|Anonymous | Login | Signup for a new account||2020-01-27 13:45 PST|
|Main | My View | View Issues | Change Log | Roadmap | Summary | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004021||opensim||[REGION] Script Functions||public||2009-08-18 02:10||2011-08-12 09:01|
|Target Version||Fixed in Version|
|Summary||0004021: llRequestURL uses servers machine name + method to crash sim|
|Description||Product Version: 0.6.6 (Dev) .239a1|
I'm marking this as major since it exposes a way for anyone to intentionally crash a sim.
The URL returned by llRequestURL returns the servers machine name rather than the ExternalHostName specified in the region file. The port specified is for OpenSIM rather than for a specific region.
When visiting the URL, the browser gets a message "This is a generic response as OpenSim does not yet support proper responses. Your request has been passed to the object."
Although the request is received, any code after "llHTTPResponse" is not executed. Just as the message states in the browser, the objects response is not sent out.
Any additional information in the URL such as querystring data or paths will crash the sim. ie http://localhost:9001/lslhttp/a7717681-2c04-e4ac-35e3-1f01c9861322/foo/bar?arg=gra [^]
Sample Code used:
http_request(key id, string method, string body)
if (method == "URL_REQUEST_GRANTED")
llSay(0,"URL: " + body);
else if (method == "GET")
llSay(0, "I hear voices");
llSay(0, "I have spoken to them");// doesn't get executed
|Additional Information||Hippo OpenSim Viewer 0.5.1 (LL 1.22.11) Mar 24 2009 17:47:38 (Hippo Release)|
You are at 2558086.9, 2555258.6, 22.1 in Lucafini located at c-76-100-8-247.hsd1.va.comcast.net (188.8.131.52:9008)
OpenSim 0.6.6 (Dev) .239a1 (OS Microsoft Windows NT 6.0.6001 Service Pack 1) ChilTasks:True PhysPrim:True
CPU: Intel Pentium III/Pentium III Xeon (0.25 micron process) with external L2 cache (3177 MHz)
Memory: 4095 MB
OS Version: Microsoft Windows Vista Service Pack 1 (Build 6001)
Graphics Card Vendor: NVIDIA Corporation
Graphics Card: GeForce 9600 GT/PCI/SSE2
OpenGL Version: 3.1.0
libcurl Version: libcurl/7.16.4 OpenSSL/0.9.7c zlib/1.2.3
J2C Decoder Version: KDU
Audio Driver Version: FMOD version 3.740000
LLMozLib Version: [LLMediaImplLLMozLib] - 2.01.26195 (Mozilla GRE version 184.108.40.206_0000000000)
Packets Lost: 1056/8135 (13.0%)
|Tags||crash, http, http_request, llHTTPResponse, llRequestURL, LSL script, ScriptEngine|
|Git Revision or version number||239a1|
|Run Mode||Grid (Multiple Regions per Sim)|
|Environment||.NET / Windows64|
|Attached Files|| UrlModule.cs.patch [^] (693 bytes) 2010-01-02 14:09 [Show Content]
LSL_Api.cs.patch [^] (493 bytes) 2010-01-02 14:09 [Show Content]
IpFinder.dll [^] (4,096 bytes) 2010-01-02 14:09
IpFinder.zip [^] (61,410 bytes) 2010-01-10 10:31
The behavior with regards to the URL and port is correct. In Linux, the External host name will cause a whole lot of messiness, so can't be used. Returnign the instance port is correct, the region ports are UDP only and not used for this.
Http response is not yet implemented, therefore the non-execution of the reply code is correct as well.
The only part of this report that is a bug is that parameters/query string will crash the sim. Everything else is either by design, or conforms to the current implementation state.
Instant Blue (reporter)
|Is it possible for us to set the ExternalHostName of the sim itself? No one outside of my network can use the address that is returned by this method.|
I can confirm this does crash the simulator software -- http://xxxx:9000/lslhttp/5cad6e84-6652-441e-85b4-da73db0c26e0/foo [^]
Relatedly, I'm not sure I fully understand this host name issue. It looks like both llRequestURL() and llGetSimulatorHostname() are checking System.Environment.MachineName -- which is the NetBIOS name under Windows, and completely useless.
Seeing this, I'm not entirely sure how a script could even reliably use any of this functionality, as there is no way for the LSL to communicate a valid external hostname that can be used to talk back to it.
|In Linux/Mono, this is a FQDN. Maybe we need to check if the MachineName has dots, and if not, use another host name source.|
Is there a reason not to use the value from ExternalHostName in the regions.ini/xml ? We have succesfully set this to the external DNS name of our servers without issue -- others who have not would be returned an IP, it would at least work more reliably?
Perhaps a seperate option for this in the config files?
A (very) quick poke around OSGRID is showing similar results from regions claiming to be running on Linux/Mono. I looked at three.
Two quick examples:
llGetSimulatorHostname() = "titan"
Help>About = OpenSim 0.6.6 (Dev) .9945 (OS Fedora release 11.90 (Rawhide) Kernel \r on a) ChilTasks:True PhysPrim:True
llGetSimulatorHostname() = "linux-h2vq"
Help>About = OpenSim 0.6.6 (Dev) (OS Welcome to openSUSE 11.1 - Kernel %r (%t).) ChilTasks:True PhysPrim:True
MachineName isnt supposed to be FQDN - according to the spec, it's supposed to be the machine name (ie, the first segment of the hostname).
