Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004021opensim[REGION] Script Functionspublic2009-08-18 02:102011-08-12 09:01
ReporterInstant Blue 
Assigned Tomelanie 
PrioritynormalSeverityminorReproducibilityalways
Statuspatch includedResolutionreopened 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0004021: llRequestURL uses servers machine name + method to crash sim
DescriptionProduct Version: 0.6.6 (Dev) .239a1

I'm marking this as major since it exposes a way for anyone to intentionally crash a sim.

The URL returned by llRequestURL returns the servers machine name rather than the ExternalHostName specified in the region file. The port specified is for OpenSIM rather than for a specific region.

When visiting the URL, the browser gets a message "This is a generic response as OpenSim does not yet support proper responses. Your request has been passed to the object."

Although the request is received, any code after "llHTTPResponse" is not executed. Just as the message states in the browser, the objects response is not sent out.

Any additional information in the URL such as querystring data or paths will crash the sim. ie http://localhost:9001/lslhttp/a7717681-2c04-e4ac-35e3-1f01c9861322/foo/bar?arg=gra [^]


Sample Code used:

default
{
   state_entry()
   {
       llRequestURL();
   }

   http_request(key id, string method, string body)
   {
       if (method == "URL_REQUEST_GRANTED")
       {
           llSay(0,"URL: " + body);
       }
       else if (method == "GET")
       {
           llSay(0, "I hear voices");
           llHTTPResponse(id,200,"Hello World!");
           llSay(0, "I have spoken to them");// doesn't get executed
       }
   }
}
Additional InformationHippo OpenSim Viewer 0.5.1 (LL 1.22.11) Mar 24 2009 17:47:38 (Hippo Release)
Release Notes

You are at 2558086.9, 2555258.6, 22.1 in Lucafini located at c-76-100-8-247.hsd1.va.comcast.net (76.100.8.247:9008)
OpenSim 0.6.6 (Dev) .239a1 (OS Microsoft Windows NT 6.0.6001 Service Pack 1) ChilTasks:True PhysPrim:True


CPU: Intel Pentium III/Pentium III Xeon (0.25 micron process) with external L2 cache (3177 MHz)
Memory: 4095 MB
OS Version: Microsoft Windows Vista Service Pack 1 (Build 6001)
Graphics Card Vendor: NVIDIA Corporation
Graphics Card: GeForce 9600 GT/PCI/SSE2
OpenGL Version: 3.1.0

libcurl Version: libcurl/7.16.4 OpenSSL/0.9.7c zlib/1.2.3
J2C Decoder Version: KDU
Audio Driver Version: FMOD version 3.740000
LLMozLib Version: [LLMediaImplLLMozLib] - 2.01.26195 (Mozilla GRE version 1.8.1.13_0000000000)
Packets Lost: 1056/8135 (13.0%)
Tagscrash, http, http_request, llHTTPResponse, llRequestURL, LSL script, ScriptEngine
Git Revision or version number239a1
Run Mode Grid (Multiple Regions per Sim)
Physics EngineODE
Script Engine
Environment.NET / Windows64
Mono VersionNone
Viewer
Attached Filespatch file icon UrlModule.cs.patch [^] (693 bytes) 2010-01-02 14:09 [Show Content]
patch file icon LSL_Api.cs.patch [^] (493 bytes) 2010-01-02 14:09 [Show Content]
? file icon IpFinder.dll [^] (4,096 bytes) 2010-01-02 14:09
zip file icon IpFinder.zip [^] (61,410 bytes) 2010-01-10 10:31

- Relationships
duplicate of 0003935closed UrlModule (LSL HTTP Server) reports local machine hostname instead of external host name 

-  Notes
(0012927)
melanie (administrator)
2009-08-18 02:22

The behavior with regards to the URL and port is correct. In Linux, the External host name will cause a whole lot of messiness, so can't be used. Returnign the instance port is correct, the region ports are UDP only and not used for this.

Http response is not yet implemented, therefore the non-execution of the reply code is correct as well.

The only part of this report that is a bug is that parameters/query string will crash the sim. Everything else is either by design, or conforms to the current implementation state.
(0012928)
Instant Blue (reporter)
2009-08-18 02:49

Is it possible for us to set the ExternalHostName of the sim itself? No one outside of my network can use the address that is returned by this method.
(0012942)
Hinoserm (reporter)
2009-08-18 18:13

I can confirm this does crash the simulator software -- http://xxxx:9000/lslhttp/5cad6e84-6652-441e-85b4-da73db0c26e0/foo [^]

Relatedly, I'm not sure I fully understand this host name issue. It looks like both llRequestURL() and llGetSimulatorHostname() are checking System.Environment.MachineName -- which is the NetBIOS name under Windows, and completely useless.

Seeing this, I'm not entirely sure how a script could even reliably use any of this functionality, as there is no way for the LSL to communicate a valid external hostname that can be used to talk back to it.
(0012944)
melanie (administrator)
2009-08-18 18:14

In Linux/Mono, this is a FQDN. Maybe we need to check if the MachineName has dots, and if not, use another host name source.
(0012951)
Hinoserm (reporter)
2009-08-18 18:29

Is there a reason not to use the value from ExternalHostName in the regions.ini/xml ? We have succesfully set this to the external DNS name of our servers without issue -- others who have not would be returned an IP, it would at least work more reliably?

Perhaps a seperate option for this in the config files?

A (very) quick poke around OSGRID is showing similar results from regions claiming to be running on Linux/Mono. I looked at three.

