[Koha-bugs] [Bug 25903] Sending a SIP patron information request with a summary field flag in indexes 6-9 will crash server

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Aug 19 15:28:06 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25903

Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #106452|0                           |1
        is obsolete|                            |

--- Comment #5 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Created attachment 108632
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108632&action=edit
Bug 25903: Sending a SIP patron information request with a summary field flag
in indexes 6-9 will crash server

The 'summary' field in the patron information request specifies if detail
information should be send for holds,
overdues, fines, etc. The field is 10 characters in length (0-9). However, the
SIP2 spec only defines indexes 0
though 5, leave 6 though 9 undefined. Some ILSs specify behavior for these
undefined indexes. Apparently the
7th field is often used to request 'Fees', as opposed to 'Fines' in some ILS.
Some software that integrate via
SIP try both the 5th and 7th indexes to ensure they get all fines and fees.

The problem is that Koha's SIP server crashes if any 'summary' index beyond 5
is flagged. We should simply
ignore flags beyond 5 and act as if no flags were sent.

Test Plan:
1) Enable SIP for your instance
2) Send a patron information request with a summary flag in any index beyond 5.
   i.e.: 6300120200617    124846      Y   AOMIDAY|AA21030050054321
3) Note the SIP server just closes the connection without a response
4) Apply this patch
5) Restart the SIP server
6) Send the same request
7) Note you get back the patron information response!

Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Jeff Gaines <jgaine at arlingtonva.us>
Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list