Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3016

Follower QuorumCnxManager$Listener thread died due to incorrect client packet

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.4.6
    • 3.4.7
    • None
    • None

    Description

      While accepting connection from client, and message is incorrect, this causes NegativeArraySizeException while creating byte array of negative size.

       

      2018-03-02 23:51:21 [UTC:20180302T235121+0100]|INFO ||/xx.xx.xx.xx:3888hread|Coordination > Received connection request /yy.yy.yy.yy:18320 (QuorumCnxManager.java:511)

      2018-03-02 23:51:21 [UTC:20180302T235121+0100]|ERROR||/xx.xx.xx.xx:3888hread|Coordination > Thread Thread[/xx.xx.xx.xx:3888,5,main] died (NIOServerCnxnFactory.java:44)
      java.lang.NegativeArraySizeException
      at org.apache.zookeeper.server.quorum.QuorumCnxManager.receiveConnection(QuorumCnxManager.java:242)
      at org.apache.zookeeper.server.quorum.QuorumCnxManager$Listener.run(QuorumCnxManager.java:513)

       

      Below is code reference having the issue.

      int num_remaining_bytes = din.readInt();
      byte[] b = new byte[num_remaining_bytes];

       

      This makes other node in quorum unable to connect to this node. Here client is security scan app.

       

      Check for invalid input must be present to avoid Node crashing and security.

       

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              sumitagrawal sumit agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: