Ubuntu
firefox package

sends incomplete request when read access to attachment denied by AppArmor

Bug #1777095 reported by Hadmut Danisch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Triaged
High
Unassigned

Bug Description

Hi,

I just reported an ubuntu bug #1777094 and wanted to upload the configuration files as attachments (using ubuntu 18.04 and firefox), but I always just get the error message

Bad Request

Your browser sent a request that this server could not understand.

regards
Hadmut

Revision history for this message
Hadmut Danisch (hadmut) wrote :

If I try to attach with chromium, I get a different error message:

Diese Website ist nicht erreichbar
Die Webseite unter https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1777094/+addcomment ist möglicherweise vorübergehend nicht verfügbar oder wurde dauerhaft an eine neue Webadresse verschoben.
ERR_ACCESS_DENIED

Revision history for this message
Colin Watson (cjwatson) wrote :

I don't see these failing requests in our access logs, which is odd.

Could you please capture details of the failures using your browser's developer tools? In Firefox, Tools -> Web Developer -> Network, then try to upload an attachment, then find the POST request to +addcomment. I'd like the request parameters (in the Params tab) and the request and response headers (in the Headers tab), but please omit the Cookie request header and the Set-Cookie response header.

The failure in Chromium suggests a local network problem to me ...

Changed in launchpad:
status: New → Incomplete
Revision history for this message
Hadmut Danisch (hadmut) wrote :

I've found the problem.

I had the file at a location, where firefox (due to apparmor) could not read it. Unfortunately firefox does not raise any error message, just silently discards the parameter, and launchpad then can't deal with the request and does not even show the regular frame, just a blank white page with that error message.

Request URL: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1777094/+addcomment
Request method: POST
Remote address: 91.189.89.225:443
Status code: 400 Bad Request
Version: HTTP/1.1

Request Headers:

Accept text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language de-DE,en-US;q=0.7,en;q=0.3
Connection keep-alive
Content-Length 1417
Content-Type multipart/form-data; boundary=…15243462251093695542292916172
Cookie lp=C [I removed that here]
DNT 1
Host bugs.launchpad.net
Referer https://bugs.launchpad.net/ubu…smasq/+bug/1777094/+addcomment
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/60.0

No parameters for this request

Colin Watson (cjwatson)
Changed in launchpad:
importance: Undecided → High
status: Incomplete → Triaged
tags: added: lp-bugs ui
Revision history for this message
Colin Watson (cjwatson) wrote :

This is actually failing before it gets as far as Launchpad. Apache's mod_proxy_http is throwing away the request, something like this (this is from a local development installation, but I verified this against Apache logs from our "dogfood" site):

  [Tue Jun 19 20:15:28.820917 2018] [proxy_http:error] [pid 774:tid 3958287168] (70007)The timeout specified has expired: [client 10.36.63.1:56998] AH01095: prefetch request body failed to 127.0.0.1:8086 (localhost) from 10.36.63.1 (), referer: https://bugs.launchpad.dev/redfish/+bug/15/+addcomment

It looks like, when AppArmor prevents reading an attachment, Firefox sends request headers with a non-zero Content-Length, but then fails to actually follow up by sending that amount of content. Launchpad can't work around this, because as I mentioned it fails (non-configurably) at the Apache stage before it gets to the webapp.

I think the only place this can be fixed is in Firefox.

affects: launchpad → firefox (Ubuntu)
tags: removed: lp-bugs ui
summary: - Your browser sent a request that this server could not understand.
+ sends incomplete request when read access to attachment denied by
+ AppArmor
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.