[Zope] Hooks for methods other than GET/POST on port 80?

Roman Susi rnd at onego.ru
Wed Dec 7 10:04:13 EST 2005 

Chris Withers wrote:

> (please keep the list CC'ed in)
>
> Roman Susi wrote:
>
>>> What do you mean by freezes? how did you cause this to happen?
>>
>>
>> Surely, this is not only a bug but a security issue leading to DOS 
>> attack, IMHO.
>
>
> Well, it's a pretty weird use case from what I can see...
>
Still, it is unclear why it happens...

>>
>>>
>>>> Traceback (most recent call last):
>>>>   File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in 
>>>> emit
>>>>     msg = self.format(record)
>>>>   File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in 
>>>> format
>>>>     return fmt.format(record)
>>>>   File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in 
>>>> format
>>>>     s = s + self.formatException(record.exc_info)
>>>>   File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in
>>>> formatException
>>>>     traceback.print_exception(ei[0], ei[1], ei[2], None, sio)
>>>>   File "/usr/local/lib/python2.3/traceback.py", line 123, in 
>>>> print_exception
>>>>     print_tb(tb, limit, file)
>>>>   File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb
>>>>     line = linecache.getline(filename, lineno)
>>>>   File "/usr/local/lib/python2.3/linecache.py", line 14, in getline
>>>>     lines = getlines(filename)
>>>> RuntimeError: maximum recursion depth exceeded
>>>
>>>
>>> We need more of the traceback, there is no repeating part here so 
>>> it's impossible to see what's causing the infinite recursion...
>>>
>> I am not sure how to get the whole traceback...
>
>
> Well, where did you see the above?


In the log.

>
>> Chris, could you put this into Zope issue tracker (with security tick 
>> as I do not want to make this info public right now)?
>> (I've tried but I do not have an account there..)
>
>
> No, there's nothing stopping you registering at zope.org and doing 
> this yourself. Furhtermore, I'd guess this is likely a bug in your 
> code and nothing to do with Zope ;-)
> (of course, I could be wrong on that, but I haven't seen any evidence 
> yet)


Even if it is in my code, it is still too bad to get down the whole Zope 
server. Also, it was confirmed as a bug.

>
> cheers,
>
> Chris
>


Regards,
Roman

More information about the Zope mailing list