This is a snapshot of Indico's old Trac site. Any information contained herein is most probably outdated. Access our new GitHub site here.

Opened 2 years ago

Last modified 2 years ago

#1236 assigned defect

Indico should not rely on the content-length header field

Reported by: sylvestre Owned by:
Priority: high Milestone: v2.6
Component: General Version: 0.99
Keywords: Cc:

Description

The display of /abstractSubmission.py?confId=15 is failing on my indico instance.

The error is:

exception message => 'content-length'
exception type => <type 'exceptions.KeyError'>
traceback => 
  File "/usr/local/lib/python2.7/dist-packages/indico-0.99-py2.7.egg/MaKaC/webinterface/rh/base.py", line 547, in process
    self._checkParams( self._reqParams )

  File "/usr/local/lib/python2.7/dist-packages/indico-0.99-py2.7.egg/MaKaC/webinterface/rh/CFADisplay.py", line 206, in _checkParams
    headerSize = self._req.headers_in["content-length"]

request handler => MaKaC.webinterface.rh.CFADisplay.RHAbstractSubmission
url => http://fooo/abstractSubmission.py?confId=15
parameters => 
confId = 15
headers => 
Host: foo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Iceweasel/10.0.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foo/userAbstracts.py?confId=15
Cookie: Enabled=true; MAKACSESSION=215EAC2EAD300F61
Pragma: no-cache
Cache-Control: no-cache
user => [0] bar, bar <sylvestre@ledru.info>
--------------------

In MaKaC/webinterface/rh/CFADisplay.py, this code is failing:

	headerSize = self._req.headers_in["content-length"]
        AbstractParam._checkParams(self, params, self._conf, headerSize)

Change History (6)

comment:1 Changed 2 years ago by jbenito

  • Milestone set to v1.1
  • Priority changed from normal to high

comment:2 Changed 2 years ago by sylvestre

Changing the code to:

	try:
            headerSize = self._req.headers_in["content-length"]
	except KeyError:
            headerSize = -1

fixes the issue described upper but loop on the abstractSubmission.py page

comment:3 Changed 2 years ago by jbenito

  • Status changed from new to awaiting_merge

comment:4 Changed 2 years ago by jbenito

  • Status changed from awaiting_merge to merging

comment:5 Changed 2 years ago by pferreir

Thanks a lot for the patch, but I don't think this is a good solution.
I have rolled it back as part of b001ea30ee4377a8e100b2bea56ac6544688b8ba.

I believe the correct, standard HTTP approach in this case is to return a 411 error (Length required) in case there is no such header. If anyone finds a good reason for us to silently allow this kind of behavior, please state it.

I will leave the ticket open till we properly handle this situation.

However, something is clearly wrong with your setup, or this wouldn't even happen at all.

Last edited 2 years ago by pferreir (previous) (diff)

comment:6 Changed 2 years ago by jbenito

  • Milestone changed from v1.1 to v1.8
  • Status changed from merging to assigned
Note: See TracTickets for help on using tickets.