You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Thomas Jackson (JIRA)" <ji...@apache.org> on 2016/03/14 17:58:33 UTC

[jira] [Created] (TS-4273) HostDB storing of aname overflowing hostdb MultiCache bounds

Thomas Jackson created TS-4273:
----------------------------------

             Summary: HostDB storing of aname overflowing hostdb MultiCache bounds
                 Key: TS-4273
                 URL: https://issues.apache.org/jira/browse/TS-4273
             Project: Traffic Server
          Issue Type: Bug
            Reporter: Thomas Jackson


The metadata improvements implemented in TS-3800 started storing hostnames in [hostdb|https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1368] (instead of just the resolution).

>From my investigation HostDB's MultiCache uses a fixed size allocation determined by [get_elementsize| https://github.com/apache/trafficserver/blob/master/iocore/hostdb/MultiCache.cc#L116] (for hostdb this value is 72). So, from what I see if hostdb where to resolve a total name longer than 72 characters it would end up overflowing the entry bounds. This means that after cycling around the buffer of hostdb once, inserts of this type would start overwriting the first N-72 bytes of the next entry-- causing all sorts of corruption (and crashes-- likely the cause of TS-4207).

To fix this issue we should at a minimum have MultiCache verify the item size before inserting it (should be easily added for the one where size is passed -- https://github.com/apache/trafficserver/blob/master/iocore/hostdb/MultiCache.cc#L1253). If we want to support hostnames over the size of a `HostDBInfo` entry, then we will need to ensure that we allocate `N/72` blocks to store the hostname in, or store them elsewhere.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)