[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15093703#comment-15093703
]
Markus Aalto commented on ZOOKEEPER-2186:
-
We are using 3.4.6. The proposed patch looks as it might work for us. Although
it would requires changing OS keep alive options.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15092564#comment-15092564
]
Powell Molleti commented on ZOOKEEPER-2186:
---
ZOOKEEPER-2353
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15091128#comment-15091128
]
Rakesh R commented on ZOOKEEPER-2186:
-
Thanks [~maalto], [~geek101] for the discussions.
{quote}
Any considerations regarding this patch if there is a need to add more
information into the InitialMessage in future?
Now with the change it would fail to accept connections from members having
different protocol version, and I see it will be quite difficult (or
impossible) to do rolling upgrades in production systems.
{quote}
To understand more, I hope you referring to the following logic in the trunk &
3.5 branch. Is there any thing to be addressed in 3.4 branch code?
{code}
if (protocolVersion != PROTOCOL_VERSION) {
throw new InitialMessageException(
"Got unrecognized protocol version %s",
protocolVersion);
}
{code}
{quote}
Markus I have come across the same issue and decided to implement this by
sending the same notification. I am working on this as part of ZOOKEEPER-901,
refer some of the discussions about this here ZOOKEEPER-1045.
{quote}
[~geek101] Do you have specific comments about ZOOKEEPER-1045 jira
implementation?
In ZOOKEEPER-1045 jira I'm thinking of a logic based on PROTOCOL_VERSION. I've
referred {{3.4 branch}} code base, here I failed to see any validation logic
against the PROTOCOL_VERSION. Till now old servers are not sending any
PROTOCOL_VERSION but instead just send their sid. So I think I can safely write
an upgradation steps from {{3.4.x}} version to {{3.4.y}} version, right? If
anybody is interested to know my upgradation proposal in ZK-1045 please refer
https://issues.apache.org/jira/secure/attachment/12780771/ZOOKEEPER-1045-Rolling%20Upgrade%20Design%20Proposal.pdf
and welcome any comments/questions.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15090660#comment-15090660
]
Flavio Junqueira commented on ZOOKEEPER-2186:
-
I'm still waiting for [~rgs] to give his opinion on this one, but given that
this change is out in both 3.4.7 and and 3.5.1, I'd rather have this discussed
in a separate jira. Could you one of you [~geek101] [~maalto] please start
another jira?
If this issue really breaks compatibility, then it needs to be a blocker.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15089067#comment-15089067
]
Markus Aalto commented on ZOOKEEPER-2186:
-
I think this was one of the reasons I did my implementation directly in the
QuorumCnxManager within the SendWorker and RecvWorker threads directly
writing/reading from the stream. This made it totally invisible for the
FastLeaderElection algorithm, as Notification was just one of the message types
in the connection level as soon as the initial handshake was completed, and
keep-alive was managed by inside the QuorumCnxManager (as I think it should
be). Unfortunately due to the issues in the handshake not supporting upgrades I
got stuck on finding a good way to get the change in.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15089120#comment-15089120
]
Markus Aalto commented on ZOOKEEPER-2186:
-
I think this might work, but I think it would still require change to allow
different protocol version message to be accepted and skipped properly. With
that change the the newer protocol version member could adapt to older version
easily.
Regarding https://issues.apache.org/jira/browse/ZOOKEEPER-901 I'm not seeing
immediately how it will fix the issue unless proper keep-alive is implemented
for both directions. We have been hitting some cases in our prod environment
where one direction of the TCP/IP connection is working, but other is not
working. This causes whole ZK cluster to fail when leader election starts. So
the keep-alive would need to be monitored for both directions.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15083390#comment-15083390
]
Markus Aalto commented on ZOOKEEPER-2186:
-
As I see it any member having different protocol version implementation than
the existing protocol version (= -65536L) would fail to communicate with the
member running this patch (older versions still allowed as the patch provides
backward compatibility). This is because of the protocol version check that has
been added to the parse() method of the InitialMessage class.
Additionally, I think the message format for the Initial message should allow
older version to skip data that the newer versions would add to the message.
This would require writing the full message length after the sid field in the
message. Now the parsing code assumes that the remaining data is fully used for
host address and port. This is how it is now, but that assumption will make it
difficult to add any new fields to the message without breaking the upgrade
path.
I hope this explanation clarified my concerns.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15083172#comment-15083172
]
Flavio Junqueira commented on ZOOKEEPER-2186:
-
[~maalto] as I can see in the patch, the change is supposed to be backward
compatible. Why is it that you think it isn't more concretely? Perhaps [~rgs]
can shed some light here.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15083614#comment-15083614
]
Powell Molleti commented on ZOOKEEPER-2186:
---
I agree with Markus here, I noticed this issue but assumed that there is no
expectation perhaps to add to the HDR anymore with respect to this protocol
version -65536L . Otherwise its best to do the following as Markus requested.
{code:java}
dout.writeLong(PROTOCOL_VERSION);
String addr = self.getElectionAddress().getHostString() + ":" +
self.getElectionAddress().getPort();
byte[] addr_bytes = addr.getBytes();
// After version write the total length of msg sent by sender.
dout.writeInt(Long.BYTES + addr_bytes.length);
// Write sid afterwards
dout.writeLong(self.getId());
// Write length of host/port string
dout.writeInt(addr_bytes.length);
// Write host/port string
dout.write(addr_bytes);
{code}
This helps older revisions to ignore msg past host/port since it will read only
what it understands and discard rest of the bytes.
I have another proposal:
Once the RX side when a compatible peer sees new protocol version i.e -65536L
it could reply with -65536L too (this wont happen with older peer since it will
send notification with state, which cannot be -65536L) and both of them could
negotiate in protobufs, and this once and for all solving this issue.
Also I prefer both channels be symmetric with respect to header negotiation
just like the data exchange which makes implementation of channels much easier.
I am not quite sure if this can be done now that 3.5.1 is out there and
Protocol version bump happened sometime ago in ZOOKEEPER-1633.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15083655#comment-15083655
]
Powell Molleti commented on ZOOKEEPER-2186:
---
Markus I have come across the same issue and decided to implement this by
sending the same notification. I am working on this as part of ZOOKEEPER-901,
refer some of the discussions about this here ZOOKEEPER-1045.
Let me know what you think about this idea?. I think this has the potential to
solve the user level keep-alive implementation without the need to send new
bits in hdr and/or the to introduce a new message for keep-alive.
However this breaks the current FLE due to this code: http://bit.ly/1PdWY1D
{code:title=FastLeaderElection.java|borderStyle=solid}
// Verify if there is any change in the proposed leader
while((n = recvqueue.poll(finalizeWait,
TimeUnit.MILLISECONDS)) != null){
if(totalOrderPredicate(n.leader, n.zxid, n.peerEpoch,
proposedLeader, proposedZxid, proposedEpoch)){
recvqueue.put(n);
break;
}
}
{code}
I think this while loop is in error, if I am not mistaken, it should use a
global clock limit how long to poll for rather than hoping no one is going send
any messages with-in the finalizeWait time window. I am hoping to negotiate for
a change here if the submitted patch is found to be reasonable.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15083051#comment-15083051
]
Markus Aalto commented on ZOOKEEPER-2186:
-
Any considerations regarding this patch if there is a need to add more
information into the InitialMessage in future?
Now with the change it would fail to accept connections from members having
different protocol version, and I see it will be quite difficult (or
impossible) to do rolling upgrades in production systems.
I'm looking at submitting a feature to implement application level keep alive
message on the TCP/IP connection used for Leader Election, which would require
either additional information on the InitialMessage or increasing the protocol
version. Currently doing either of those would break the compatibility.
> QuorumCnxManager#receiveConnection may crash with random input
> --
>
> Key: ZOOKEEPER-2186
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
>Affects Versions: 3.4.6, 3.5.0
>Reporter: Raul Gutierrez Segales
>Assignee: Raul Gutierrez Segales
> Fix For: 3.4.7, 3.5.1, 3.6.0
>
> Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
> ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
>
>
> This will allocate an arbitrarily large byte buffer (and try to read it!):
> {code}
> public boolean receiveConnection(Socket sock) {
> Long sid = null;
> ...
> sid = din.readLong();
> // next comes the #bytes in the remainder of the message
>
> int num_remaining_bytes = din.readInt();
> byte[] b = new byte[num_remaining_bytes];
> // remove the remainder of the message from din
>
> int num_read = din.read(b);
> {code}
> This will crash the QuorumCnxManager thread, so the cluster will keep going
> but future elections might fail to converge (ditto for leaving/joining
> members).
> Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14577616#comment-14577616
]
ASF GitHub Bot commented on ZOOKEEPER-2186:
---
Github user rgs1 closed the pull request at:
https://github.com/apache/zookeeper/pull/30
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14557652#comment-14557652
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
+1 for the 3.4 patch. Thanks Raul!
