Thomas Jackson created TS-4273:
----------------------------------
Summary: HostDB storing of aname overflowing hostdb MultiCache
bounds
Key: TS-4273
URL: https://issues.apache.org/jira/browse/TS-4273
Project: Traffic Server
Issue Type: Bug
Reporter: Thomas Jackson
The metadata improvements implemented in TS-3800 started storing hostnames in
[hostdb|https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1368]
(instead of just the resolution).
>From my investigation HostDB's MultiCache uses a fixed size allocation
>determined by [get_elementsize|
>https://github.com/apache/trafficserver/blob/master/iocore/hostdb/MultiCache.cc#L116]
> (for hostdb this value is 72). So, from what I see if hostdb where to resolve
>a total name longer than 72 characters it would end up overflowing the entry
>bounds. This means that after cycling around the buffer of hostdb once,
>inserts of this type would start overwriting the first N-72 bytes of the next
>entry-- causing all sorts of corruption (and crashes-- likely the cause of
>TS-4207).
To fix this issue we should at a minimum have MultiCache verify the item size
before inserting it (should be easily added for the one where size is passed --
https://github.com/apache/trafficserver/blob/master/iocore/hostdb/MultiCache.cc#L1253).
If we want to support hostnames over the size of a `HostDBInfo` entry, then we
will need to ensure that we allocate `N/72` blocks to store the hostname in, or
store them elsewhere.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
