You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Raul Gutierrez Segales (JIRA)" <ji...@apache.org> on 2015/05/08 21:37:01 UTC
[jira] [Created] (ZOOKEEPER-2186)
QuorumCnxManager#receiveConnection
Raul Gutierrez Segales created ZOOKEEPER-2186:
-------------------------------------------------
Summary: QuorumCnxManager#receiveConnection
Key: ZOOKEEPER-2186
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
Project: ZooKeeper
Issue Type: Bug
Components: server
Reporter: Raul Gutierrez Segales
Assignee: Raul Gutierrez Segales
Fix For: 3.4.7, 3.5.1, 3.6.0
This will allocate an arbitrarily large byte buffer (and try to read it!):
{code}
public boolean receiveConnection(Socket sock) {
Long sid = null;
...
sid = din.readLong();
// next comes the #bytes in the remainder of the message
int num_remaining_bytes = din.readInt();
byte[] b = new byte[num_remaining_bytes];
// remove the remainder of the message from din
int num_read = din.read(b);
{code}
This will crash the QuorumCnxManager thread, so the cluster will keep going but future elections might fail to converge (ditto for leaving/joining members).
Patch coming up in a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)