[
https://issues.apache.org/jira/browse/ZOOKEEPER-3016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
sumit agrawal resolved ZOOKEEPER-3016.
--------------------------------------
Resolution: Fixed
> Follower QuorumCnxManager$Listener thread died due to incorrect client packet
> -----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3016
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3016
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.4.6
> Reporter: sumit agrawal
> Priority: Major
>
> While accepting connection from client, and message is incorrect, this causes
> NegativeArraySizeException while creating byte array of negative size.
>
> ~2018-03-02 23:51:21 [UTC:20180302T235121+0100]|INFO
> ||/xx.xx.xx.xx:3888hread|Coordination > Received connection request
> /yy.yy.yy.yy:18320 (QuorumCnxManager.java:511)~
> ~2018-03-02 23:51:21
> [UTC:20180302T235121+0100]|ERROR||/xx.xx.xx.xx:3888hread|Coordination >
> Thread Thread[/xx.xx.xx.xx:3888,5,main] died (NIOServerCnxnFactory.java:44)~
> ~java.lang.NegativeArraySizeException~
> ~at
> org.apache.zookeeper.server.quorum.QuorumCnxManager.receiveConnection(QuorumCnxManager.java:242)~
> ~at
> org.apache.zookeeper.server.quorum.QuorumCnxManager$Listener.run(QuorumCnxManager.java:513)~
>
> Below is code reference having the issue.
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
>
> This makes other node in quorum unable to connect to this node. Here client
> is security scan app.
>
> Check for invalid input must be present to avoid Node crashing and security.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
