youlong chen created ZOOKEEPER-5003:
---------------------------------------
Summary: Resource Leak (File Descriptor Leak) in ping_rw_server
Key: ZOOKEEPER-5003
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-5003
Project: ZooKeeper
Issue Type: Bug
Components: c client
Affects Versions: 3.9.4
Reporter: youlong chen
{*}Description{*}: In
{{{}zookeeper-client/zookeeper-client-c/src/zookeeper.c{}}}, the function
{{ping_rw_server}} creates a socket but fails to close it if the connection
attempt fails.
The function {{ping_rw_server}} is used when the client is in
{{ZOO_READONLY_STATE}} to periodically check if a Read-Write server is
available.
{code:java}
static int ping_rw_server(zhandle_t* zh)
{
// ...
fd.sock = socket(zh->addr_rw_server.ss_family, sock_flags, 0);
if (fd.sock < 0) {
return 0;
}
// ...
rc = zookeeper_connect(zh, &zh->addr_rw_server, fd.sock);
if (rc < 0) {
return 0; // LEAK: fd.sock is not closed!
}
// ...
} {code}
If {{zookeeper_connect}} returns a negative value (indicating {{connect()}}
failed), the function returns {{0}} immediately, leaking the file descriptor
{{{}fd.sock{}}}.
*Impact* A file descriptor leak can lead to resource exhaustion (FD exhaustion)
in the client application, eventually preventing it from establishing new
connections or opening files. This can cause a Denial of Service (DoS) for the
client application.
*Reproduction*
# Configure the ZooKeeper C client with multiple server addresses, including
some unreachable or closed ports.
# Connect to a server that places the client in {{READ-ONLY}} mode.
# The client will periodically call {{ping_rw_server}} to try to connect to
other servers.
# If it attempts to connect to a closed port, {{zookeeper_connect}} fails, and
the socket is leaked.
*Fix* Close the socket before returning on error.
{code:java}
rc = zookeeper_connect(zh, &zh->addr_rw_server, fd.sock);
if (rc < 0) {
close_zsock(&fd); // Fix
return 0;
} {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
