Menu
▾
▴
#7 Collection aborts on invalid SOIF input
When the collection gets malformed SOIF query from
the client over CORBA, it just aborts. Instead, it
should send back a valid reply telling the client
that the query is malformed. Probably it should raise
a CORBA exception that is passed to the remote.
The current state of things makes denial of service
trivial.
Logged In: YES
user_id=82947
The OASIS protocol specification (available at
http://www.oasis-europe.org/download/docs/en/d0305/d0305.html
) says that the ql_type field of the QueryEvaluator.evaluate
method should have the value of OASISProtocol. This should
probably be checked and QueryTypeInvalid exception raised
when this is not the case. When the ql_type is OK, but the
SOIF is broken, the QueryInvalid exception must be raised.
Internal errors (like strange Isearch output) must be
indicated with RequestProcessingError exception.
Logged In: YES
user_id=91810
I see two different problems here:
- common components should not call
OASIS_error_message(FATAL_ERROR) or explicitly do
exit or abort in most of cases. Indeed they need
to return failure return code.
- Collection must correctly process failures -
i.e. such failures should at most affect processing of
single query, not other queries.
I guess we need separate bug/task for first issue -
it is clearly other area of responsibility. I will feel
new task for this.
Hopefully katya could look on second issue.
Logged In: YES
user_id=82947
In particular, collection crashes when the user submits an
empty query, i.e., presses the 'Search' button without
filling in the keywords field.