You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "James E. King, III (JIRA)" <ji...@apache.org> on 2017/03/03 04:34:45 UTC

[jira] [Updated] (THRIFT-4107) Thrift Server crashes when receiving specific bad packet

     [ https://issues.apache.org/jira/browse/THRIFT-4107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James E. King, III updated THRIFT-4107:
---------------------------------------
    Affects Version/s: 0.9.2
                       0.9.3
                       0.10.0

> Thrift Server crashes when receiving specific bad packet
> --------------------------------------------------------
>
>                 Key: THRIFT-4107
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4107
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.1, 0.9.2, 0.9.3, 0.10.0
>         Environment: Ubuntu 12.04
> Thrift 0.9.1
>            Reporter: Yurong LIAO
>              Labels: easyfix, easytest, security
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> A server program with Thrift 0.9.1 always crash when receiving a specific packet from client. It's 100% reproducible by intentionally sending a packet consist of any 4 bytes followed with a 0.
> After checking the code, it is found that the crash is caused by an assert in method TNonblockingServer::TConnection::workSocket() (line 494, file TNonblockingServer.cpp). To prevent the crash, protection code can be add to check readWant_ when receiving data from client.
> The issue was found 0.9.1 and also exists in latter versions including latest code.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)