Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1134

Massive BB Codes result into stackoverflow

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.20 Larks
    • Fix Version/s: 1.2 Larks
    • Labels:
      None
    • Sprint:
      Larks 1.1, Larks 1.2

      Description

      Sample to reproduce: http://pastebin.com/fFbr4DkR

      Expected result: user should face an error that he tried input too much of bb codes.

      This situation should be logged as WARN as a popssible attack.

      org.apache.jasper.JasperException: javax.servlet.ServletException: javax.servlet.jsp.JspException: java.lang.StackOverflowError
	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:502)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:412)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
	org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:262)
	org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1180)
	org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:950)
	org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
	com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
	com.cj.trim.trimFilter.doFilter(Unknown Source)
	org.jtalks.jcommune.web.filters.TrimFilter.doFilter(TrimFilter.java:82)
==============================================
java.lang.StackOverflowError
	ru.perm.kefir.bbcode.Source.sub(Source.java:183)
	ru.perm.kefir.bbcode.Source.subToEnd(Source.java:202)
	ru.perm.kefir.bbcode.Variable.isNextIn(Variable.java:89)
	ru.perm.kefir.bbcode.Pattern.suspicious(Pattern.java:44)
	ru.perm.kefir.bbcode.Code.suspicious(Code.java:70)
	ru.perm.kefir.bbcode.Context.process(Context.java:110)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)
	ru.perm.kefir.bbcode.Code.process(Code.java:52)
	ru.perm.kefir.bbcode.Context.process(Context.java:112)
	ru.perm.kefir.bbcode.Context.parse(Context.java:85)
	ru.perm.kefir.bbcode.Text.parse(Text.java:55)
	ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JC-1356 Too deep BB code nesting even though it's not

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JC-552 Message size validation works incorrectly if the only content of the message is BB-code

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Structure

              Activity

                People

                • Assignee:
                  varro Artem R
                  Reporter:
                  ctapobep Stanislav Bashkyrtsev
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Due:
                    Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 1m
                    1m
                    Remaining:
                    Remaining Estimate - 0h
                    0h
                    Logged:
                    Time Spent - 5h 50m
                    5h 50m

                      Structure Helper Panel