Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-2631

PingRequestHandler can infinite loop if called with a qt that points to itsself

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4, 3.1, 3.2, 3.3
    • Fix Version/s: 3.4, 4.0-ALPHA
    • Component/s: Admin UI, search
    • Labels:

      Description

      We got a security report to private@lucene.apache.org, that Solr can infinite loop, use 100% CPU and stack overflow, if you execute the following HTTP request:

      The qt paramter instructs PingRequestHandler to call the given request handler. This leads to an infinite loop. This is not an security issue, but for an unprotected Solr server with unprotected /solr/select path this makes it stop working.

      The fix is to prevent infinite loop by disallowing calling itsself.

        Attachments

        1. SOLR-2631.patch
          0.7 kB
          Uwe Schindler

          Activity

            People

            • Assignee:
              thetaphi Uwe Schindler
              Reporter:
              thetaphi Uwe Schindler
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: