Hi,

A client is running an e-Commerce site using the superb CGIDEV2 toolset. 
It's running on the Apache server using the current downloadable version 
of CGIDEV2 and we're up to date with cumulative PTFs.

Once or twice every day one or several of the Apache server instances 
crash with an application error. The other server jobs carry on working 
fine servicing other jobs so to counter it in the short term I added a 
reply list entry to dump the jobs automatically.

Does this error imply that somebody is trying to hack the site by 
appending a piece of script to a form request or is it more likely to be a 
bug in our application?

Here's an extract of one of the job logs:

 C2M1212    Diagnostic              30    29/07/04   01:27:19   QC2UTIL1   
 QSYS        *STMT    QZHBCGI      QHTTPSVR     *STMT
                                      From module . . . . . . . . : 
QC2ALLOC 
                                      From procedure  . . . . . . :   free 
 
                                      Statement . . . . . . . . . :   1023 
 
                                      To module . . . . . . . . . : 
CGIPARSE 
                                      To procedure  . . . . . . . : 
ErrorExit__FiPc 
                                      Statement . . . . . . . . . :   459  
 
                                      Message . . . . :   The pointer 
parameter passed to free or realloc is not 
                                        valid.    
                                      Cause . . . . . :   The pointer 
parameter passed to free or realloc was not 
                                        valid. This caused your function 
call to fail. Recovery  . . . :   Correct 
                                        the invalid pointer parameter 
being passed to free or realloc. Technical 
                                        description . . . . . . . . : The 
value of the pointer passed to free or 
                                        realloc is 
X'8000000000000000D033AF37640B2253'.  
 CPF9898    Information             40    29/07/04   01:27:19   QZHBCGI   
QHTTPSVR    *STMT    QZHBCGI      QHTTPSVR     *STMT
                                      From module . . . . . . . . : 
CGIPARSE 
                                      From procedure  . . . . . . : 
ErrorExit__FiPc 
                                      Statement . . . . . . . . . :   470  
 
                                      To module . . . . . . . . . : 
CGIPARSE 
                                      To procedure  . . . . . . . : 
ErrorExit__FiPc 
                                      Statement . . . . . . . . . :   470  
 
                                      Message . . . . :   QzhbCgiParse: 
Error: QUERY_STRING/Body contains search 
                                        keywords -- not form request. .    
 
                                      Cause . . . . . :   This message is 
used by application programs as a general 
                                        escape message.     
 MCH0601    Escape                  40    29/07/04   01:27:19   CGISRVPGM2 
    XXXWEBLPG   *STMT    CGISRVPGM2   XXXWEBLPG    *STMT
  5722SS1 V5R1M0 010525                           Job Log  XXX270 29/07/04 
01:27:20          Page    7
   Job name . . . . . . . . . . :   XXXLIV          User  . . . . . . : 
QTMHHTTP     Number . . . . . . . . . . . :   098190 
   Job description  . . . . . . :   QZHBHTTP        Library . . . . . : 
QHTTPSVR 
 MSGID      TYPE                    SEV   DATE       TIME       FROM PGM   
 LIBRARY     INST     TO PGM       LIBRARY      INST 
                                      From module . . . . . . . . : 
XXXCGIPARS 
                                      From procedure  . . . . . . : 
ZHBGETINPUT 
                                      Statement . . . . . . . . . : 32900  
 
                                      To module . . . . . . . . . : 
XXXCGIPARS 
                                      To procedure  . . . . . . . : 
ZHBGETINPUT 
                                      Statement . . . . . . . . . : 32900  
 
