0

We are using gSoap compiled with the WITH_FASTCGI flag. The resulting soap FCGI server is processing (successive) SOAP packets OK, but there is a problem with the error responses.

The first time an error response is created everything works OK. But all subsequent SOAP packets that result in an error will show that first response again, even if the error is different.

I had a quick look through the source code. The stdsoap2.cpp:soap_set_fault(struct soap *soap) seems to simply return if a faultstring has already been set in the soap structure that is being used, rather than update it. This being a FCGI server, gSoap re-uses the soap structure you start it with for each SOAP request so it looks like this is not being cleared properly.

Is there anyone else having similar problems?

Lieuwe
  • 1,734
  • 2
  • 27
  • 41
  • What version of gSOAP are you using? It seems to me that `soap_begin_serve` resets `soap->error = SOAP_OK` in the FCGI serve loop before parsing and processing the next message. It sets a new error string when an error occurs. – Dr. Alex RE Feb 03 '16 at 01:28
  • We are using 2.7.9c, we can't get the later versions to work properly. There is no `soap_begin_serve` in this version. The generated soapServer.cpp has a do/while loop in `soap_begin` that does the `FCGI_Accept()`. – Lieuwe Feb 03 '16 at 09:45
  • Two other problems we found is that (a) it leaks (technically it isn't lost as it keeps a pointer) memory if you use the DEBUG flag and (b) the do/while that runs the `FCGI_Accept()` stops on a SOAP_EOF (basically someone calling the URL without a soap packet). – Lieuwe Feb 03 '16 at 09:55
  • What do you mean? I believe that "leaks" are not really leaks, because the engine tracks memory in `DEBUG` mode to find errors in heap usage. The `soap_destroy()` and `soap_end()` deletes the heap objects in the loop. Also, shouldn't you put a loop around serve() to catch errors and continue? Why use this old 2.7.9c version? – Dr. Alex RE Feb 03 '16 at 18:31
  • When we compile with -DWITH_FASTCGI and -DDEBUG, the memory usage will increase every time a soap packet is processed as one of the structures gSoap uses to track its memory usage isn't freed after a FCGI request. When using -DWITH_FCGI, `soap_serve()` runs a loop provided by gSoap internally. All we do is `soap_init()` a soap structure and call `soap_serve()` once. – Lieuwe Feb 03 '16 at 20:42
  • We run this old version as we keep getting segmentation faults with newer versions (this is on a CentOS6 production machine). – Lieuwe Feb 03 '16 at 20:44
  • Perhaps you could use the most recent 2.8.28 and report problems with the [SourceForge bug tracker](http://sourceforge.net/p/gsoap2/bugs/), if these still occur? I do not have any problems with FASTCGI and gSOAP. I see many improvements were made since 2.7.9 and some have addressed OpenSSL vulnerabilities. – Dr. Alex RE Feb 03 '16 at 21:44

0 Answers0