search cancel

Web Agent crashes when the FQDN requested is more than 256 chars

book

Article ID: 7423

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

I run a Web Agent, and if this one received a request for which the FQDN of the hostname is greater than 256 chars, then I see the Web Agent crashing.

 

WebAgentTrace.log

 

[10/12/2015][09:28:23][12761][1326524192][CSmHttpPlugin.cpp:475][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-31d9-561bb577-4f112720-461445bc7f27][][][][][][Resolved hostname: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]

 

WebAgent.log

 

[12761/1326524192][Mon Oct 12 2015 09:28:21][CSmHighLevelAgent.cpp:192][INFO][sm-AgentFramework-00380] HLA: Initialization complete.

 

SunOne Web Server log :

 

catastrophe: CORE3260: Server crash detected (signal SIGSEGV)

 

Why is this happening ? How can I solve this ?

 

Environment

Release:
Component: SMAPC

Cause

The Web Agent doesn't impose restriction on the lenght of the Hostname, and as such it crashes.

Resolution

Upgrade to Web Agent 12.52SP1CR04 to benifit the following fix which includes a correction for this crash too. It adds a limitation to the hostname lenght. Having this fix, you'll see the following lines :

 

WebAgentTrace.log

 

[10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:399][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-0de7-561cabd8-98d35720-23033f6a11d3][][][][][][Resolved HTTP_HOST: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]

 

[10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:5254][Hostname length exceeds maximum length per RFC:1035 sHost: ][][][][][][][TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com]

 

WebAgent.log

 

[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.

[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.

[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.

[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.

 

This fix is included in the following Fix: 

Vulnerability in SMAUTHREASON is Exposed to Attack

The web agent vulnerability in SMAUTHREASON with non-numeric data is exposed to JSP/JavaScript attack.

 STAR Issue: 21589939-01, 21474394-01

 RTC Issue: 137831, 137834/DE72676, DE72835

 

Vulnerability in SMAUTHREASON is Exposed to Attack

Additional Information

RFC 1035