Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Tech Tip : CA Single Sign-On : Web Agent crashes when the FQDN requested is more than 256 chars

  • 1.  Tech Tip : CA Single Sign-On : Web Agent crashes when the FQDN requested is more than 256 chars

    Broadcom Employee
    Posted Jul 14, 2017 04:27 AM

    Issue:


    I run a Web Agent, and if this one received a request for which the FQDN of the hostname is greater than 256 chars, then I see the Web Agent crashing.

     

    WebAgentTrace.log

     

    [10/12/2015][09:28:23][12761][1326524192][CSmHttpPlugin.cpp:475][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-31d9-561bb577-4f112720-461445bc7f27][][][][][][Resolved hostname: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]

     

    WebAgent.log

     

    [12761/1326524192][Mon Oct 12 2015 09:28:21][CSmHighLevelAgent.cpp:192][INFO][sm-AgentFramework-00380] HLA: Initialization complete.

     

    SunOne Web Server log :

     

    catastrophe: CORE3260: Server crash detected (signal SIGSEGV)

     

    Why is this happening ? How can I solve this ?

     

    Cause:

     

    The Web Agent doesn't impose restriction on the lenght of the Hostname, and as such it crashes.

     

    Resolution:

     

    Upgrade to Web Agent 12.52SP1CR04 to benifit the following fix which includes a correction for this crash too. It adds a limitation to the hostname lenght. Having this fix, you'll see the following lines :

     

    WebAgentTrace.log

     

    [10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:399][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-0de7-561cabd8-98d35720-23033f6a11d3][][][][][][Resolved HTTP_HOST: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]

     

    [10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:5254][Hostname length exceeds maximum length per RFC:1035 sHost: ][][][][][][][TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com]

     

    WebAgent.log

     

    [3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.

    [3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.

    [3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.

    [3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.

     

    This fix is included in the following Fix:

    Vulnerability in SMAUTHREASON is Exposed to Attack

    The web agent vulnerability in SMAUTHREASON with non-numeric data is exposed to JSP/JavaScript attack.

    STAR Issue: 21589939-01, 21474394-01

    RTC Issue: 137831, 137834/DE72676, DE72835

     

    Vulnerability in SMAUTHREASON is Exposed to Attack

    Additional Information:
    RFC 1035

    KB :TEC1608399