ExternalHostname is a good solution; especially in cases where you have multiple IPs and have opensim only bound to one of them.
|This and 0003935 seem to be directly related (excluding the crasher part)|
Pato Donald (reporter)
|Fixed the bug by checking the external ip by simply using an external service (whatismyip.org) via the IpFinder.dll and by change the System.Environment.MachineName to IpFinder.IpFinder.GetExternalIP() on the functions.|
Setting this to minor.
The reported host name can be set in the ini file. What is reported by default is correct on Linux (FQDN from networking) but incorrect on Windows (NetBios machine name). However, this can not be used to crash a sim or script.
Http responses are implemented in trunk, upgrade to trunk to get that functionality.
|Fixed in trunk.|
we can NOT add a binary we don't have the source and licensing info to, so I have to reject your solution. Please provide information on the location of the source code for IpFinder.dll and the license on it.
When you have that, please reopen this issue.
Pato Donald (reporter)
edited on: 2010-01-10 10:31
I've uploaded here the fixed source for the IpChanger namespace and class.
Patch is attached by Pato, waiting for vote or apply.
My personal view is this fix no longer needed since there is ExternalHostNameForLSL property in OpenSim.ini today, which enables the users set the external address by themselves, which is more safer way than using external site to retrieve address. (Since I'm not a core developer, this comment isn't -1 for this proposal).
|2009-08-18 02:10||Instant Blue||New Issue|
|2009-08-18 02:10||Instant Blue||Git Revision||=> 239a1|
|2009-08-18 02:10||Instant Blue||SVN Revision||=> 239a1|
|2009-08-18 02:10||Instant Blue||Run Mode||=> Grid (Multiple Regions per Sim)|
|2009-08-18 02:10||Instant Blue||Physics Engine||=> ODE|
|2009-08-18 02:10||Instant Blue||Environment||=> .NET / Windows64|
|2009-08-18 02:10||Instant Blue||Mono Version||=> None|
|2009-08-18 02:12||Instant Blue||Tag Attached: crash|
|2009-08-18 02:13||Instant Blue||Tag Attached: http|
|2009-08-18 02:13||Instant Blue||Tag Attached: LSL script|
|2009-08-18 02:14||Instant Blue||Tag Attached: ScriptEngine|
|2009-08-18 02:14||Instant Blue||Tag Attached: http_request|
|2009-08-18 02:14||Instant Blue||Tag Attached: llHTTPResponse|
|2009-08-18 02:16||Instant Blue||Tag Attached: llRequestURL|
|2009-08-18 02:22||melanie||Note Added: 0012927|
|2009-08-18 02:49||Instant Blue||Note Added: 0012928|
|2009-08-18 18:13||Hinoserm||Note Added: 0012942|
|2009-08-18 18:14||melanie||Note Added: 0012944|
|2009-08-18 18:29||Hinoserm||Note Added: 0012951|
|2009-08-18 18:56||Adam||Note Added: 0012954|
|2009-08-18 19:00||Hinoserm||Note Added: 0012955|
|2009-08-28 03:13||Instant Blue||Relationship added||has duplicate 0003935|
|2009-08-28 03:13||Instant Blue||Relationship deleted||has duplicate 0003935|
|2009-08-28 03:13||Instant Blue||Relationship added||duplicate of 0003935|
|2009-09-19 15:31||Fly-Man-||Status||new => acknowledged|
|2010-01-02 14:09||Pato Donald||File Added: UrlModule.cs.patch|
|2010-01-02 14:09||Pato Donald||File Added: LSL_Api.cs.patch|
|2010-01-02 14:09||Pato Donald||File Added: IpFinder.dll|
|2010-01-02 14:12||Pato Donald||Note Added: 0014641|
|2010-01-02 14:12||Pato Donald||Status||acknowledged => patch included|
|2010-01-02 15:20||melanie||Note Added: 0014642|
|2010-01-02 15:20||melanie||Severity||major => minor|
|2010-01-02 15:20||melanie||Status||patch included => resolved|
|2010-01-02 15:20||melanie||Resolution||open => fixed|
|2010-01-02 15:20||melanie||Assigned To||=> melanie|
|2010-01-02 15:20||melanie||Note Added: 0014643|
|2010-01-03 10:04||melanie||Note Added: 0014648|
|2010-01-04 08:42||Pato Donald||Status||resolved => feedback|
|2010-01-04 08:42||Pato Donald||Resolution||fixed => reopened|
|2010-01-04 08:42||Pato Donald||Note Added: 0014650|
|2010-01-10 10:31||Pato Donald||File Added: IpFinder.zip|
|2010-01-10 10:31||Pato Donald||Note Edited: 0014650|
|2010-01-10 10:31||Pato Donald||Note Edited: 0014650|
|2011-08-12 09:00||makopoppo||Note Added: 0019504|
|2011-08-12 09:00||makopoppo||Status||feedback => patch ready|
|2011-08-12 09:01||makopoppo||Status||patch ready => patch included|
|Copyright © 2000 - 2012 MantisBT Group|