Memory leak in FB 3.0 under brute-force attack
----------------------------------------------
Key: CORE-4643
URL: http://tracker.firebirdsql.org/browse/CORE-4643
Project: Firebird Core
Issue Type: Bug
Components: Security
Reporter: Pavel Zotov
Attachments: fb30-memory-usage-under-bfa.zip
LI-T6.3.0.31474 Firebird 3.0 Beta 2
Batch for opening N windows with ISQLs, each generates random pair {login,
password} and tries to connect:
----- brute-force.bat -----
@echo off
@cls
setlocal enabledelayedexpansion enableextensions
set winq=%1
@rem default number of windows:
if .%1.==.. set winq=10
@rem Replace with your own:
@rem where FB console utilities are:
set fbc=C:\1INSTALL\FB30SNAP
@rem Settings for connect:
set host=192.168.0.220
set port=3333
set dbnm=oltp30
set sql=tmp-brute-force.sql
@rem Dummy command for isql immediately quit when login fails:
echo set list on; select * from mon$database;>%sql%
for /l %%i in (1, 1, %winq%) do (
start /min brute-force-worker.bat %%i %fbc% %host% %port% %dbnm% %sql%
)
----- end of brute-force.bat -----
Worker batch that launches single ISQL (NB: env. variable %TEMP% has to be
defined):
----- brute-force-worker.bat -----
@echo off
set sn=%1
set fbc=%2
set host=%3
set port=%4
set dbnm=%5
set sql=%6
set logdir=%temp%\hack30
md %logdir% 2>nul
set /a k=1000+%sn
set log=%logdir%\hack_%k:~1,3%.log
del %log% 2>nul
:m1
echo window # %sn%
echo #############
echo.>>%log%
set usr=%random%
set pwd=%random%
echo %time% before attempt to hack with usr=%usr% and pwd=%pwd%>>%log%
@echo on
%fbc%\isql %host%/%port%:%dbnm% -i %sql% -user %usr% -pas %pwd% 2>>%log% 1>>&2
@echo off
echo after attempt to hack: %time%>>%log%
goto m1
----- end of brute-force-worker.bat -----
Test:
====
brute-force.bat 150
Shell sctipt running on Linux for getting memory consumption of process
'firebird' (subdirectory 'logs' has to be exist):
$ cat fb_memo_watch.sh
fbn=firebird
log=./logs/$fbn.memo_usage.$(date +'%y%m%d_%H%M%S').log
rm -f $log
relax=5
while :
do
supertee -a -n $log echo $(date +'%y%m%d_%H%M%S') $(pmap -d $(pgrep
$fbn)|tail -1)
sleep $relax
done
After brute-force.bat running several hours one may see that memory usage
grows - see in attach files 'firebird-*.memo_usage*.log'.
I've run this test both on Release and Debug builds. The latter creates special
debugu file 'memdebug' - it's also in attach.
PS. There is NO such problem on LI-V6.3.4.26821 Firebird 2.5.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
