[jboss-jira] [JBoss JIRA] Updated: (JGRP-588) Possible to create a denial of service

Bela Ban (JIRA) jira-events at lists.jboss.org
Tue Sep 4 05:26:18 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JGRP-588?page=all ]

Bela Ban updated JGRP-588:
--------------------------

    Fix Version/s: 2.6

> Possible to create a denial of service
> --------------------------------------
>
>                 Key: JGRP-588
>                 URL: http://jira.jboss.com/jira/browse/JGRP-588
>             Project: JGroups
>          Issue Type: Feature Request
>    Affects Versions: 2.5
>         Environment: Windows, jdk 1.5
>            Reporter: Anders Persson
>         Assigned To: Bela Ban
>             Fix For: 2.6
>
>
> It is possible to create a situation where a server socket will not "release" the client socket and instead hang. The issue is that once the server socket receives an access and the accept() method returns it will immediately wait for the "cookie" (the "bela" string). If however nothing is sent from the client the thread will wait forever for the "cookie". Since this thread also services the accept() on the server socket this means that no further accesses will be accepted until such time the client either sends the "cookie" or terminates the connection. I have no idea why JGroups manages to get into a state where the client does not send the "cookie". Once we found this issue we unfortunately had to deside not to use JGroups which means that we did not investigate the client side.
> The solution to the denial of service would be to immediately spawn off a separate thread after accept() returns. This thread would handle any and all further actions related to initiate the communication (including only wait for a limitted time before giving up). The "main" thread would immediately go back to listen for new accesses on the server socket.
> The line where the execution hangs is (line 504)
>                // read the cookie first
>                in.read(input_cookie, 0, input_cookie.length);
> in BasicConnectionTable

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list