Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Msgid with string type can crash any rpclib server (even with exceptions suppressed) #292

Open
l0ud opened this issue Nov 28, 2021 · 2 comments
Open

Msgid with string type can crash any rpclib server (even with exceptions suppressed) #292

l0ud opened this issue Nov 28, 2021 · 2 comments

Comments

@l0ud
Copy link

l0ud commented Nov 28, 2021
edited

If client is sending msgid as String instead of integer server will crash with clmdep_msgpack::v1::type_error exception.

Exception is happening inside msg.convert(the_call); in dispatcher.cc

I found that error is triggered when using the following PHP library:
https://github.com/funeralzone/MsgPackPhp
which apparently has a bug and is sending "0" (string) as msgid (instead of numeric 0)

call stack

2   abort                                                                                                                                                       0x7fcec4c2d862 
3   __gnu_cxx::__verbose_terminate_handler                                                                                                 vterminate.cc    95  0x7fcec4fec802 
4   __cxxabiv1::__terminate                                                                                                                eh_terminate.cc  48  0x7fcec4ff8c8a 
5   std::terminate                                                                                                                         eh_terminate.cc  58  0x7fcec4ff8cf7 
6   __cxxabiv1::__cxa_throw                                                                                                                eh_throw.cc      95  0x7fcec4ff8f8e 
7   clmdep_msgpack::v1::type::detail::convert_integer_sign<unsigned int, false>::convert                                                   int.hpp          51  0x55f9eef800b9 
8   clmdep_msgpack::v1::type::detail::convert_integer<unsigned int>                                                                        int.hpp          63  0x55f9eef7e94f 
9   clmdep_msgpack::v1::adaptor::convert<unsigned int, void>::operator()                                                                   int.hpp          150 0x55f9eef7d6ca 
10  clmdep_msgpack::v1::operator>><unsigned int>                                                                                           adaptor_base.hpp 58  0x55f9eef88497 
11  clmdep_msgpack::v1::object::convert<unsigned int>                                                                                      object.hpp       549 0x55f9eef88125 
12  clmdep_msgpack::v2::object::convert<unsigned int>                                                                                      object_fwd.hpp   60  0x55f9eef87ae7 
13  clmdep_msgpack::v1::StdTupleConverter<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>&, 2ul>::convert   tuple.hpp        97  0x55f9eef871b7 
14  clmdep_msgpack::v1::StdTupleConverter<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>&, 3ul>::convert   tuple.hpp        95  0x55f9eef869ea 
15  clmdep_msgpack::v1::StdTupleConverter<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>&, 4ul>::convert   tuple.hpp        95  0x55f9eef860cf 
16  clmdep_msgpack::v1::adaptor::convert<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>, void>::operator() tuple.hpp        126 0x55f9eef852c3 
17  clmdep_msgpack::v1::operator>><std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>>                         adaptor_base.hpp 58  0x55f9eef83793 
18  clmdep_msgpack::v1::object::convert<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>>                    object.hpp       549 0x55f9eef80725 
19  clmdep_msgpack::v2::object::convert<std::tuple<signed char, unsigned int, std::string, clmdep_msgpack::v2::object>>                    object_fwd.hpp   60  0x55f9eef7f129 
20  rpc::detail::dispatcher::dispatch_call

convert_integer_sign is throwing because o.type = clmdep_msgpack::v1::type::STR (5)
@noctice007
Copy link

Yeah I'm struggling with this one as well, have you figured it out?

@noctice007
Copy link

noctice007 commented Dec 3, 2021
edited

So with help of my friend I figured out where the error is:
It's in the rpcLip/lib/rpc/dispatcher.cc
Inside dispatch_call():
It calls msg.convert(the_call);, where it throws a type_error exception which is not handled and results the server crash

Just wrap that call inside try catch block to handle that case as you want(respond the type_error to client, stringToInt..)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@l0ud @noctice007