[jboss-user] [Persistence, JBoss/CMP, Hibernate, Database] - Postgres 8.1.4 and CMP Error: CVE-2006-2313

fali do-not-reply at jboss.com
Tue Jul 25 08:17:45 EDT 2006 

Hi,

I've developed an application with JBoss AS 4.0.4 and CMP Entity Beans, and Postgres 8.1.0 as the datasource. This works well. Postgres recently released version 8.1.4 as a security update, documented in CVE-2006-2313 and CVE-2006-2314, which covers invalidly escaped UTF-8 data. We've since upgraded to Postgres 8.1.4 as a security measure.

Since then, I've started picking up errors in queries generated by the JBOSS CMP engine under certain conditions, and all related to "Text" fields in the database. Enabling debug support in JBoss shows that the query itself is being generated correctly, an example of which is shown below:

UPDATE scheduler SET status=?, response=? WHERE sched_id=?

where status is a java.lang.Integer, and response and sched_id are java.lang.String's. However the query submitted to the database yields numerous exceptions stemming from a UTF-8 problem. I've included a stack trace at the end of this message. Data being inserted into this database is definately 7-bit ASCII data, which maps directly onto UTF-8 without any problems. My datasource has been explicitly configured to use the UTF-8 encoding, and I'm using the latest JDBC driver. 

I'm not sure exactly what the problem is, or where the problem lies, and I was hoping someone would be able to help out. I suspect that JBossAS is generating a string query that the new Postgres 8.1.4 is not happy with. If so, is there any way to alter the generated code. If not, then any and all other help/suggestions will be appreciated. 

Thanks

fali

Documentation for the Postgres problem may be found at:

http://www.postgresql.org/docs/techdocs.50

The stack trace is:

3:23:26,420 DEBUG [SchedulerE] Executing SQL: UPDATE scheduler SET status=?, response=? WHERE sched_id=?
13:23:26,439 ERROR [LogInterceptor] TransactionRolledbackException in method: public abstract void beans.schedulerebean.interfaces.SchedulerE.saveResponse(java.util.Collection) throws java.rmi.RemoteException, causedBy:
13:23:26,446 DEBUG [NestedThrowable] org.jboss.util.NestedThrowable.parentTraceEnabled=true
13:23:26,448 DEBUG [NestedThrowable] org.jboss.util.NestedThrowable.nestedTraceEnabled=false
13:23:26,448 DEBUG [NestedThrowable] org.jboss.util.NestedThrowable.detectDuplicateNesting=true
org.jboss.tm.JBossRollbackException: Unable to commit, tx=TransactionImpl:XidImpl[FormatId=257, GlobalId=faximt1.elabco.co.za/189, BranchQual=, localId=189] status=STATUS_NO_TRANSACTION; - nested throwable: (javax.ejb.EJBException: Store failed)
	at org.jboss.tm.TransactionImpl.commit(TransactionImpl.java:372)
	at org.jboss.ejb.plugins.TxInterceptorCMT.endTransaction(TxInterceptorCMT.java:501)
	at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:361)
	at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
	at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
	at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
	at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
	at org.jboss.ejb.EntityContainer.internalInvoke(EntityContainer.java:520)
	at org.jboss.ejb.Container.invoke(Container.java:954)
	at sun.reflect.GeneratedMethodAccessor118.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
	at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
	at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
	at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
	at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
	at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
	at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
	at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
	at sun.rmi.transport.Transport$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Unknown Source)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.ejb.EJBException: Store failed
	at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreEntityCommand.execute(JDBCStoreEntityCommand.java:158)
	at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.storeEntity(JDBCStoreManager.java:666)
	at org.jboss.ejb.plugins.CMPPersistenceManager.storeEntity(CMPPersistenceManager.java:428)
	at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.storeEntity(CachedConnectionInterceptor.java:273)
	at org.jboss.ejb.EntityContainer.storeEntity(EntityContainer.java:749)
	at org.jboss.ejb.GlobalTxEntityMap$2.synchronize(GlobalTxEntityMap.java:149)
	at org.jboss.ejb.GlobalTxEntityMap$GlobalTxSynchronization.synchronize(GlobalTxEntityMap.java:295)
	at org.jboss.ejb.GlobalTxEntityMap$GlobalTxSynchronization.beforeCompletion(GlobalTxEntityMap.java:345)
	at org.jboss.tm.TransactionImpl.doBeforeCompletion(TransactionImpl.java:1491)
	at org.jboss.tm.TransactionImpl.beforePrepare(TransactionImpl.java:1110)
	at org.jboss.tm.TransactionImpl.commit(TransactionImpl.java:324)
	... 28 more
Caused by: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
	at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:1525)
	at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1309)
	at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:188)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:452)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:354)
	at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:308)
	at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedStatement.java:251)
	at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreEntityCommand.execute(JDBCStoreEntityCommand.java:150)
	... 38 more


[/url]

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960652#3960652

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960652

More information about the jboss-user mailing list