jul 2011 20:43:28 +0000 (UTC) From: "Uwe Schindler (JIRA)" To: dev@lucene.apache.org Message-ID: <152134841.9694.1309553008466.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1154454947.9691.1309552889011.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (SOLR-2631) PingRequestHandler can infinite loop if called with a qt that points to itsself MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SOLR-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13058785#comment-13058785 ] Uwe Schindler commented on SOLR-2631: ------------------------------------- Edoardo Tosca, who reported the issue, gave the following workaround for solrconfig.xml to fix this by configuration: {quote} Ok, to solve the Ping problem you can add an invariant: solrpingquery all search in this case you avoid generating recursive calls to /admin/ping handler Edo {quote} > PingRequestHandler can infinite loop if called with a qt that points to itsself > ------------------------------------------------------------------------------- > > Key: SOLR-2631 > URL: https://issues.apache.org/jira/browse/SOLR-2631 > Project: Solr > Issue Type: Bug > Components: search, web gui > Affects Versions: 1.4, 3.1, 3.2, 3.3 > Reporter: Uwe Schindler > Assignee: Uwe Schindler > Fix For: 3.4, 4.0 > > > We got a security report to private@lucene.apache.org, that Solr can infinite loop, use 100% CPU and stack overflow, if you execute the following HTTP request: > - http://localhost:8983/solr/select?qt=/admin/ping > - http://localhost:8983/admin/ping?qt=/admin/ping > The qt paramter instructs PingRequestHandler to call the given request handler. This leads to an infinite loop. This is not an security issue, but for an unprotected Solr server with unprotected /solr/select path this makes it stop working. > The fix is to prevent infinite loop by disallowing calling itsself. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org