Issue:
I run a Web Agent, and if this one received a request for which the FQDN of the hostname is greater than 256 chars, then I see the Web Agent crashing.
WebAgentTrace.log
[10/12/2015][09:28:23][12761][1326524192][CSmHttpPlugin.cpp:475][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-31d9-561bb577-4f112720-461445bc7f27][][][][][][Resolved hostname: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]
WebAgent.log
[12761/1326524192][Mon Oct 12 2015 09:28:21][CSmHighLevelAgent.cpp:192][INFO][sm-AgentFramework-00380] HLA: Initialization complete.
SunOne Web Server log :
catastrophe: CORE3260: Server crash detected (signal SIGSEGV)
Why is this happening ? How can I solve this ?
Cause:
The Web Agent doesn't impose restriction on the lenght of the Hostname, and as such it crashes.
Resolution:
Upgrade to Web Agent 12.52SP1CR04 to benifit the following fix which includes a correction for this crash too. It adds a limitation to the hostname lenght. Having this fix, you'll see the following lines :
WebAgentTrace.log
[10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:399][CSmHttpPlugin::ProcessResource][00000000000000000000000013d4830a-0de7-561cabd8-98d35720-23033f6a11d3][][][][][][Resolved HTTP_HOST: 'TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com'.]
[10/13/2015][02:59:36][3559][2563987232][CSmHttpPlugin.cpp:5254][Hostname length exceeds maximum length per RFC:1035 sHost: ][][][][][][][TestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServerTestWebServer.ca.com]
WebAgent.log
[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.
[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.
[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmHttpPlugin.cpp:406][ERROR][sm-HTTPAgent-00030] Unable to resolve fully qualified host name. Exiting with HTTP 500 server error '00-0016'.
[3559/2563987232][Tue Oct 13 2015 02:59:36][CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.
This fix is included in the following Fix:
Vulnerability in SMAUTHREASON is Exposed to Attack
The web agent vulnerability in SMAUTHREASON with non-numeric data is exposed to JSP/JavaScript attack.
STAR Issue: 21589939-01, 21474394-01
RTC Issue: 137831, 137834/DE72676, DE72835
Vulnerability in SMAUTHREASON is Exposed to Attack
Additional Information:
RFC 1035
KB :TEC1608399