Claudius Heine created THRIFT-3961: -------------------------------------- Summary: TConnectedClient does not terminate the connection to the client if an exception while processing the received message occures. Key: THRIFT-3961 URL: https://issues.apache.org/jira/browse/THRIFT-3961 Project: Thrift Issue Type: Bug Components: C++ - Library Affects Versions: 0.9.3 Reporter: Claudius Heine
The server should disconnect from the client, if the client sends invalid messages to the server instead of throwing exception for every byte. {code} $ bin/TestServer --protocol=json --transport=http --server-type=thread-pool --port=9080 Starting "thread-pool" server (http/json) listen on: 9080 Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '1'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '2'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '3'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '4'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '5'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '6'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '7'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '8'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '9'. Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: Expected '['; got '0'. {code} when sending {code} $ curl --data "1234567890" http://localhost:9080 {code} This behavior can easily be abused to DOS attack the server, by sending massive amounts of garbage to it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)