-
Type: Bug
-
Status: Closed (View Workflow)
-
Priority: Critical
-
Resolution: Fixed
-
Affects Version/s: 0.20 Larks
-
Fix Version/s: 1.2 Larks
-
Labels:None
-
Sprint:Larks 1.1, Larks 1.2
Sample to reproduce: http://pastebin.com/fFbr4DkR
Expected result: user should face an error that he tried input too much of bb codes.
This situation should be logged as WARN as a popssible attack.
org.apache.jasper.JasperException: javax.servlet.ServletException: javax.servlet.jsp.JspException: java.lang.StackOverflowError org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:502) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:412) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238) org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:262) org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1180) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:950) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) javax.servlet.http.HttpServlet.service(HttpServlet.java:617) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) com.cj.trim.trimFilter.doFilter(Unknown Source) org.jtalks.jcommune.web.filters.TrimFilter.doFilter(TrimFilter.java:82) ============================================== java.lang.StackOverflowError ru.perm.kefir.bbcode.Source.sub(Source.java:183) ru.perm.kefir.bbcode.Source.subToEnd(Source.java:202) ru.perm.kefir.bbcode.Variable.isNextIn(Variable.java:89) ru.perm.kefir.bbcode.Pattern.suspicious(Pattern.java:44) ru.perm.kefir.bbcode.Code.suspicious(Code.java:70) ru.perm.kefir.bbcode.Context.process(Context.java:110) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66) ru.perm.kefir.bbcode.Code.process(Code.java:52) ru.perm.kefir.bbcode.Context.process(Context.java:112) ru.perm.kefir.bbcode.Context.parse(Context.java:85) ru.perm.kefir.bbcode.Text.parse(Text.java:55) ru.perm.kefir.bbcode.Pattern.parse(Pattern.java:66)