You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Pavel Tupitsyn (Jira)" <ji...@apache.org> on 2021/11/26 07:01:00 UTC
[jira] (IGNITE-15921) Vulnerability in thin client protocol leads to OOM
[ https://issues.apache.org/jira/browse/IGNITE-15921 ]
Pavel Tupitsyn deleted comment on IGNITE-15921:
-----------------------------------------
was (Author: ignitetcbot):
{panel:title=Branch: [pull/9610/head] Base: [master] : Possible Blockers (715)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Platform .NET (Windows){color} [[tests 0 CANCELLED|https://ci.ignite.apache.org/viewLog.html?buildId=6291149]]
{color:#d04437}Cache 9{color} [[tests 2|https://ci.ignite.apache.org/viewLog.html?buildId=6291049]]
* IgniteCacheTestSuite9: SystemViewSelfTest.testClientsConnections - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCacheTestSuite9: JmxExporterSpiTest.testClientsConnections - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}Control Utility{color} [[tests 2|https://ci.ignite.apache.org/viewLog.html?buildId=6291055]]
* IgniteControlUtilityTestSuite: GridCommandHandlerMetadataTest.testDropJdbcThinConnectionsOnRemove - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteControlUtilityTestSuite: SystemViewCommandTest.testClientsConnections - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}JDBC Driver{color} [[tests 1 TIMEOUT , Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=6291066]]
* IgniteJdbcDriverTestSuite: WarningOnBigQueryResultsTest.testQueryJdbcThin - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}PDS (Compatibility){color} [[tests 8|https://ci.ignite.apache.org/viewLog.html?buildId=6291071]]
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.8.0] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.9.0] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.8.1] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.13.0-SNAPSHOT] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.7.6] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.9.1] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testOldClientToCurrentServer[Version 2.10.0] - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteCompatibilityBasicTestSuite: JdbcThinCompatibilityTest.testCurrentClientToOldServer[Version 2.13.0-SNAPSHOT] - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}Platform .NET (Core Linux){color} [[tests 1 TC_SERVICE_MESSAGE |https://ci.ignite.apache.org/viewLog.html?buildId=6291011]]
* dll: ClientProtocolCompatibilityTest.TestClientNewerThanServerReconnectsOnServerVersion - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}PDS 1{color} [[tests 0 CANCELLED|https://ci.ignite.apache.org/viewLog.html?buildId=6291215]]
{color:#d04437}Queries 2{color} [[tests 0 CANCELLED|https://ci.ignite.apache.org/viewLog.html?buildId=6291218]]
{color:#d04437}PDS (Indexing){color} [[tests 8|https://ci.ignite.apache.org/viewLog.html?buildId=6291084]]
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testLongIndexDeletionWithRestart - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testLongMulticolumnIndexDeletion - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testLongIndexDeletionCheckWhenOneNodeStopped - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testLongIndexDeletionCheckWhenOneNodeStoppedAndDropIndex - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testDestroyTaskLifecycle - Test has low fail rate in base branch 1,9% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testLongIndexDeletionSimple - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testRemoveIndexesOnTableDrop - Test has low fail rate in base branch 0,0% and is not flaky
* IgnitePdsWithIndexingTestSuite: LongDestroyDurableBackgroundTaskTest.testIndexDeletionTaskRemovedAfterCheckpointFinished - Test has low fail rate in base branch 0,0% and is not flaky
{color:#d04437}Platform C++ CMake (Linux Clang){color} [[tests 0 JVM CRASH , Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=6291102]]
{color:#d04437}Queries 1{color} [[tests 0 CANCELLED|https://ci.ignite.apache.org/viewLog.html?buildId=6291217]]
{color:#d04437}Java Client{color} [[tests 63|https://ci.ignite.apache.org/viewLog.html?buildId=6291097]]
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnJdbcClientDestroyOnThinClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnThinClientSrvDestroyOnRestClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testFewCachesCreatedInChainWithCacheGroupNameEqualsFirstCacheNameRestClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testServerThenClientCacheCreation - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnThickClientDestroyOnSrv - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testFewCachesCreatedInChainWithDifferentConfigJdbcThinClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnSrvDestroyOnThickClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testDestroyCachesThinClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testFewCachesCreatedInChainWithCacheGroupNameEqualsFirstCacheNameThickClient - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnThinClientSrvDestroyOnSrv - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteClientTestSuite: ClientSizeCacheCreationDestructionTest.testCreateOnJdbcClientDestroyOnSrv - Test has low fail rate in base branch 0,0% and is not flaky
... and 52 tests blockers
{color:#d04437}> Build{color} [[tests 0 Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=6291150]]
{color:#d04437}Platform C++ CMake (Linux){color} [[tests 302 JVM CRASH , Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=6291103]]
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionFloor - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionLog - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlDateTimeFunctionTestSuite: TestCurrentDate - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetStmtAttr - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLSetStmtAttr - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLPrimaryKeys - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLNumParams - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetDiagField - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionLog10 - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetDiagRec - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetData - Test has low fail rate in base branch 0,0% and is not flaky
... and 291 tests blockers
{color:#d04437}[Build]{color} [[tests 0 Exit Code |https://ci.ignite.apache.org/viewLog.html?buildId=6291140]]
{color:#d04437}Platform C++ CMake (Win x64 / Release){color} [[tests 303 Exit Code , BuildFailureOnMessage |https://ci.ignite.apache.org/viewLog.html?buildId=6291104]]
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionFloor - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionLog - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlDateTimeFunctionTestSuite: TestCurrentDate - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetStmtAttr - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLSetStmtAttr - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLPrimaryKeys - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLNumParams - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetDiagField - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: SqlNumericFunctionTestSuite: TestNumericFunctionLog10 - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetDiagRec - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOdbcTest: ApiRobustnessTestSuite: TestSQLGetData - Test has low fail rate in base branch 0,0% and is not flaky
... and 292 tests blockers
{color:#d04437}Open Census{color} [[tests 15|https://ci.ignite.apache.org/viewLog.html?buildId=6291070]]
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testSelectQueryUserThreadSpanNotAffected - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testCopy - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testParserCacheHitTag - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testDelete - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testUpdateWithReducerSkipped - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testNextPageRequestFailure - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testDistributedJoin - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testCreateTable - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testSelectWithParallelism - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testSelectLocal - Test has low fail rate in base branch 0,0% and is not flaky
* IgniteOpenCensusSuite: OpenCensusSqlJdbcTracingTest.testUpdate - Test has low fail rate in base branch 0,0% and is not flaky
... and 4 tests blockers
{panel}
{panel:title=Branch: [pull/9610/head] Base: [master] : New Tests (4)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}
{color:#00008b}Platform .NET (Core Linux){color} [[tests 1|https://ci.ignite.apache.org/viewLog.html?buildId=6291011]]
* {color:#013220}dll: RawSocketTest.TestInvalidHandshakeClosesConnection - PASSED{color}
{color:#00008b}Thin Client: Java{color} [[tests 3|https://ci.ignite.apache.org/viewLog.html?buildId=6291075]]
* {color:#013220}ClientTestSuite: ConnectionTest.testNegativeMessageSizeDropsConnection - PASSED{color}
* {color:#013220}ClientTestSuite: ConnectionTest.testHandshakeTooLargeServerDropsConnection - PASSED{color}
* {color:#013220}ClientTestSuite: ConnectionTest.testInvalidHandshakeHeaderDropsConnection - PASSED{color}
{panel}
[TeamCity *--> Run :: All* Results|https://ci.ignite.apache.org/viewLog.html?buildId=6291239&buildTypeId=IgniteTests24Java8_RunAll]
> Vulnerability in thin client protocol leads to OOM
> --------------------------------------------------
>
> Key: IGNITE-15921
> URL: https://issues.apache.org/jira/browse/IGNITE-15921
> Project: Ignite
> Issue Type: Improvement
> Components: thin client
> Affects Versions: 2.11
> Reporter: Ilya Kazakov
> Assignee: Pavel Tupitsyn
> Priority: Critical
> Fix For: 2.13
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As thin client protocol interprets first 4 bytes as message size and allocate array for it. Any "big" 4 bytes sent on thin client port could leads to OOM.
> Some ideas to resolve:
> - print WARN in case of big client message
> - allocate array not for all message, but allocate it gradually.
> - read more then first4 bytes to understand is it real client message, or it is some trash.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)