[
https://issues.apache.org/jira/browse/THRIFT-3961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15647686#comment-15647686
]
ASF GitHub Bot commented on THRIFT-3961:
----------------------------------------
GitHub user cmhe opened a pull request:
https://github.com/apache/thrift/pull/1125
[THRIFT-3961] TConnectedClient terminates connection when the message…
… could not be processed
Signed-off-by: Claudius Heine <[email protected]>
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cmhe/thrift THRIFT-3961
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/thrift/pull/1125.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1125
----
commit bb3b44dae735a069bde4705c732c10ae5f1eab9e
Author: Claudius Heine <[email protected]>
Date: 2016-11-08T14:17:03Z
[THRIFT-3961] TConnectedClient terminates connection when the message could
not be processed
Signed-off-by: Claudius Heine <[email protected]>
----
> TConnectedClient does not terminate the connection to the client if an
> exception while processing the received message occures.
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: THRIFT-3961
> URL: https://issues.apache.org/jira/browse/THRIFT-3961
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9.3
> Reporter: Claudius Heine
>
> The server should disconnect from the client, if the client sends invalid
> messages to the server instead of throwing exception for every byte.
> {code}
> $ bin/TestServer --protocol=json --transport=http --server-type=thread-pool
> --port=9080
> Starting "thread-pool" server (http/json) listen on: 9080
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '1'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '2'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '3'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '4'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '5'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '6'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '7'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '8'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '9'.
> Thrift: Tue Nov 8 15:10:53 2016 TConnectedClient processing exception:
> Expected '['; got '0'.
> {code}
> when sending
> {code}
> $ curl --data "1234567890" http://localhost:9080
> {code}
> This behavior can easily be abused to DOS attack the server, by sending
> massive amounts of garbage to it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
