You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by mi...@apache.org on 2015/05/24 08:33:44 UTC
svn commit: r1681417 - in /zookeeper/branches/branch-3.4: CHANGES.txt
src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
Author: michim
Date: Sun May 24 06:33:43 2015
New Revision: 1681417
URL: http://svn.apache.org/r1681417
Log:
ZOOKEEPER-2186 QuorumCnxManager#receiveConnection may crash with random input (rgs via michim)
Modified:
zookeeper/branches/branch-3.4/CHANGES.txt
zookeeper/branches/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
Modified: zookeeper/branches/branch-3.4/CHANGES.txt
URL: http://svn.apache.org/viewvc/zookeeper/branches/branch-3.4/CHANGES.txt?rev=1681417&r1=1681416&r2=1681417&view=diff
==============================================================================
--- zookeeper/branches/branch-3.4/CHANGES.txt (original)
+++ zookeeper/branches/branch-3.4/CHANGES.txt Sun May 24 06:33:43 2015
@@ -76,6 +76,9 @@ BUGFIXES:
ZOOKEEPER-1077: C client lib doesn't build on Solaris (Chris Nauroth via rgs)
+ ZOOKEEPER-2186 QuorumCnxManager#receiveConnection may crash with random input
+ (rgs via michim)
+
IMPROVEMENTS:
ZOOKEEPER-1575. adding .gitattributes to prevent CRLF and LF mismatches for
Modified: zookeeper/branches/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java
URL: http://svn.apache.org/viewvc/zookeeper/branches/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java?rev=1681417&r1=1681416&r2=1681417&view=diff
==============================================================================
--- zookeeper/branches/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java (original)
+++ zookeeper/branches/branch-3.4/src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java Sun May 24 06:33:43 2015
@@ -78,6 +78,11 @@ public class QuorumCnxManager {
*/
static final int MAX_CONNECTION_ATTEMPTS = 2;
+
+ /*
+ * Max buffer size to be read from the network.
+ */
+ static public final int maxBuffer = 2048;
/*
* Negative counter for observer server ids.
@@ -228,7 +233,7 @@ public class QuorumCnxManager {
* possible long value to lose the challenge.
*
*/
- public boolean receiveConnection(Socket sock) {
+ public void receiveConnection(Socket sock) {
Long sid = null;
try {
@@ -237,9 +242,17 @@ public class QuorumCnxManager {
sid = din.readLong();
if (sid < 0) { // this is not a server id but a protocol version (see ZOOKEEPER-1633)
sid = din.readLong();
+
// next comes the #bytes in the remainder of the message
+ // note that 0 bytes is fine (old servers)
int num_remaining_bytes = din.readInt();
+ if (num_remaining_bytes < 0 || num_remaining_bytes > maxBuffer) {
+ LOG.error("Unreasonable buffer length: {}", num_remaining_bytes);
+ closeSocket(sock);
+ return;
+ }
byte[] b = new byte[num_remaining_bytes];
+
// remove the remainder of the message from din
int num_read = din.read(b);
if (num_read != num_remaining_bytes) {
@@ -258,7 +271,7 @@ public class QuorumCnxManager {
} catch (IOException e) {
closeSocket(sock);
LOG.warn("Exception reading or writing challenge: " + e.toString());
- return false;
+ return;
}
//If wins the challenge, then close the new connection.
@@ -301,9 +314,8 @@ public class QuorumCnxManager {
sw.start();
rw.start();
- return true;
+ return;
}
- return false;
}
/**