Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2186

QuorumCnxManager#receiveConnection may crash with random input

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.6, 3.5.0
    • Fix Version/s: 3.4.7, 3.5.1, 3.6.0
    • Component/s: server
    • Labels:
      None

      Description

      This will allocate an arbitrarily large byte buffer (and try to read it!):

          public boolean receiveConnection(Socket sock) {
              Long sid = null;
      ...
                      sid = din.readLong();
                      // next comes the #bytes in the remainder of the message                                                                             
                      int num_remaining_bytes = din.readInt();
                      byte[] b = new byte[num_remaining_bytes];
                      // remove the remainder of the message from din                                                                                      
                      int num_read = din.read(b);
      

      This will crash the QuorumCnxManager thread, so the cluster will keep going but future elections might fail to converge (ditto for leaving/joining members).

      Patch coming up in a bit.

        Attachments

        1. ZOOKEEPER-2186.patch
          13 kB
          Raul Gutierrez Segales
        2. ZOOKEEPER-2186.patch
          12 kB
          Raul Gutierrez Segales
        3. ZOOKEEPER-2186.patch
          9 kB
          Raul Gutierrez Segales
        4. ZOOKEEPER-2186-v3.4.patch
          2 kB
          Raul Gutierrez Segales

          Issue Links

            Activity

              People

              • Assignee:
                rgs Raul Gutierrez Segales
                Reporter:
                rgs Raul Gutierrez Segales
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: