Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-20236

Can trigger java.lang.StackOverflowError via crafted e-mail address input

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.8.0
    • Fix Version/s: 2.8.2, 2.9.0, 10.0
    • Component/s: Account
    • Labels:
      None
    • Environment:
      Demo version Sakai 2.8
    • 2.9 Status:
      Resolved
    • CLE Team Issue:
      Yes

      Description

      In the demo version of Sakai create an account anonymously and add the input in the attached file from line 3 onwards. Press submit generates the following train of errors.

      Is the input parser being recursively called?

      2011-03-09 16:54:31,325 WARN http-8080-Processor25 org.sakaiproject.cheftool.VelocityPortletPaneledAction - Exception calling method doSave java.lang.reflect.InvocationTargetException (Caused by java.lang.StackOverflowError)
      java.lang.reflect.InvocationTargetException
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:616)
      at org.sakaiproject.cheftool.VelocityPortletPaneledAction.actionDispatch(VelocityPortletPaneledAction.java:603)
      at org.sakaiproject.cheftool.VelocityPortletPaneledAction.processAction(VelocityPortletPaneledAction.java:535)
      at org.sakaiproject.cheftool.ToolServlet.doGet(ToolServlet.java:230)
      at org.sakaiproject.cheftool.VelocityPortletPaneledAction.doGet(VelocityPortletPaneledAction.java:1032)
      at org.sakaiproject.cheftool.ToolServlet.doPost(ToolServlet.java:154)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
      at org.sakaiproject.vm.ComponentServlet.service(ComponentServlet.java:56)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:592)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
      at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1380)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1192)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:653)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
      at java.lang.Thread.run(Thread.java:636)
      Caused by: java.lang.StackOverflowError
      at org.apache.oro.text.regex.OpCode._getNext(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      at org.apache.oro.text.regex.Perl5Matcher.__match(Unknown Source)
      . . . last message repeated about 100 times

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ottenhoff Sam Ottenhoff
                Reporter:
                a.m.berg@uva.nl Alan Berg
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Git Source Code