Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2146

BinaryInputArchive readString should check length before allocating memory

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.7, 3.5.1, 3.6.0
    • Component/s: None
    • Labels:
      None

      Description

      I recently observed a problem caused by malformed packets. ZK server crashed because of OutOfMemoryError.

      The reason is BinaryInputArchive didn't check the length before allocating memory in readString():

        public String readString(String tag) throws IOException {
          	int len = in.readInt();
          	if (len == -1) return null;
          	byte b[] = new byte[len];
              ...
      

      I suggest to add the same check as in readBuffer.

        Attachments

        1. ZOOKEEPER-2146.patch
          4 kB
          Hongchao Deng
        2. ZOOKEEPER-2146.patch
          4 kB
          Hongchao Deng
        3. ZOOKEEPER-2146.patch
          2 kB
          Hongchao Deng
        4. ZOOKEEPER-2146.patch
          2 kB
          Hongchao Deng
        5. ZOOKEEPER-2146.patch
          2 kB
          Hongchao Deng

          Activity

            People

            • Assignee:
              hdeng Hongchao Deng
              Reporter:
              hdeng Hongchao Deng
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: