[
https://issues.apache.org/jira/browse/SOLR-15330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319791#comment-17319791
]
Jitesh J Vidhani commented on SOLR-15330:
-----------------------------------------
We tested on Solr 8.8 and this issue doesn't happen there.
> Solr 7.5 memory leak and crash with sql injection type queries
> --------------------------------------------------------------
>
> Key: SOLR-15330
> URL: https://issues.apache.org/jira/browse/SOLR-15330
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: query, Server
> Affects Versions: 7.5
> Environment: Java 8 on CentOS 7.
> Reporter: Jitesh J Vidhani
> Priority: Major
>
> We have a set of standalone solr nodes running on Solr 7.5. We recently had a
> few episodes where the entire cluster crashed and died all together. Digging
> in a little, we found the culprits were some SQL injection attacks happening
> on our site where the search term had SQL injection in it and that was fed
> into the q param in solr. I was able to take a stable solr and isolate it and
> just run 1 query and make it crash. Every time I would run a regular query
> and see it work and then just change the q= parameter and that would time out
> and eventually crash the solr instance. Here is the q param for the query I
> ran:
> q=-6792)))+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,CHR(113)||CHR(98)||CHR(118)||CHR(113)||CHR(113)||CHR(104)||CHR(68)||CHR(86)||CHR(114)||CHR(109)||CHR(97)||CHR(89)||CHR(89)||CHR(112)||CHR(76)||CHR(90)||CHR(105)||CHR(113)||CHR(86)||CHR(102)||CHR(97)||CHR(108)||CHR(89)||CHR(83)||CHR(81)||CHR(107)||CHR(69)||CHR(111)||CHR(97)||CHR(75)||CHR(87)||CHR(68)||CHR(108)||CHR(73)||CHR(68)||CHR(86)||CHR(118)||CHR(101)||CHR(71)||CHR(78)||CHR(106)||CHR(106)||CHR(76)||CHR(65)||CHR(82)||CHR(113)||CHR(106)||CHR(98)||CHR(98)||CHR(113)+FROM+DUAL--+gKiW
> I even stripped out the "||" characters and replaced them with "," and it
> still crashes. Please note these were SQL injection attacks and not real good
> queries. The Solr GC log exposes the problem and shows the memory footprint
> ballooning (from 2GB to 18GB within a minute) to the point where full garbage
> collection fails and the Solr instance is unresponsive. So 1 query is able to
> push it to the tipping point and consume 18GB of memory.
> I have tried searching for long description texts but that works fine. So
> something with these characters is probably causing this. Does anyone know
> how/why this might be happening?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
