[ https://issues.apache.org/jira/browse/THRIFT-3961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15647686#comment-15647686 ]
ASF GitHub Bot commented on THRIFT-3961: ---------------------------------------- GitHub user cmhe opened a pull request: https://github.com/apache/thrift/pull/1125 [THRIFT-3961] TConnectedClient terminates connection when the message… … could not be processed Signed-off-by: Claudius Heine <c...@denx.de> You can merge this pull request into a Git repository by running: $ git pull https://github.com/cmhe/thrift THRIFT-3961 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/thrift/pull/1125.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1125 ---- commit bb3b44dae735a069bde4705c732c10ae5f1eab9e Author: Claudius Heine <c...@denx.de> Date: 2016-11-08T14:17:03Z [THRIFT-3961] TConnectedClient terminates connection when the message could not be processed Signed-off-by: Claudius Heine <c...@denx.de> ---- > TConnectedClient does not terminate the connection to the client if an > exception while processing the received message occures. > ------------------------------------------------------------------------------------------------------------------------------- > > Key: THRIFT-3961 > URL: https://issues.apache.org/jira/browse/THRIFT-3961 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9.3 > Reporter: Claudius Heine > > The server should disconnect from the client, if the client sends invalid > messages to the server instead of throwing exception for every byte. > {code} > $ bin/TestServer --protocol=json --transport=http --server-type=thread-pool > --port=9080 > Starting "thread-pool" server (http/json) listen on: 9080 > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '1'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '2'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '3'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '4'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '5'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '6'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '7'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '8'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '9'. > Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception: > Expected '['; got '0'. > {code} > when sending > {code} > $ curl --data "1234567890" http://localhost:9080 > {code} > This behavior can easily be abused to DOS attack the server, by sending > massive amounts of garbage to it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)