[
https://issues.apache.org/jira/browse/ZOOKEEPER-3280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769800#comment-16769800
]
Liam edited comment on ZOOKEEPER-3280 at 2/15/19 10:44 PM:
-----------------------------------------------------------
Jonathan, completely not the space to be asking this.
I am trying to associated/correlate these struts STR numbers to CVE numbers.
Example, I have CVE-2016-1182, but not sure how to relate it to a STR.
Note: I can delete afterwards I notice!
was (Author: lmsh...@gmail.com):
Jonathan, completely not the space to asking this.
I am trying to associated/correlate these struts STR numbers to CVE numbers.
Example, I have CVE-2016-1182, but not sure how to relate it to a STR.
> ClientCnxn xid rollover can break sessions
> ------------------------------------------
>
> Key: ZOOKEEPER-3280
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3280
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client
> Affects Versions: 3.4.6, 3.4.12
> Reporter: Jonathan Park
> Priority: Major
> Attachments: ZKOutOfOrder.java
>
>
>
> {code:java}
> 2019-02-15 13:40:21,471 [myid:] - DEBUG
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@759] - Got auth
> sessionid:0x168f2c5e9c60017
> 2019-02-15 13:40:21,472 [myid:] - WARN
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1166] - Session
> 0x168f2c5e9c60017 for server localhost/0:0:0:0:0:0:0:1:2181, unexpected
> error, closing socket connection and attempting reconnect
> java.io.IOException: Xid out of order. Got Xid -3 with err 0 expected Xid -4
> for a packet with details: clientPath:null serverPath:null finished:false
> header:: -4,8 replyHeader:: 0,0,-4 request:: '/,F response:: v{}
> at
> org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:828)
> at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
> at
> org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
> at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1143)
> 2019-02-15 13:40:22,520 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1027] - Opening socket
> connection to server localhost/127.0.0.1:2181. Will not attempt to
> authenticate using SASL (unknown error)
> 2019-02-15 13:40:22,521 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@877] - Socket
> connection established to localhost/127.0.0.1:2181, initiating session
> 2019-02-15 13:40:22,521 [myid:] - DEBUG
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@950] - Session
> establishment request sent on localhost/127.0.0.1:2181
> 2019-02-15 13:40:22,522 [myid:] - INFO
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1301] - Session
> establishment complete on server localhost/127.0.0.1:2181, sessionid =
> 0x168f2c5e9c60017, negotiated timeout = 30000
> 2019-02-15 13:40:22,525 [myid:] - DEBUG
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@742] - Got ping
> response for sessionid: 0x168f2c5e9c60017 after 235329552ms
> {code}
> ClientCnxn xid's are tracked as java int's. For long-lived ZK clients this
> can lead to rollover into the negative xid space. Xid = -4 is treated as a
> special xid reserved for auth requests. With xid rollover, a normal ZK
> request can also have xid = -4 but the response will be treated as an auth
> response making subsequent packet processing error with the exception above.
> We can reproduce this more readily by changing the starting xid in ClientCnxn
> from 1 to -100. The ZK client will transparently reconnect and establish a
> new session but features that depended on the same session persisting will
> unnecessarily experience a disconnected event.
>
> I've attached simple class with a main() method that reproduces the failure
> quickly against a local ZK server after modifying the initial value of
> ClientCnxn.xid from 1 to -100.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
