-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 0.9.3
-
Fix Version/s: 0.10.0
-
Component/s: C++ - Library
-
Labels:
-
Patch Info:Patch Available
-
Flags:Patch
The server should disconnect from the client, if the client sends invalid messages to the server instead of throwing exception for every byte.
$ bin/TestServer --protocol=json --transport=http --server-type=thread-pool --port=9080 Starting "thread-pool" server (http/json) listen on: 9080 Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '1'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '2'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '3'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '4'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '5'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '6'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '7'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '8'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '9'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '0'.
when sending
$ curl --data "1234567890" http://localhost:9080
This behavior can easily be abused to DOS attack the server, by sending massive amounts of garbage to it.
- links to