socket.accept() might raise ECONNABORTED crashing the server on FreeBSD #105
Labels
bug
Component-Library
imported
imported from old googlecode site and very likely outdated
OpSys-BSD
Priority-High
Security
Comments
|
From [email protected] on April 02, 2009 08:59:15 Summary: socket.accept() might raise ECONNABORTED crashing the server on FreeBSD |
|
From [email protected] on April 02, 2009 09:49:27 |
|
From [email protected] on April 02, 2009 10:46:38 Status: Finished |
|
From [email protected] on April 04, 2009 06:42:45 Labels: Crash |
|
From [email protected] on August 29, 2009 10:34:02 Status: FixedInSVN |
|
From [email protected] on September 13, 2009 13:56:15 Status: Fixed |
|
From [email protected] on September 13, 2009 14:01:52 |
|
From g.rodola on November 05, 2010 19:03:31 |
grembo
added a commit
to grembo/tonic
that referenced
this issue
Aug 17, 2024
On FreeBSD, accept can fail with ECONNABORTED, which means that
"A connection arrived, but it was on the listen queue"
(see `man 2 accept`).
Without this patch, a server without the tls feature exits returing 0
in this case, which makes it vulnerable not only to intentional denial
of service, but also to unintentional crashes, e.g., by haproxy TCP
health checks.
The problem can be reproduced on any FreeBSD system by running the
tonic "helloworld" example (without feature TLS) and then sending a
packet using nmap:
cd examples
cargo run --bin helloworld-server --no-default-features &
nmap -sT -p 50051 -6 ::1
# server exits
When running the example with the feature tls enabled, it won't exit
(as the tls event loop in tonic/src/transport/server/incoming.rs
handles errors gracefully):
cd examples
cargo run --bin helloworld-server --no-default-features \
features=tls &
nmap -sT -p 50051 -6 ::1
# server keeps running
This patch is not optimal - it removes some generic error parameters
to gain access to `std::io::Error::kind()`. The logic itself should be
sound.
See also:
- https://man.freebsd.org/cgi/man.cgi?accept(2)
Accept man page
- giampaolo/pyftpdlib#105
giampaolo/pyftpdlib@0f82232
Basically the same issue (and its fix) in another project
grembo
added a commit
to grembo/tonic
that referenced
this issue
Aug 18, 2024
On FreeBSD, accept can fail with ECONNABORTED, which means that
"A connection arrived, but it was on the listen queue"
(see `man 2 accept`).
Without this patch, a server without the tls feature exits returing 0
in this case, which makes it vulnerable not only to intentional denial
of service, but also to unintentional crashes, e.g., by haproxy TCP
health checks.
The problem can be reproduced on any FreeBSD system by running the
tonic "helloworld" example (without feature TLS) and then sending a
packet using nmap:
cd examples
cargo run --bin helloworld-server --no-default-features &
nmap -sT -p 50051 -6 ::1
# server exits
When running the example with the feature tls enabled, it won't exit
(as the tls event loop in tonic/src/transport/server/incoming.rs
handles errors gracefully):
cd examples
cargo run --bin helloworld-server --no-default-features \
features=tls &
nmap -sT -p 50051 -6 ::1
# server keeps running
This patch is not optimal - it removes some generic error parameters
to gain access to `std::io::Error::kind()`. The logic itself should be
sound.
See also:
- https://man.freebsd.org/cgi/man.cgi?accept(2)
Accept man page
- giampaolo/pyftpdlib#105
giampaolo/pyftpdlib@0f82232
Basically the same issue (and its fix) in another project
github-merge-queue bot
pushed a commit
to hyperium/tonic
that referenced
this issue
Aug 20, 2024
* Prevent server from exiting on ECONNABORTED
On FreeBSD, accept can fail with ECONNABORTED, which means that
"A connection arrived, but it was on the listen queue"
(see `man 2 accept`).
Without this patch, a server without the tls feature exits returing 0
in this case, which makes it vulnerable not only to intentional denial
of service, but also to unintentional crashes, e.g., by haproxy TCP
health checks.
The problem can be reproduced on any FreeBSD system by running the
tonic "helloworld" example (without feature TLS) and then sending a
packet using nmap:
cd examples
cargo run --bin helloworld-server --no-default-features &
nmap -sT -p 50051 -6 ::1
# server exits
When running the example with the feature tls enabled, it won't exit
(as the tls event loop in tonic/src/transport/server/incoming.rs
handles errors gracefully):
cd examples
cargo run --bin helloworld-server --no-default-features \
features=tls &
nmap -sT -p 50051 -6 ::1
# server keeps running
This patch is not optimal - it removes some generic error parameters
to gain access to `std::io::Error::kind()`. The logic itself should be
sound.
See also:
- https://man.freebsd.org/cgi/man.cgi?accept(2)
Accept man page
- giampaolo/pyftpdlib#105
giampaolo/pyftpdlib@0f82232
Basically the same issue (and its fix) in another project
* Handle ECONNABORTED without breaking APIs
This simplifies the previous patch a lot. The string search
is ugly (also not 100% if it's needed or if we could handle
errors like in the TLS enabled accept loop).
* Next iteration based on feedback
* More review feedback
* Only use std::io if needed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From [email protected] on April 02, 2009 17:47:40
Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=105
The text was updated successfully, but these errors were encountered: