[jira] [Created] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection

Raul Gutierrez Segales (JIRA) Fri, 08 May 2015 12:38:00 -0700

Raul Gutierrez Segales created ZOOKEEPER-2186:
-------------------------------------------------


             Summary: QuorumCnxManager#receiveConnection
                 Key: ZOOKEEPER-2186
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2186
             Project: ZooKeeper
          Issue Type: Bug
          Components: server
            Reporter: Raul Gutierrez Segales
            Assignee: Raul Gutierrez Segales
             Fix For: 3.4.7, 3.5.1, 3.6.0


This will allocate an arbitrarily large byte buffer (and try to read it!):

{code}
    public boolean receiveConnection(Socket sock) {
        Long sid = null;
...
                sid = din.readLong();
                // next comes the #bytes in the remainder of the message        
                                                                     
                int num_remaining_bytes = din.readInt();
                byte[] b = new byte[num_remaining_bytes];
                // remove the remainder of the message from din                 
                                                                     
                int num_read = din.read(b);
{code}

This will crash the QuorumCnxManager thread, so the cluster will keep going but 
future elections might fail to converge (ditto for leaving/joining members). 

Patch coming up in a bit.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (ZOOKEEPER-2186) QuorumCnxManager#receiveConnection

Reply via email to