185 – orthanc-python / libpython segfaults on non-UTF8 special chars in request URI

Bug 185 - orthanc-python / libpython segfaults on non-UTF8 special chars in request URI

Summary: orthanc-python / libpython segfaults on non-UTF8 special chars in request URI

Status:	RESOLVED FIXED

Alias:	None

Product:	Orthanc
Classification:	Unclassified
Component:	Plugin - Other (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	--- major
Assignee:	Sébastien Jodogne

URL:

Depends on:
Blocks:

Reported:	2020-07-17 23:53 CEST by Julian Hartig
Modified:	2020-08-03 18:14 CEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julian Hartig 2020-07-17 23:53:59 CEST

Hallo,
Orthanc, namely libpython according to the trace, segfaults if a REST callback handler registered within the python plugin receives non-UTF8-encoded request parameters.
This concerns for example ISO-8859-1 encoded German Umlauts (Ä, Ö, Ü, ...) in GET-query parameters (ex.: http://orthanc-host/worklist/add?lastname=Müller&firstname=Cäcilia).
The segfault occurs before the request callback handler is invoked (a log message placed as first instruction in callback handler is not printed before the segfault occurs).
Encoding to UTF-8 solves the problem. 
From my point of view it's a security or stability issue nonetheless, as everyone who may call the REST API can pass any bytes she wants as Query parameters paying no attention to the correct encoding and a segfault effectively termiantes the complete Orthanc service at the moment as there doesn't seem to be any sandboxing.

Comment 1 Sébastien Jodogne 2020-08-02 12:13:39 CEST

Hello,

Thanks for your report, but I'm unable to reproduce the issue on my Ubuntu 18.04 box.

Please provide a full minimal working example (Python sample + curl command-line) so that we can work on a fix:
https://book.orthanc-server.com/users/support.html#discussing-a-minimal-working-example

Kind Regards,
Sébastien-

Comment 2 Julian Hartig 2020-08-03 15:14:44 CEST

Python script below:

# segfault example

import orthanc

def OnRest(output, uri, **request):
    orthanc.LogWarning("REST call on  {uri}".format(uri = uri))
    output.AnswerBuffer('Ok\n', 'text/plain')

orthanc.RegisterRestCallback('/worklist/add', OnRest)

# end example

curl (invoked on Windows from cmd.exe):
> curl http://192.168.100.10:8091/worklist/add?name=Schr%F6der

Result: Orthanc segfaults before the LogWarning line is reached.

The corresponding dmesg entry for the segfault is:
[34308133.217406] Orthanc[17277]: segfault at 0 ip 00007f9bfa810bac sp 00007f9bd8ff3ae0 error 6 in libpython3.7m.so.1.0[7f9bfa63c000+22c000]

If it helps to reproduce: I'm running Orthanc in a docker container via an image derived from the official orthanc-plugins docker image. If required I can also supply the Dockerfile used.

Comment 3 Sébastien Jodogne 2020-08-03 18:14:59 CEST

Thanks for your instructions! This issue is now fixed in the mainline of the plugin, and will be part of the next release:
https://hg.orthanc-server.com/orthanc-python/rev/ee76cced46a5