                                      Message . . . . :   Space offset 
X'00000000' or teraspace offset 
                                        X'0000000000000000' is outside 
current limit for object XXXLIV    QTMHHTTP 
                                        098190.    
                                      Cause . . . . . :   You tried to 
operate outside the specified space, tried to 
                                        operate on an unallocated page in 
teraspace, or tried to set the space 
                                        pointer outside the specified 
space. The object referred to is XXXLIV 
                                        QTMHHTTP  098190. The offset 
specified is X'00000000' for most spaces, but 
                                        X'0000000000000000' for teraspace. 
The space class is X'04'. The secondary 
                                        associated space number is 
X'0000'. The activation group mark is 
                                       X'00000000'. The heap space 
identifier is X'00000000'. The pointer to the 
                                       start of the implicit process space 
used for the allocation is 
 X'8000000000000000FEE27AA95B001000'. The space class designates the type 
of 
                                       space as follows: 00-primary 
associated space (includes space objects) 
                                       01-secondary associated space 
02-implicit process space for automatic 
                                       storage 03-implicit process space 
for static storage 04-implicit process 
                                       space for activation group-based 
heap storage 05-constant space 06-space for 
                                       handle-based heap storage 
07-teraspace The object referenced and space class 
                                       information is returned, whenever 
it is available, for all space classes. 
                                       The other information is set only 
when it applies to the returned space 
                                       class value. Otherwise zero values 
are returned. 
RNX9001    Escape                  50    29/07/04   01:27:19   QRNXIE  
QSYS        *STMT    WEB500       XXXWEBLPG    *STMT
                                     From module . . . . . . . . : QRNXMSG 
 
                                     From procedure  . . . . . . : 
SignalException 
                                     Statement . . . . . . . . . :   19    
 
                                     To module . . . . . . . . . : WEB500  
 
                                     To procedure  . . . . . . . : WEB500  
 
                                     Statement . . . . . . . . . : 
12000500 
                                     Message . . . . :   RPG status 00222 
caused procedure ZHBGETINPU in program 
                                       XXXWEBLPG/CGISRVPGM2 to stop.       
 
                                     Cause . . . . . :   A 
programmer-defined error subroutine determined that 
                                       procedure ZHBGETINPU should end 
abnormally. If the status 00222 is between 
                                       00100 and 09999, then the error 
subroutine was invoked due to an error and 
                                       there may be more information in 
the job log relating to the error. Recovery 
                                        . . . :   Correct the error 
indicated by the messages or contact the person 
                                       responsible for program 
maintenance. 
RNQ0202    Sender copy             99    29/07/04   01:27:19   QRNXIE  
QSYS        *STMT    QRNXIE       QSYS         *STMT
                                     From module . . . . . . . . : QRNXMSG 
 
                                     From procedure  . . . . . . : InqMsg  
 
                                     Statement . . . . . . . . . :   2     
 
                                     To module . . . . . . . . . : QRNXMSG 
 
                                     To procedure  . . . . . . . : InqMsg  
 
                                     Statement . . . . . . . . . :   2     
 
                                     Message . . . . :   The call to 
ZHBGETINPU ended in error (C G D F). 
                                     Cause . . . . . :   RPG procedure 
WEB500 in program XXXWEBLPG/WEB500 at 
                                       statement 12000500 called program 
or procedure ZHBGETINPU, which ended in 
                                       error. If the name is *N, the call 
was a bound call by procedure pointer. 
 5722SS1 V5R1M0 010525                           Job Log           XXX270  
29/07/04 01:27:20          Page    8
  Job name . . . . . . . . . . :   XXXLIV          User  . . . . . . : 
QTMHHTTP     Number . . . . . . . . . . . :   098190 
  Job description  . . . . . . :   QZHBHTTP        Library . . . . . : 
QHTTPSVR 
MSGID      TYPE                    SEV   DATE       TIME       FROM PGM  
LIBRARY     INST     TO PGM       LIBRARY      INST 
                                       Recovery  . . . :   Check the job 
log for more information on the cause of 
                                       the error and contact the person 
responsible for program maintenance. 
                                       Possible choices for replying to 
message . . . . . . . . . . . . . . . :   D 
                                       -- Obtain RPG formatted dump. S -- 
Obtain system dump. G -- Continue 
                                       processing at *GETIN. C -- Cancel. 
F -- Obtain full formatted dump. 


Regards

Michael Bailey

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.