Forum Discussion

Nick_T_68319's avatar
Nick_T_68319
Icon for Nimbostratus rankNimbostratus
Jan 07, 2011

iRules containing an escaped newline character can cause TMM to crash.

I submitted my qkview to iHealth and a medium alert showed up for "iRules containing an escaped newline character can cause TMM to crash."

 

 

Recommendation resolution

Examine the iRules listed below for suspended commands, and remove all instances of escaped newline characters which precede a suspended command later in the iRule.

 

 

 

Can someone point out where my escaped newline character might be?

 

 

 

 

 

 

when HTTP_REQUEST {

 

 

set URI to lower case

 

set tmpUri [string tolower [HTTP::uri]]

 

 

 

URI decode the URI

 

set uri [URI::decode $tmpUri]

 

 

 

repeat decoding until the decoded version equals the previous value.

 

while { $uri ne $tmpUri } {

 

set tmpUri $uri

 

set uri [URI::decode $tmpUri]

 

}

 

 

 

switch -glob [string tolower [HTTP::uri]] {

 

"*<*" -

 

"*>*" -

 

"*select *" -

 

"*insert *" -

 

"*update *" -

 

"*delete *" -

 

"*create *" -

 

"*drop *" -

 

"*.\[tempdb\].*" -

 

"*.\[master\].*" -

 

"*.\[model\].*" -

 

"*.\[msdb\]." -

 

"*.\[dbo\].*" -

 

"*tempdb.*" -

 

"*master.*" -

 

"*model.*" -

 

"*msDB.*" -

 

"*.dbo.*" -

 

"*\r\n*" -

 

"*!*" -

 

"*%*" {

 

log local0. "Reject uri: [HTTP::uri]"

 

Send a TCP reset

 

reject

 

}

 

default {

 

Do nothing here to use the VIP's default pool

 

}

 

}

 

}

 

 

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 12, 2011
    I'd guess that's actually a false positive from iHealth on the "*\r\n*" switch case. I don't think there is actually a problem with that iRule in relation to CR135937.

    SOL11427 describes the issue as being caused by syntax like this:

    SOL11427: TMM cores when executing an iRule statement that contains a suspended command preceded by an escaped newline character

    http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11427.html 

    
log local0. "my log statement split \
   over two lines with a backslash escaping the new line character!"

    You could open a case with F5 Support to report this and get the heuristic checked/fixed.

    Aaron
  • jimmythegeek_10's avatar
    jimmythegeek_10
    Historic F5 Account
    Jan 19, 2011
    Hi, folks.

     

     

    I will update the heuristic, which even apart from this FP is a little broad. It doesn't check that the escaped newline is in an event with a suspending command like session or table. Without that suspend, the bug isn't triggered. Possibly the Right Thing is an Info level heuristic for iRules that use escaped newlines, warning that their use with a suspend can trigger a crash, and another High level heuristic that fires when both conditions are present.

     

  • jimmythegeek_10's avatar
    jimmythegeek_10
    Historic F5 Account
    Feb 23, 2011
    Got a brief update: just found out that a library routine I was using strips comments from irules before processing them. This is a problem because for this issue, comments are significant. This will take a little more time to fix, sorry for the FP and the false negatives.
Related Content