DoS attack on server using services API [CORE1149] #1571
Labels
affect-version: 0.9
affect-version: 0.9.4
affect-version: 0.9.5
affect-version: 1.0 RC1
affect-version: 1.0 RC2
affect-version: 1.0.0
affect-version: 1.0.1
affect-version: 1.0.2
affect-version: 1.0.3
affect-version: 1.5 Alpha 3
affect-version: 1.5 Alpha 4
affect-version: 1.5 Alpha 5
affect-version: 1.5 Beta 1
affect-version: 1.5 Beta 2
affect-version: 1.5 Beta 3
affect-version: 1.5 Beta 4
affect-version: 1.5 RC1
affect-version: 1.5 RC2
affect-version: 1.5 RC3
affect-version: 1.5 RC4
affect-version: 1.5 RC5
affect-version: 1.5 RC6
affect-version: 1.5 RC7
affect-version: 1.5 RC8
affect-version: 1.5 RC9
affect-version: 1.5.0
affect-version: 1.5.1
affect-version: 1.5.2
affect-version: 1.5.3
affect-version: 1.5.4
affect-version: 2.0 Beta 1
affect-version: 2.0 Beta 2
affect-version: 2.0 RC1
affect-version: 2.0 RC2
affect-version: 2.0 RC3
affect-version: 2.0 RC4
affect-version: 2.0 RC5
affect-version: 2.0.0
component: engine
component: security
fix-version: 2.0.2
fix-version: 2.1 Alpha 1
priority: critical
type: bug
Submitted by: @AlexPeshkoff
In case of error, thrown in SVC_start, service handle is deleted (or gds_freed() in old versions). But Y-handle knows nothing about it, and continues to use it if user sends more requests. At least it will be used in SVC_detach().
Results are, certainly, unpredictable. In my case server was successfully shutdown, because byte, which was sometimes svc_do_shutdown, happened to be non-zero.
Commits: 0d7eb34 60e06d5
The text was updated successfully, but these errors were encountered: