Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.9.3
-
Patch Available
-
Patch
Description
The server should disconnect from the client, if the client sends invalid messages to the server instead of throwing exception for every byte.
$ bin/TestServer --protocol=json --transport=http --server-type=thread-pool --port=9080 Starting "thread-pool" server (http/json) listen on: 9080 Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '1'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '2'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '3'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '4'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '5'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '6'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '7'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '8'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '9'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '0'.
when sending
$ curl --data "1234567890" http://localhost:9080
This behavior can easily be abused to DOS attack the server, by sending massive amounts of garbage to it.
Attachments
Issue Links
- links to