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14543531#comment-14543531
]
Hudson commented on ZOOKEEPER-2186:
---
SUCCESS: Integrated in ZooKeeper-trunk #2691 (See
[https://builds.apache.org/job/ZooKeeper-trunk/2691/])
ZOOKEEPER-2186 QuorumCnxManager#receiveConnection may crash with random input
(rgs via michim) (michim:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1679313)
* /zookeeper/trunk/CHANGES.txt
*
/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
* /zookeeper/trunk/src/java/test/org/apache/zookeeper/test/CnxManagerTest.java
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14543381#comment-14543381
]
Hadoop QA commented on ZOOKEEPER-2186:
--
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12732809/ZOOKEEPER-2186-v3.4.patch
against trunk revision 1679313.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified
tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
-1 patch. The patch command could not apply the patch.
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2697//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186-v3.4.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14543196#comment-14543196
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
+1 I'm checking this in.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14542793#comment-14542793
]
Hadoop QA commented on ZOOKEEPER-2186:
--
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12732673/ZOOKEEPER-2186.patch
against trunk revision 1678645.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2693//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2693//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2693//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14542991#comment-14542991
]
Hongchao Deng commented on ZOOKEEPER-2186:
--
+1
The latest patch looks really good.
Thanks for the clean patch, Raul!
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14542981#comment-14542981
]
Hadoop QA commented on ZOOKEEPER-2186:
--
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12732708/ZOOKEEPER-2186.patch
against trunk revision 1678645.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2694//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2694//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2694//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14543203#comment-14543203
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
[~rgs] this patch does not apply to branch-3.4. Could you upload a separate
patch for 3.4? Thanks!
trunk: http://svn.apache.org/viewvc?view=revisionrevision=1679313
branch-3.5: http://svn.apache.org/viewvc?view=revisionrevision=1679314
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch,
ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14537663#comment-14537663
]
Hadoop QA commented on ZOOKEEPER-2186:
--
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12731857/ZOOKEEPER-2186.patch
against trunk revision 1678645.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2685//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2685//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2685//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14538301#comment-14538301
]
Raul Gutierrez Segales commented on ZOOKEEPER-2186:
---
[~hdeng]: git-review is broken for me today, mind reviewing in the PR:
https://github.com/apache/zookeeper/pull/30
? Thanks!
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14538609#comment-14538609
]
Alexander Shraer commented on ZOOKEEPER-2186:
-
Thanks Raul! I was indeed not very careful here. The patch looks good to me
overall.
Consider reducing the max buffer size - b only contains a string of the form
host:port, so jute.maxbuffer and 1 MB may be way too much.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14538294#comment-14538294
]
ASF GitHub Bot commented on ZOOKEEPER-2186:
---
GitHub user rgs1 opened a pull request:
https://github.com/apache/zookeeper/pull/30
ZOOKEEPER-2186: QuorumCnxManager#receiveConnection may crash with ran…
…dom input
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rgs1/zookeeper ZOOKEEPER-2186
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/30.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #30
commit ff9cdc570fb4c84acf3c8b0c64875b5e54d82523
Author: Raul Gutierrez S r...@twitter.com
Date: 2015-05-11T17:48:47Z
ZOOKEEPER-2186: QuorumCnxManager#receiveConnection may crash with random
input
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14538116#comment-14538116
]
Hongchao Deng commented on ZOOKEEPER-2186:
--
[~rgs]
Can you open a RB for this?
I have some questions and comments to make. Thanks!
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14537608#comment-14537608
]
Hadoop QA commented on ZOOKEEPER-2186:
--
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12731853/ZOOKEEPER-2186.patch
against trunk revision 1678645.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2684//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2684//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2684//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch, ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14537018#comment-14537018
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
https://reviews.apache.org/r/34023
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14536966#comment-14536966
]
Raul Gutierrez Segales commented on ZOOKEEPER-2186:
---
[~michim]: yes, I'd say so.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14536947#comment-14536947
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
do we need this for 3.5.1?
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14537035#comment-14537035
]
Michi Mutsuzaki commented on ZOOKEEPER-2186:
the patch looks good to me overall. i just a couple of questions. also, it
would be great if you can add a test case for this change.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14535419#comment-14535419
]
Hongchao Deng commented on ZOOKEEPER-2186:
--
Good catch!
I will be glad to review and commit it.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14536226#comment-14536226
]
Hadoop QA commented on ZOOKEEPER-2186:
--
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12731682/ZOOKEEPER-2186.patch
against trunk revision 1678032.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2682//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2682//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2682//console
This message is automatically generated.
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection may crash with random input
[
https://issues.apache.org/jira/browse/ZOOKEEPER-2186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14536207#comment-14536207
]
Hongchao Deng commented on ZOOKEEPER-2186:
--
Can you open a RB for it?
QuorumCnxManager#receiveConnection may crash with random input
--
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.6, 3.5.0
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
Attachments: ZOOKEEPER-2186.patch
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going
but future elections might fail to converge (ditto for leaving/joining
members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
