Loading ...
Sorry, an error occurred while loading the content.

Server state not cleared after fault?

Expand Messages
  • mitchbetterhavemybunny
    I m having some strange and unsettling troubles with a SOAP::Lite server in a mod_perl environment. I think that SOAP::Lite may not re-initialize properly
    Message 1 of 3 , Mar 11 4:37 PM
    • 0 Attachment
      I'm having some strange and unsettling troubles with a SOAP::Lite
      server in a mod_perl environment. I think that SOAP::Lite may not
      re-initialize properly after serving a SOAP fault.

      Every so often, we get a malformed request, which results in a
      server-generated SOAP fault, as expected. On the server, we have
      subclassed SOAP::Server::Parameters in order to handle the request and
      do some fairly intensive logging. I can see from the (lack of) logs
      that our code is never called when a fault is generated. So far, so good.

      Things move along swimmingly until we get another request handled by
      the same Apache process. What we are seeing in our message handler is
      that the incoming parameters match those of the *previous* request,
      the one that resulted in a fault. I can tell this by manually
      inspecting the logs and watching TCP traces in Ethereal, but I can't
      see any way to identify this condition in running code. The
      som->fault is false once we have entered the message handler, so it
      appears that at least some of the state is reset for each request.

      The problem goes away entirely if I configure Apache to serve only one
      request per child process. Obviously, this works for troubleshooting,
      but isn't a real solution for a production environment.

      Is it really possible that SOAP::Lite does not clear its state for
      each new request? I'm a little skeptical that I'm seeing what I think
      I'm seeing, since nobody else appears to be freaking out about this.
      Has anyone ever seen this before?

      Thanks for any insights you can offer,
      Scott Franklin
    • mitchbetterhavemybunny
      ... Well, as it turns out, somebody else did freak out, and they also posted a workaround. This was reported as bug #933484 for the SOAP::Lite project on
      Message 2 of 3 , Mar 11 5:26 PM
      • 0 Attachment
        --- In soaplite@yahoogroups.com, "mitchbetterhavemybunny"
        <mitchbetterhavemybunny@y...> wrote:
        >
        > I'm having some strange and unsettling troubles with a SOAP::Lite
        > server in a mod_perl environment. I think that SOAP::Lite may not
        > re-initialize properly after serving a SOAP fault.
        > ...
        > Is it really possible that SOAP::Lite does not clear its state for
        > each new request? I'm a little skeptical that I'm seeing what I think
        > I'm seeing, since nobody else appears to be freaking out about this.
        > Has anyone ever seen this before?
        >

        Well, as it turns out, somebody else did freak out, and they also
        posted a workaround. This was reported as bug #933484 for the
        SOAP::Lite project on sourceforge
        (http://sourceforge.net/tracker/index.php?func=detail&aid=933484&group_id=66000&atid=513017).

        Scott Franklin
      • Jon Kliegman
        ... From: mitchbetterhavemybunny [mailto:mitchbetterhavemybunny@yahoo.com] Sent: Friday, March 11, 2005 5:27 PM To: soaplite@yahoogroups.com Subject:
        Message 3 of 3 , Mar 12 10:55 AM
        • 0 Attachment
          Message
           
          -----Original Message-----
          From: mitchbetterhavemybunny [mailto:mitchbetterhavemybunny@...]
          Sent: Friday, March 11, 2005 5:27 PM
          To: soaplite@yahoogroups.com
          Subject: [soaplite] Re: Server state not cleared after fault?


          --- In soaplite@yahoogroups.com, "mitchbetterhavemybunny"
          <mitchbetterhavemybunny@y...> wrote:
          >
          > I'm having some strange and unsettling troubles with a SOAP::Lite
          > server in a mod_perl environment.  I think that SOAP::Lite may not
          > re-initialize properly after serving a SOAP fault.
          > ...
          > Is it really possible that SOAP::Lite does not clear its state for
          > each new request?  I'm a little skeptical that I'm seeing what I think
          > I'm seeing, since nobody else appears to be freaking out about this.
          > Has anyone ever seen this before?
          >

          Well, as it turns out, somebody else did freak out, and they also
          posted a workaround.  This was reported as bug #933484 for the
          SOAP::Lite project on sourceforge
          (http://sourceforge.net/tracker/index.php?func=detail&aid=933484&group_id=66000&atid=513017).

          Scott Franklin

          There is a bug in SOAP::Lite 0.55 where certain mal-formed XML packets will cause the SOAP server to use the previous, succesful XML packet.  Basically the SOAP parser does not clear state on certain failures in the XML parser (some failures are handled correctly) and the next time a packet comes in it is not processed but instead returns data from the original, valid request.  The sequencing looks like this (this all has to happen on the same process ID so forcing a specific failure in a production environment is difficult) : 
            Client A sends Request A and gets Response A
            Client B sends mal-formed XML and gets failure
            Client C sends Request C and gets Response A'
           
          Note that the response Client C gets is actually Request A reprocessed - it is not a copy of the original response.  And in the case where Request C and Request A are different operations Client C will get a fault stating that the SOAPAction header did not match the actual request.
           
          The workaround I posted will cause the state to be fully reset after Client B sends a mal-formed XML packet.  However the data of the original Request A will still be in memory (this was the most expedient way to return a production system to working).  There may be other bugs which could trigger this that I did not detect.
           
          If you'd like, you can contact me directly and I will provide the test code I have which reproduces this situation (it is reproduceable when running SOAP::Line in a standalone server setup).  I do not want to publically publish the test code as it would allow a malicous person to access data that is not theirs.  
           
          -Jon
           
          Patch information below:
          ----------------------------
          # diff -u Lite.pm.orig Lite.pm
          --- Lite.pm.orig Wed Apr 7 23:16:58 2004
          +++ Lite.pm Sun Apr 11 19:05:18 2004
          @@ -1255,7 +1255,15 @@
          End => sub { shift; $self->end(@_) },
          Char => sub { shift; $self->char(@_) },
          );
          - $self->parser->parse($_[0]);
          + my $ret = undef;
          + eval {
          + $ret = $self->parser->parse($_[0]);
          + };
          + if ($@) {
          + $self->final; # Clean up in the event of an error
          + die $@; # Pass back the error
          + }
          + return $ret;
          }

          sub final {
          ----------------------------
        Your message has been successfully submitted and would be delivered to recipients shortly.