thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yurong LIAO (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (THRIFT-4107) Thrift Server crashes when receiving specific bad packet
Date Fri, 03 Mar 2017 06:56:45 GMT

     [ https://issues.apache.org/jira/browse/THRIFT-4107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yurong LIAO updated THRIFT-4107:
--------------------------------
    Attachment: THRIFT-4107.patch

test performed.
1. All unit test cases, by executing 'make -k check'
2. Intentionally send a packet composed of 4 bytes followed with 0 and the verify the server
does not crash. 

> Thrift Server crashes when receiving specific bad packet
> --------------------------------------------------------
>
>                 Key: THRIFT-4107
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4107
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.1, 0.9.2, 0.9.3, 0.10.0
>         Environment: Ubuntu 12.04
> Thrift 0.9.1
>            Reporter: Yurong LIAO
>              Labels: easyfix, easytest, security
>         Attachments: THRIFT-4107.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> A server program with Thrift 0.9.1 always crash when receiving a specific packet from
client. It's 100% reproducible by intentionally sending a packet consist of any 4 bytes followed
with a 0.
> After checking the code, it is found that the crash is caused by an assert in method
TNonblockingServer::TConnection::workSocket() (line 494, file TNonblockingServer.cpp). To
prevent the crash, protection code can be add to check readWant_ when receiving data from
client.
> The issue was found 0.9.1 and also exists in latter versions including latest code.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message