[jboss-jira] [JBoss JIRA] Created: (JGRP-588) Possible to create a denial of service
Anders Persson (JIRA)
jira-events at lists.jboss.org
Tue Sep 4 04:43:19 EDT 2007
Possible to create a denial of service
--------------------------------------
Key: JGRP-588
URL: http://jira.jboss.com/jira/browse/JGRP-588
Project: JGroups
Issue Type: Feature Request
Affects Versions: 2.5
Environment: Windows, jdk 1.5
Reporter: Anders Persson
Assigned To: Bela Ban
It is possible to create a situation where a server socket will not "release" the client socket and instead hang. The issue is that once the server socket receives an access and the accept() method returns it will immediately wait for the "cookie" (the "bela" string). If however nothing is sent from the client the thread will wait forever for the "cookie". Since this thread also services the accept() on the server socket this means that no further accesses will be accepted until such time the client either sends the "cookie" or terminates the connection. I have no idea why JGroups manages to get into a state where the client does not send the "cookie". Once we found this issue we unfortunately had to deside not to use JGroups which means that we did not investigate the client side.
The solution to the denial of service would be to immediately spawn off a separate thread after accept() returns. This thread would handle any and all further actions related to initiate the communication (including only wait for a limitted time before giving up). The "main" thread would immediately go back to listen for new accesses on the server socket.
The line where the execution hangs is (line 504)
// read the cookie first
in.read(input_cookie, 0, input_cookie.length);
in BasicConnectionTable
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list