Kbase P21569: Large cookie header crashes wsisa.dll and IIS
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
09/09/2008 |
|
Status: Verified
SYMPTOM(s):
Access to CGI Wrapper programs through WSISA.DLL stopped functioning
wsisa.dll first shows crashes in event viewer and then the entire website running on IIS is down
The site uses ASP as well and ASP session ids are accumulated in some cookie headers
Following is written to event viewer
The system has called a custom component and that component has failed and
generated an exception. This indicates a problem with the custom component.
Notify the developer of this component that a failure has occurred and provide
them with the information below.
Component Prog ID:
Server Application ID: {3D14228D-FBE1-11D0-995D-00C04FD919C1}
Server Application Name: IIS Out-Of-Process Pooled Applications
The serious nature of this error has caused the process to terminate.
Exception: C0000005
Address: 0x77FCB8F4
Call Stack:
ntdll!RtlFreeHeap + 0x263
ntdll!RtlFreeHeap + 0x104
....
RPCRT4!NdrConformantArrayMemorySize + 0x6A0
KERNEL32!lstrcmpiW + 0xB7
FACT(s) (Environment):
Windows NT 32 Intel/Windows 2000
WebSpeed 3.1D
IIS
CAUSE:
Bug# 20030214-009
CAUSE:
wsisal.dll has a hardcoded limit of the buffer, the buffer could potentially be overflowed under certain conditions.
FIX:
Can be worked around by
Filter out request with large cookie headers
Or switch to cgiip messenger.
The bug is fixed in 10.0A