Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DoS attack on server using services API [CORE1149] #1571

Closed
firebird-automations opened this issue Mar 2, 2007 · 10 comments
Closed

DoS attack on server using services API [CORE1149] #1571

firebird-automations opened this issue Mar 2, 2007 · 10 comments
Assignees
@AlexPeshkoff
Labels
affect-version: 0.9 affect-version: 0.9.4 affect-version: 0.9.5 affect-version: 1.0 RC1 affect-version: 1.0 RC2 affect-version: 1.0.0 affect-version: 1.0.1 affect-version: 1.0.2 affect-version: 1.0.3 affect-version: 1.5 Alpha 3 affect-version: 1.5 Alpha 4 affect-version: 1.5 Alpha 5 affect-version: 1.5 Beta 1 affect-version: 1.5 Beta 2 affect-version: 1.5 Beta 3 affect-version: 1.5 Beta 4 affect-version: 1.5 RC1 affect-version: 1.5 RC2 affect-version: 1.5 RC3 affect-version: 1.5 RC4 affect-version: 1.5 RC5 affect-version: 1.5 RC6 affect-version: 1.5 RC7 affect-version: 1.5 RC8 affect-version: 1.5 RC9 affect-version: 1.5.0 affect-version: 1.5.1 affect-version: 1.5.2 affect-version: 1.5.3 affect-version: 1.5.4 affect-version: 2.0 Beta 1 affect-version: 2.0 Beta 2 affect-version: 2.0 RC1 affect-version: 2.0 RC2 affect-version: 2.0 RC3 affect-version: 2.0 RC4 affect-version: 2.0 RC5 affect-version: 2.0.0 component: engine component: security fix-version: 2.0.2 fix-version: 2.1 Alpha 1 priority: critical type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

In case of error, thrown in SVC_start, service handle is deleted (or gds_freed() in old versions). But Y-handle knows nothing about it, and continues to use it if user sends more requests. At least it will be used in SVC_detach().
Results are, certainly, unpredictable. In my case server was successfully shutdown, because byte, which was sometimes svc_do_shutdown, happened to be non-zero.

Commits: 0d7eb34 60e06d5
@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Fixed broken logic.
Rare case when to fix a buf it was enough only to delete unneeded lines :)

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.0.2 [ 10130 ]

Fix Version: 2.1 [ 10041 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @pcisar

Reopened to update ticket information.

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Closed [ 6 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Fix Version: 2.1 Alpha 1 [ 10150 ]

Fix Version: 2.1.0 [ 10041 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Reopened [ 4 ] => Closed [ 6 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 11654 ] => Firebird [ 15206 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexPeshkoff AlexPeshkoff

Labels
affect-version: 0.9 affect-version: 0.9.4 affect-version: 0.9.5 affect-version: 1.0 RC1 affect-version: 1.0 RC2 affect-version: 1.0.0 affect-version: 1.0.1 affect-version: 1.0.2 affect-version: 1.0.3 affect-version: 1.5 Alpha 3 affect-version: 1.5 Alpha 4 affect-version: 1.5 Alpha 5 affect-version: 1.5 Beta 1 affect-version: 1.5 Beta 2 affect-version: 1.5 Beta 3 affect-version: 1.5 Beta 4 affect-version: 1.5 RC1 affect-version: 1.5 RC2 affect-version: 1.5 RC3 affect-version: 1.5 RC4 affect-version: 1.5 RC5 affect-version: 1.5 RC6 affect-version: 1.5 RC7 affect-version: 1.5 RC8 affect-version: 1.5 RC9 affect-version: 1.5.0 affect-version: 1.5.1 affect-version: 1.5.2 affect-version: 1.5.3 affect-version: 1.5.4 affect-version: 2.0 Beta 1 affect-version: 2.0 Beta 2 affect-version: 2.0 RC1 affect-version: 2.0 RC2 affect-version: 2.0 RC3 affect-version: 2.0 RC4 affect-version: 2.0 RC5 affect-version: 2.0.0 component: engine component: security fix-version: 2.0.2 fix-version: 2.1 Alpha 1 priority: critical type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexPeshkoff @firebird-automations