magic-proxy does not gracefully handle error conditions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
livecd-rootfs (Ubuntu) |
Fix Released
|
Undecided
|
Thomas Bechtold | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Thomas Bechtold | ||
Impish |
Fix Released
|
Undecided
|
Thomas Bechtold |
Bug Description
[Impact]
The fixes for this bug (including the fixes for LP:#1944906) need to be backported to hirsute, focal and bionic) to be able to re-enable the "repo-snapshot-
[Test plan]
1) sudo iptables -v -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080
2) sudo ./magic-proxy --address=
3) curl http://
(there should be no route to that host to trigger the error case, so don't do that in an EC2 instance)
4) sudo killall magic-proxy
5) cat mp.log
6) The problem "AttributeError: 'TimeoutError' object has no attribute 'replace'" should not be in the logfile
[Where problems could occur]
The codepath that will be changed is only executed in livecd-rootfs if the repo-snapshot-stamp feature is enabled. AFAIK this is only enabled for CPC builds so if there are problems, it will only affect CPC team builds. And there, builds (at least for AWS) are currently broken anyway due to this bug.
[Original description]
During an impish build of ubuntu-cpc images with magic-proxy enabled, the installation of certain packages tried to reach an internet endpoint (specifically http://
The magic-proxy log indicated :
10.10.10.2 - - [01/Oct/2021 13:21:26] urlopen() failed for http://
10.10.10.2 - - [01/Oct/2021 13:21:26] code 501, message [Errno 110] Connection timed out
10.10.10.2 - - [01/Oct/2021 13:21:26] "GET /2009-04-
-------
Exception occurred during processing of request from ('10.10.10.2', 49672)
Traceback (most recent call last):
File "/usr/lib/
h.request(
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.send(msg)
File "/usr/lib/
self.connect()
File "/usr/lib/
self.sock = self._create_
File "/usr/lib/
raise err
File "/usr/lib/
sock.
TimeoutError: [Errno 110] Connection timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/share/
with urllib.
File "/usr/lib/
return opener.open(url, data, timeout)
File "/usr/lib/
response = self._open(req, data)
File "/usr/lib/
result = self._call_
File "/usr/lib/
result = func(*args)
File "/usr/lib/
return self.do_
File "/usr/lib/
raise URLError(err)
urllib.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.handle()
File "/usr/lib/
self.
File "/usr/lib/
method()
File "/usr/share/
self.
File "/usr/share/
self.
File "/usr/lib/
'message': html.escape(
File "/usr/lib/
s = s.replace("&", "&") # Must be done first!
AttributeError: 'TimeoutError' object has no attribute 'replace'
Because magic-proxy is proxying all traffic to port 80, it will intercept these sort of messages. The TimeoutError ends up bubbling up to the serversocket handling code, which will then cause a broken pipe for all future communications, effectively breaking future apt calls from within the build environment.
The concrete problem here is that inside magic-proxy, self.send_error is called with the argument of e.reason, which can be a string (no error) or an exception (in case of a nested exception). If the nested exception is passed into self.send_error, html.replace will try to be called on the exception, hence the above exception.
In addition to fixing this specific problem, magic-proxy's request handling should catch all exceptions to not interfere with higher up socketserver handling.
Related branches
- Ubuntu Core Development Team: Pending requested
-
Diff: 31 lines (+10/-2)2 files modifieddebian/changelog (+6/-0)
magic-proxy (+4/-2)
- Ubuntu Core Development Team: Pending requested
-
Diff: 31 lines (+10/-2)2 files modifieddebian/changelog (+6/-0)
magic-proxy (+4/-2)
- Ubuntu Core Development Team: Pending requested
-
Diff: 31 lines (+10/-2)2 files modifieddebian/changelog (+6/-0)
magic-proxy (+4/-2)
- Utkarsh Gupta: Approve
-
Diff: 31 lines (+10/-2)2 files modifieddebian/changelog (+6/-0)
magic-proxy (+4/-2)
Changed in livecd-rootfs (Ubuntu): | |
assignee: | nobody → Thomas Bechtold (toabctl) |
status: | Confirmed → In Progress |
Changed in livecd-rootfs (Ubuntu): | |
assignee: | Thomas Bechtold (toabctl) → nobody |
Changed in livecd-rootfs (Ubuntu): | |
assignee: | nobody → Thomas Bechtold (toabctl) |
description: | updated |
Changed in livecd-rootfs (Ubuntu Impish): | |
assignee: | nobody → Thomas Bechtold (toabctl) |
status: | New → In Progress |
Changed in livecd-rootfs (Ubuntu Hirsute): | |
assignee: | nobody → Thomas Bechtold (toabctl) |
status: | New → In Progress |
Status changed to 'Confirmed' because the bug affects multiple users.