Opened 3 years ago

Closed 3 years ago

#1416 closed defect (fixed)

xslt_stylesheet directive paramater only works for first request

Reported by: kmq@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.13.x
Keywords: ngx_http_xslt_module Cc:
uname -a: Linux host1 4.13.9-1-ARCH #1 SMP PREEMPT Sun Oct 22 09:07:32 CEST 2017 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.13.7
built by gcc 7.2.0 (GCC)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-cc-opt='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now --with-compat --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-pcre-jit --with-stream --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_xslt_module --with-debug

Description

Consider this configuration. The parameter domain is to be passed into the stylesheet to transform the existing file

  /var/www/autoconfig._/htdocs/mail/config-v1.1.xml
location /mail/config-v1.1.xml {
  root /var/www/autoconfig._/htdocs;
  xslt_stylesheet /var/www/autoconfig._/autoconfig.xsl domain='example.com';
}

This works as expected on the first request.

2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter header
2017/11/03 14:39:59 [debug] 4303#4303: *1 http output filter "/mail/config-v1.1.xml?"
2017/11/03 14:39:59 [debug] 4303#4303: *1 http copy filter: "/mail/config-v1.1.xml?"
2017/11/03 14:39:59 [debug] 4303#4303: *1 read: 17, 00005581753C2010, 48, 0
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter body
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter param: "domain='example.com'"
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter param name: "domain"
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter param value: "'example.com'"
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter param unescaped: "'example.com'"
2017/11/03 14:39:59 [debug] 4303#4303: *1 xslt filter type: 9 t:(null) e:(null)

but fails on every subsequent request, until the process is restarted.

2017/11/03 14:40:56 [debug] 4303#4303: *2 xslt filter header
2017/11/03 14:40:56 [debug] 4303#4303: *2 http output filter "/mail/config-v1.1.xml?"
2017/11/03 14:40:56 [debug] 4303#4303: *2 http copy filter: "/mail/config-v1.1.xml?"
2017/11/03 14:40:56 [debug] 4303#4303: *2 read: 17, 0000558175491090, 48, 0
2017/11/03 14:40:56 [debug] 4303#4303: *2 xslt filter body
2017/11/03 14:40:56 [debug] 4303#4303: *2 xslt filter param: "domain"
2017/11/03 14:40:56 [error] 4303#4303: *2 invalid libxslt parameter "domain" while sending response to client, client: ::1, server: example.com, request: "GET /mail/config-v1.1.xml HTTP/2.0", host: "example.com"
2017/11/03 14:40:56 [debug] 4303#4303: *2 http special response: 500, "/mail/config-v1.1.xml?"
2017/11/03 14:40:56 [debug] 4303#4303: *2 xslt filter header

Specifying the parameter separately like this:

location /mail/config-v1.1.xml {
  root /var/www/autoconfig._/htdocs;
  xslt_string_param "domain" "example.com";
  xslt_stylesheet /var/www/autoconfig._/autoconfig.xsl;
}

does not have this problem.

Change History (4)

comment:1 by Ruslan Ermilov, 3 years ago

Status: newaccepted

comment:2 by kmq@…, 3 years ago

Further investigation reveals the cause of the error:

src/http/modules/ngx_http_xslt_filter_module.c:ngx_http_xslt_params

calls src/http/ngx_http_script.c:ngx_http_complex_value like this

  ngx_http_complex_value(r, &param[i].value, &string)

which returns here. val is the parameter filled win "&param[i].value" value is "&string"

   if (val->lengths == NULL) {
       *value = val->value;
       return NGX_OK;
   }   

In continuing to parse the individual parts of the parameter, the variable string is then manipulated and ends up containing just "domain". But because this ng_str_t points to the same memory location as param[i].value, the same is also modified.

More specifically this technique to chunk the input string by replacing the separators "=" and ":" with \0

   *p++ = '\0';

results in the original string variable still containing all the data, but now being NUL-terminated somewhere in the middle.

Any subsequent request now starts with a param containing only the character array "domain" and causing the failure.

Last edited 3 years ago by kmq@… (previous) (diff)

comment:3 by Ruslan Ermilov <ru@…>, 3 years ago

In 7154:595a3de03e91/nginx:

Xslt: fixed parameters parsing (ticket #1416).

If parameters were specified in xslt_stylesheet without variables,
any request except the first would cause an internal server error.

comment:4 by Ruslan Ermilov, 3 years ago

Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.