Two quick examples:

llGetSimulatorHostname() = "titan"
Help>About = OpenSim 0.6.6 (Dev) .9945 (OS Fedora release 11.90 (Rawhide) Kernel \r on a) ChilTasks:True PhysPrim:True

llGetSimulatorHostname() = "linux-h2vq"
Help>About = OpenSim 0.6.6 (Dev) (OS Welcome to openSUSE 11.1 - Kernel %r (%t).) ChilTasks:True PhysPrim:True
(0012954)
Adam (administrator)
2009-08-18 18:56

MachineName isnt supposed to be FQDN - according to the spec, it's supposed to be the machine name (ie, the first segment of the hostname).

ExternalHostname is a good solution; especially in cases where you have multiple IPs and have opensim only bound to one of them.
(0012955)
Hinoserm (reporter)
2009-08-18 19:00

This and 0003935 seem to be directly related (excluding the crasher part)
(0014641)
Pato Donald (reporter)
2010-01-02 14:12

Fixed the bug by checking the external ip by simply using an external service (whatismyip.org) via the IpFinder.dll and by change the System.Environment.MachineName to IpFinder.IpFinder.GetExternalIP() on the functions.
(0014642)
melanie (administrator)
2010-01-02 15:20

Setting this to minor.

The reported host name can be set in the ini file. What is reported by default is correct on Linux (FQDN from networking) but incorrect on Windows (NetBios machine name). However, this can not be used to crash a sim or script.

Http responses are implemented in trunk, upgrade to trunk to get that functionality.
(0014643)
melanie (administrator)
2010-01-02 15:20

Fixed in trunk.
(0014648)
melanie (administrator)
2010-01-03 10:04

Pato,

we can NOT add a binary we don't have the source and licensing info to, so I have to reject your solution. Please provide information on the location of the source code for IpFinder.dll and the license on it.

When you have that, please reopen this issue.
(0014650)
Pato Donald (reporter)
2010-01-04 08:42
edited on: 2010-01-10 10:31

Melanie,

I've uploaded here the fixed source for the IpChanger namespace and class.

(0019504)
makopoppo (manager)
2011-08-12 09:00

Patch is attached by Pato, waiting for vote or apply.

My personal view is this fix no longer needed since there is ExternalHostNameForLSL property in OpenSim.ini today, which enables the users set the external address by themselves, which is more safer way than using external site to retrieve address. (Since I'm not a core developer, this comment isn't -1 for this proposal).

- Issue History
Date Modified Username Field Change
2009-08-18 02:10 Instant Blue New Issue
2009-08-18 02:10 Instant Blue Git Revision => 239a1
2009-08-18 02:10 Instant Blue SVN Revision => 239a1
2009-08-18 02:10 Instant Blue Run Mode => Grid (Multiple Regions per Sim)
2009-08-18 02:10 Instant Blue Physics Engine => ODE
2009-08-18 02:10 Instant Blue Environment => .NET / Windows64
2009-08-18 02:10 Instant Blue Mono Version => None
2009-08-18 02:12 Instant Blue Tag Attached: crash
2009-08-18 02:13 Instant Blue Tag Attached: http
2009-08-18 02:13 Instant Blue Tag Attached: LSL script
2009-08-18 02:14 Instant Blue Tag Attached: ScriptEngine
2009-08-18 02:14 Instant Blue Tag Attached: http_request
2009-08-18 02:14 Instant Blue Tag Attached: llHTTPResponse
2009-08-18 02:16 Instant Blue Tag Attached: llRequestURL
2009-08-18 02:22 melanie Note Added: 0012927
2009-08-18 02:49 Instant Blue Note Added: 0012928
2009-08-18 18:13 Hinoserm Note Added: 0012942
2009-08-18 18:14 melanie Note Added: 0012944
2009-08-18 18:29 Hinoserm Note Added: 0012951
2009-08-18 18:56 Adam Note Added: 0012954
2009-08-18 19:00 Hinoserm Note Added: 0012955
2009-08-28 03:13 Instant Blue Relationship added has duplicate 0003935
2009-08-28 03:13 Instant Blue Relationship deleted has duplicate 0003935
2009-08-28 03:13 Instant Blue Relationship added duplicate of 0003935
2009-09-19 15:31 Fly-Man- Status new => acknowledged
2010-01-02 14:09 Pato Donald File Added: UrlModule.cs.patch
2010-01-02 14:09 Pato Donald File Added: LSL_Api.cs.patch
2010-01-02 14:09 Pato Donald File Added: IpFinder.dll
2010-01-02 14:12 Pato Donald Note Added: 0014641
2010-01-02 14:12 Pato Donald Status acknowledged => patch included
2010-01-02 15:20 melanie Note Added: 0014642
2010-01-02 15:20 melanie Severity major => minor
2010-01-02 15:20 melanie Status patch included => resolved
2010-01-02 15:20 melanie Resolution open => fixed
2010-01-02 15:20 melanie Assigned To => melanie
2010-01-02 15:20 melanie Note Added: 0014643
2010-01-03 10:04 melanie Note Added: 0014648
2010-01-04 08:42 Pato Donald Status resolved => feedback
2010-01-04 08:42 Pato Donald Resolution fixed => reopened
2010-01-04 08:42 Pato Donald Note Added: 0014650
2010-01-10 10:31 Pato Donald File Added: IpFinder.zip
2010-01-10 10:31 Pato Donald Note Edited: 0014650
2010-01-10 10:31 Pato Donald Note Edited: 0014650
2011-08-12 09:00 makopoppo Note Added: 0019504
2011-08-12 09:00 makopoppo Status feedback => patch ready
2011-08-12 09:01 makopoppo Status patch ready => patch included


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker