[jira] [Commented] (THRIFT-3961) TConnectedClient does not terminate the connection to the client if an exception while processing the received message occures.

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/THRIFT-3961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15647686#comment-15647686
 ] 

ASF GitHub Bot commented on THRIFT-3961:
----------------------------------------

GitHub user cmhe opened a pull request:

    https://github.com/apache/thrift/pull/1125

    [THRIFT-3961] TConnectedClient terminates connection when the message…

    … could not be processed
    
    Signed-off-by: Claudius Heine <c...@denx.de>

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cmhe/thrift THRIFT-3961

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/1125.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1125
    
----
commit bb3b44dae735a069bde4705c732c10ae5f1eab9e
Author: Claudius Heine <c...@denx.de>
Date:   2016-11-08T14:17:03Z

    [THRIFT-3961] TConnectedClient terminates connection when the message could 
not be processed
    
    Signed-off-by: Claudius Heine <c...@denx.de>

----


> TConnectedClient does not terminate the connection to the client if an 
> exception while processing the received message occures.
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: THRIFT-3961
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3961
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.3
>            Reporter: Claudius Heine
>
> The server should disconnect from the client, if the client sends invalid 
> messages to the server instead of throwing exception for every byte.
> {code}
> $ bin/TestServer --protocol=json --transport=http --server-type=thread-pool 
> --port=9080
> Starting "thread-pool" server (http/json) listen on: 9080
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '1'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '2'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '3'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '4'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '5'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '6'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '7'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '8'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '9'.
> Thrift: Tue Nov  8 15:10:53 2016 TConnectedClient processing exception: 
> Expected '['; got '0'.
> {code}
> when sending
> {code}
> $ curl --data "1234567890" http://localhost:9080
> {code}
> This behavior can easily be abused to DOS attack the server, by sending 
> massive amounts of garbage to it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)