[ZOOKEEPER-3016] Follower QuorumCnxManager$Listener thread died due to incorrect client packet - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.6
Fix Version/s: 3.4.7
Component/s: None
Labels:
None

Description

While accepting connection from client, and message is incorrect, this causes NegativeArraySizeException while creating byte array of negative size.

_{2018-03-02 23:51:21 [UTC:20180302T235121+0100]|INFO ||/xx.xx.xx.xx:3888hread|Coordination > Received connection request /yy.yy.yy.yy:18320 (QuorumCnxManager.java:511)}

_{2018-03-02 23:51:21 [UTC:20180302T235121+0100]|ERROR||/xx.xx.xx.xx:3888hread|Coordination > Thread Thread[/xx.xx.xx.xx:3888,5,main] died (NIOServerCnxnFactory.java:44)}
_{java.lang.NegativeArraySizeException}
_{at org.apache.zookeeper.server.quorum.QuorumCnxManager.receiveConnection(QuorumCnxManager.java:242)}
_{at org.apache.zookeeper.server.quorum.QuorumCnxManager$Listener.run(QuorumCnxManager.java:513)}

Below is code reference having the issue.

int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];

This makes other node in quorum unable to connect to this node. Here client is security scan app.

Check for invalid input must be present to avoid Node crashing and security.

Attachments

Issue Links

Blocked

ZOOKEEPER-2186 QuorumCnxManager#receiveConnection may crash with random input

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Sumit Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Apr/18 05:20

Updated:: 09/Apr/18 10:12

Resolved:: 09/Apr/18 10:12