Contrib.social

4xx Recursion issue on non-existent html routes

Open on Drupal.org β†’
Created on 5 April 2018, almost 7 years ago
Updated 27 February 2023, almost 2 years ago

Issue Summary

I've run into an error case related to rest, the rest_export view display, breadcrumb, and the way 4xx errors are handled in the routing system. The result is that REST resources without an html route can get stuck in an infinite recursion loop of Exceptions due to the html 4xx error page response.

Steps to Reproduce

  1. Create a rest_export view without an HTML format ex. /api/rest_export?_format=json . This resource will return a 400 error via the system.4xx route if accessed via /api/rest_export.
  2. Using the Bartik theme add the breadcrumbs block using the standard block layout.
  3. Now navigate to /api/rest_export and you'll trigger an infinite loop of NotAcceptableHttpException(s) from RequestFormatRouteFilter::filter() due to PathBasedBreadcrumbBuilder::getRequestForPath().

A stacktrace for the recursion for this request can be found at https://gist.github.com/malcolmp/d7bac0ed439c25bbf6bc9be357a7ddcb

Proposed Resolution

  1. Minimally patch system to catch ALL exceptions from $this->router->matchRequest($request) in PathBasedBreadcrumbBuilder::getRequestForPath() to prevent recursion in this specific case
  2. Ideally, the way 4xx errors are handled could be addressed to not use the sub-request in DefaultExceptionHtmlSubscriber::makeSubrequest() as that opens up to this kind of exception recursion. Otherwise, minimally catching exceptions to prevent recursion should be attempted.

A patch for #1 is attached. #2 is clearly a much bigger issue that I'm not quite clear how to resolve yet.

πŸ› Bug report
Status

Closed: outdated

Version

10.1 ✨

Component
RoutingΒ  β†’

Last updated 6 days ago

Created by

πŸ‡ΊπŸ‡ΈUnited States malcolm_p

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone

    @malcolm_p, Thank you for reporting this problem. We rely on issue reports like this to improve Drupal core.

    I tested this on 10.1.x, standard install, and was not able to reproduce this error. I followed the steps given in the Issue Summary.

    Therefore, closing as outdated. If you are experiencing this problem on a supported version of Drupal reopen the issue, by setting the status to 'Active', and provide complete steps to reproduce the issue β†’ (starting from "Install Drupal core").

    Thanks!

  • Comment about 1 year ago β†’
    codebymikey

    Was unable to replicate this in a clean core install. Core will simply return a "A client error happened" response.

    For me, it was triggered because another custom kernel.request event subscriber made a call to \Drupal\Core\Path\PathValidatorInterface::getUrlIfValid(), but didn't have any error handling in place, resulting in an infinite recursion.

    A similar

        try {
      // ...
    }
    catch (ResourceNotFoundException $e) {
      $result = FALSE;
    }
    catch (ParamNotConvertedException $e) {
      $result = FALSE;
    }
    catch (AccessDeniedHttpException $e) {
      $result = FALSE;
    }
    catch (MethodNotAllowedException $e) {
      $result = FALSE;
    }

    try catch used in \Drupal\system\PathBasedBreadcrumbBuilder::getRequestForPath() is also present in \Drupal\Core\Path\PathValidator::getPathAttributes(), so they're probably somewhat related.

  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States millenniumtree Holualoa, HI

    I had this happen in Drupal 9.5.11. Sorry it's not the latest, but that's what I have currently and where it was triggered.

    I've attached a sanitized backtrace showing where it loops. The inner block looped hundreds of times before running out of memory.

    I've also attached a basic patch that uses a static integer to count how many times ParamNotConvertedException is thrown (and then just don't throw the exception if it's more than once).

    For me, this specifically triggers on an invalid /node/## path, and when NOT logged in. I used the path /node/8675309, but any number that is not a node ID should trigger it as well.

    I do hope someone can make sense of this information, and find the actual cause instead of my static int counter workaround.

    This is a pretty serious bug, because we had a rogue web scraper hit HUNDREDS of bad /node/## pages, tying up all of our PHP processes, and essentially DDOS'ing our server for a little while.

  • Status changed to Active 28 days ago
  • Comment 28 days ago β†’
    πŸ‡·πŸ‡΄Romania alex.stanciu

    I saw some infinite recursions in one of my projects and couldn't figure out what is going on until today. I am finally able to reproduce this problem and have an explanation for why it happens. And yes, it happens on a fresh installation, but it a (very small) customization for it to happen.

    My particular case:
    - Automated bots were hitting my website with drupalgeddon hacking attempts. This particular bot was POSTing on the homepage using these query params: name[post_render] and name[markup]. After sanitizing these inputs, drupal will delete everything and put an empty name[] array in the query parameter bag. All fine so far.
    - As it happens, I also print a form on all pages (including 4xx) which does a very benign \Drupal::request()->query->get('name')
    - Now adding these two non-issues together leads to an infinite loop, as follows: Drupal will redirect to a 404 page, thus making a subrequest to the 4xxController. My code will call query->get('name'), which will trigger an exception, because the empty array that exists in the query is a non-scalar (Symfony\Component\HttpFoundation\InputBag.php:38). Reading this value leads to a new exception which will render an error page, which will again try to read the value from the query, and on and on until it either runs out of memory or triggers a script timeout.

    A general case:
    - Inside a hook that runs on error pages too, such as a hook_preprocess_html, add the following: \Drupal::request()->query->get('name')
    - Perform a request on any page, adding the query parameter without any value: ?name[]
    - Watch it crash

  • Comment 28 days ago β†’
    πŸ‡¬πŸ‡§United Kingdom catch

    @staalex I think this was fixed in πŸ› DefaultExceptionHtmlSubscriber should not clone the request for 401s Active can you double check with the latest patch release?

  • Comment 27 days ago β†’
    πŸ‡·πŸ‡΄Romania alex.stanciu

    @catch absolutely, I wasn't aware of this core issue. I can confirm the patch fixes the issue (at least my case). Thank you.

  • Comment 27 days ago β†’
    πŸ‡¬πŸ‡§United Kingdom catch

    Thanks for checking. I wasn't aware of this issue until a couple of days ago either. Closing as outdated.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024