You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "James E. King, III (JIRA)" <ji...@apache.org> on 2017/03/03 04:34:45 UTC
[jira] [Updated] (THRIFT-4107) Thrift Server crashes when receiving
specific bad packet
[ https://issues.apache.org/jira/browse/THRIFT-4107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King, III updated THRIFT-4107:
---------------------------------------
Affects Version/s: 0.9.2
0.9.3
0.10.0
> Thrift Server crashes when receiving specific bad packet
> --------------------------------------------------------
>
> Key: THRIFT-4107
> URL: https://issues.apache.org/jira/browse/THRIFT-4107
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9.1, 0.9.2, 0.9.3, 0.10.0
> Environment: Ubuntu 12.04
> Thrift 0.9.1
> Reporter: Yurong LIAO
> Labels: easyfix, easytest, security
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> A server program with Thrift 0.9.1 always crash when receiving a specific packet from client. It's 100% reproducible by intentionally sending a packet consist of any 4 bytes followed with a 0.
> After checking the code, it is found that the crash is caused by an assert in method TNonblockingServer::TConnection::workSocket() (line 494, file TNonblockingServer.cpp). To prevent the crash, protection code can be add to check readWant_ when receiving data from client.
> The issue was found 0.9.1 and also exists in latter versions including latest code.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)