fisco-bcos / bcos-gateway Goto Github PK
View Code? Open in Web Editor NEWGateway for FISCO BCOS 3.0
License: Apache License 2.0
Gateway for FISCO BCOS 3.0
License: Apache License 2.0
Describe the bug
A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably, as the flowing figure shows:
After 200 seconds, over 4000 MB memory has been consumed. If I continue sending the packet, the node will consume all the memory. At last it be killed by the OS. This is a similar issue as: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951
In order to analyze the reason for this bug, I try to debug the code of the node. Here is what I found:
First, I found that in the file libp2p/P2PMessage.cpp
, at line 239 in the function decode
:
ssize_t P2PMessage::decode(bytesConstRef _buffer)
{
...
// check if packet header fully received
if (_buffer.size() < m_length)
{
return MessageDecodeStatus::MESSAGE_INCOMPLETE;
}
...
}
the variable size
is 72 and the variable m_length
is a very big number under my packet. So the function will return MessageDecodeStatus::MESSAGE_INCOMPLETE
whose value is 0.
The variable which accepts the return value is result
in libnetwork/Session.cpp
at line 421 in the function doRead
:
ssize_t result = message->decode(bytesConstRef(s->m_data.data(), s->m_data.size()));
and the program will enter into a if-else cluse:
if (result > 0){
...
}
else if (result == 0) {
s->doRead();
break;
}
else {
...
}
Because the value of result
is 0, so here the program will call the function doRead
recursively. If I delete this call, the problem will not occur anymore.
else if (result == 0) {
// s->doRead();
break;
}
So I think the reason maybe the developers forget to release certain memory before the return statement if the packet is not decoded correctly!
To Reproduce
Steps to reproduce the behavior:
m_length
)Expected behavior
By handling the abnormal packets correctly, the memory cost will not sustainably increase and the node will not crash.
Screenshots
I have give the screenshots of the memory usage of the node in the description part.
Environment (please complete the following information):
Additional context
None!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.