radare2 icon indicating copy to clipboard operation
radare2 copied to clipboard
verified publisher icon radareorg

HTTP command output in terminal.

Open akrasuski1 opened this issue 10 years ago • 3 comments

Normally, when we create a HTTP server using =h command, GET requests to /cmd/stuff should contain radare2's stdout response to stuff. However, sometimes, the output of that command is put into the console, instead of sent as a response. This has bad implications to some web applications - even a single malformed response may crash them.

I can't create a reproducible scenario - it seems to happen randomly, maybe once in a several hundred requests. Here is an example of what I mean: http://pastebin.com/C4NTVr59. As you can see, one of the requests, drj, had its output printed to console.

akrasuski1 avatar Jan 10 '16 19:01 akrasuski1

Yep some commands are constructed by multiple calls of commands. This requires a console buffer push or a rewrite of the specific function to use the api instead of commands internally.

I'll investigate on this. Please report other commands that behave like this if you find them

Thanks

On 10 Jan 2016, at 20:38, akrasuski1 [email protected] wrote:

Normally, when we create a HTTP server using =h command, GET requests to /cmd/stuff should contain radare2's stdout response to stuff. However, sometimes, the output of that command is put into the console, instead of sent as a response. I can't create a reproducible scenario - it seems to happen randomly, maybe once in a several hundred requests. Here is an example of what I mean: http://pastebin.com/C4NTVr59. As you can see, one of the requests, drj, had its output printed to console.

— Reply to this email directly or view it on GitHub.

radare avatar Jan 10 '16 22:01 radare

Would be good to have a reproducer that make it happen 100% of the times.

On 10 Jan 2016, at 20:38, akrasuski1 [email protected] wrote:

Normally, when we create a HTTP server using =h command, GET requests to /cmd/stuff should contain radare2's stdout response to stuff. However, sometimes, the output of that command is put into the console, instead of sent as a response. I can't create a reproducible scenario - it seems to happen randomly, maybe once in a several hundred requests. Here is an example of what I mean: http://pastebin.com/C4NTVr59. As you can see, one of the requests, drj, had its output printed to console.

— Reply to this email directly or view it on GitHub.

radare avatar Jan 14 '16 08:01 radare

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of radare2. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 16 '20 07:06 stale[bot]