Description Agostino Sarubbo 2015-02-27 17:05:30 UTC

From ${URL} :

Description of problem:
    We construct some rpc messages and send it to the IP and port which glusterfsd listens, the memory usage goes up quickly until exhausted

Version-Release number of selected component (if applicable):
    3.3.0, 3.4.1, 3.5.0


Steps to Reproduce:
1. Start glusterfs services, and get the IP and port that one glusterfsd process listens

2. Run the attachement python script, which connects the IP and port and send four bytes 00 00 00 00 to the glusterfsd process

3. Watch the memory usage of the glusterfsd process. It will grow up quickly

Actual results:
   Memory of the glusterfsd process grows up quickly till exhausted

Expected results:
   Glusterfsd just ignores the messages


Additional info:
   The bug seems in __socket_proto_state_machine, which goes into an infinite loop to malloc memories when handle the special message. The special message is "multi fragments in a single record", and some values are not reset when handle next fragment.
  
   We tested below fix and it seems work:
          if (!RPC_LASTFRAG (in->fraghdr)) {
 
+             in->pending_vector = in->vector;
+             in->pending_vector->iov_base =  &in->fraghdr;
+             in->pending_vector->iov_len  = sizeof (in->fraghdr);
              in->record_state = SP_STATE_READING_FRAGHDR;
              break;
           }


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.