Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I was going to report a simple regression in Drupal's database error handling, which in D7 has reverted to a WSOD instead of the nice maintenance page in D6.
Then I took a closer look at the output that was printed, and imagine my surprise when I saw my database password on the public page - joy. The host name is truncated to four letters, but is not particularly hard to guess.
I've been told to post D7 security issues here rather than send them to the security team to be handled. If that is wrong, please don't hit me.
Specific error output:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000] [1203] User {USER} already has more than 'max_user_connections' active connections' in includes/database/database.inc:224
Stack trace:
#0 includes/database/database.inc(224): PDO->__construct('mysql:host=loca...', '{USER}', '{PASSWORD}', Array)
#1 includes/database/mysql/database.inc(32): DatabaseConnection->__construct('mysql:host=loca...', '{USER}', '{PASSWORD}', Array)
#2 includes/database/database.inc(1054): DatabaseConnection_mysql->__construct(Array)
#3 includes/database/database.inc(892): Database::openConnection('default', 'default')
#4 includes/database/database.inc(1425): Database::getActiveConnection('default')
#5 includes/database/database.inc on line 224
Comment | File | Size | Author |
---|---|---|---|
#12 | database.patch | 2.84 KB | mfb |
Comments
Comment #1
cburschkaSpecific conditions for this to apply:
1.) Webserver has to be set to print fatal errors
2.) Database has to fail in any way. I have tested unknown host (DNS fail), no local socket/server did not reply (Server not running), the above user_max_connection (Server overloaded), access denial (Bad username/password, or a change in the database grants).
Comment #2
chx CreditAttribution: chx commentedThere shall not be uncaught exceptions....
Comment #3
Damien Tournoud CreditAttribution: Damien Tournoud commentedWe will move the exception handler higher in the bootstrap process (#325169: Move error/exception handler higher up in the bootstrap process), and the "issue" will go away by itself.
Comment #4
mfbSaw a similar exception when load-testing d7 with ab:
Also, this is returning a 200 response code but should presumably be triggering a 503 Service unavailable.
Comment #6
brmassa CreditAttribution: brmassa commentedGuys,
same here.
i started Apache but not my database. Running Drupal, my username and password were there for everyone to see.
regards,
massa
Comment #7
jurgenhaassubscribe
Comment #8
Crell CreditAttribution: Crell commentedAs per #3, proper handling of exceptions in core should make this go away on its own. That issue should be considered a critical release blocker for Drupal 8 as a result.
Let's come back to this after that's in if necessary.
Comment #9
webchickComment #10
BerdirComment #11
mfbI still think we should fix the issue in drupal 7 of too much information in the error message?
Access denied error message is PDOException: SQLSTATE[28000] [1045] Access denied for user 'root'@'localhost' (using password: YES) in variable_initialize() (line 737 of /var/www/d7/includes/bootstrap.inc).
Can't connect error message is PDOException: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in variable_initialize() (line 737 of /var/www/d7/includes/bootstrap.inc).
Both are now correctly returning 500 Service unavailable
Comment #12
mfbOK here's an initial attempt at fixing this.. Add a new DatabaseConnectionFailedException class and handle it specially in _drupal_log_error()
Comment #13
Damien Tournoud CreditAttribution: Damien Tournoud commentedNot sure about #12 (the exception handler doesn't seem to be the correct place to handle that type of things), but the original issue by itself is fixed.
@mfb: please open another issue if you feel we need to display less information. One way of doing that is to set a message directly when throwing the exception.
Comment #14
mfbThe verbose error message can be hidden with a little effort, by setting
$conf['theme_default'] = 'foobar';
in settings.php and then editing maintenance-page.tpl.php to remove<?php print $messages; ?>
, so I'll leave it to someone else to file a new issue if they want it hidden by default as in Drupal 6.