fisco-bcos / bcos-gateway Goto Github PK
View Code? Open in Web Editor NEWGateway for FISCO BCOS 3.0
License: Apache License 2.0
bcos-gateway's Issues
The node has a bug when dealing with unformatted p2p packet and lead to a crash.
Describe the bug
A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably, as the flowing figure shows:
After 200 seconds, over 4000 MB memory has been consumed. If I continue sending the packet, the node will consume all the memory. At last it be killed by the OS. This is a similar issue as: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951
In order to analyze the reason for this bug, I try to debug the code of the node. Here is what I found:
First, I found that in the file libp2p/P2PMessage.cpp, at line 239 in the function decode:
ssize_t P2PMessage::decode(bytesConstRef _buffer)
{
...
// check if packet header fully received
if (_buffer.size() < m_length)
{
return MessageDecodeStatus::MESSAGE_INCOMPLETE;
}
...
}the variable size is 72 and the variable m_length is a very big number under my packet. So the function will return MessageDecodeStatus::MESSAGE_INCOMPLETE whose value is 0.
The variable which accepts the return value is result in libnetwork/Session.cpp at line 421 in the function doRead:
ssize_t result = message->decode(bytesConstRef(s->m_data.data(), s->m_data.size()));and the program will enter into a if-else cluse:
if (result > 0){
...
}
else if (result == 0) {
s->doRead();
break;
}
else {
...
}Because the value of result is 0, so here the program will call the function doRead recursively. If I delete this call, the problem will not occur anymore.
else if (result == 0) {
// s->doRead();
break;
}So I think the reason maybe the developers forget to release certain memory before the return statement if the packet is not decoded correctly!
To Reproduce
Steps to reproduce the behavior:
- Construct a P2P packet which claims to have a big length (set a big value for variable
m_length) - Continuously send the packet to a running node
- The node will consume the memory continuously and crash.
Expected behavior
By handling the abnormal packets correctly, the memory cost will not sustainably increase and the node will not crash.
Screenshots
I have give the screenshots of the memory usage of the node in the description part.
Environment (please complete the following information):
- OS: Ubuntu 16.04
- FISCO BCOS Version: release-3.0.0
Additional context
None!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.