Server hangs if auxiliary (event) connection is not made [CORE157] #486
Comments
Modified by: @pcisarassignee: Dmitry Yemanov [ dimitr ] => |
|
Commented by: Wilfred Weidler (wweidler) This issue sounds very similar to an incident that I'm having with a client running an application that uses Firebird 1.5.2. The SQL Server hangs indefinitely at random times and will not respond to a Stop or Restart of Service command, must restart Windows server to restore connectivity. The problem seems to have appeared when I upgraded them from Windows 2000 Server to Windows 2003 Small Business Server Standard Edition. Windows 2003 Server introduced a firewall at the server level that was not present in the Windows 2000 Server. I will attempt to open port 3050 on the server and workstations and watch what happens. I do not have access to the application source, but will discuss this issue the vendor's Director of Software Development tomorrow. |
|
Commented by: @dyemanov While I agree that the current server's behaviour is not ideal, I fail to reproduce the server's lockup. When the processing thread is inside the blocking accept() call, the scheduler mutex is released and all other connections work fine (including new ones being attached). So only connections that request events hang while the server still responds to other connections. Hence I don't see this issue as a possible DoS vulnerability. |
|
Commented by: @dyemanov Correction - the blocking accept() call doesn't lockup the server in v2.0 only. All v1.x versions are affected by this bug. |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.0 RC1 [ 10031 ] assignee: Alexander Peshkov [ alexpeshkoff ] SF_ID: 1178240 => |
|
Commented by: @pcisar Verified by QA. |
|
Commented by: @dyemanov The bugfix was backported into v1.5.4, so a status update is necessary. |
Modified by: @dyemanovstatus: Closed [ 6 ] => Reopened [ 4 ] SF_ID: 1178240 => resolution: Fixed [ 1 ] => |
Modified by: @dyemanovstatus: Reopened [ 4 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 1.5.4 [ 10100 ] SF_ID: 1178240 => |
Modified by: @pcisarWorkflow: jira [ 10181 ] => Firebird [ 14402 ] |
Modified by: @pavel-zotovQA Status: No test |
Submitted by: watersco (watersco)
SFID: 1178240#
Submitted By: watersco
If a client requests an auxiliary connection to the server
(i.e. by registering to be notified of events) but the
connection is not established, then the firebird server
completely hangs.
This has been observed under Windows 2000 and XP
with firebird 1.5.2 on more than 10 different systems and
is 100% reproducible.
1. Run a firebird server on one machine with a software
or hardware firewall. Open port 3050 on the firewall, but
no other ports.
2. Run a client application on another machine that
uses events. As soon as an event is registered the
server will hang.
The most common reason for the auxiliary connection
not to be made is if there is a firewall blocking the
second port. There is a subtle issue which means that
this problem is worse than it first appears. Some PC
based software firewalls (e.g. ZoneAlarm and Windows
XP firewall) will notice the ports that running applications
are listening on and automatically (or after asking the
user) will open these ports. However the server does not
listen on the auxiliary port when it starts and so for
some reason the firewalls are fooled and never ask the
user if the auxiliary port should be opened. With
ZoneAlarm the problem is especially bad because it
appears that ZoneAlarm blocks connections even
between applications on the same PC.
The root of the problem is in remote/inet.cpp in
aux_connect(). This function calls accept() to wait for an
incoming connection, but it is a blocking call with no
timeout. So if the connection never comes in the server
is completely and unrecoverably locked up.
At the very least this accept call should have some
timeout.
BTW, this issue was previously submitted and closed
as "by design" as bug number 213460. I would argue
that this issue is becoming increasing significant as
more machines have firewalls installed. In addition, this
problem can be used as a denial of service against
firebird. Simply ask the server for an auxiliary
connection, then do nothing and the server will be
permanently hung.
Thanks, Chris Waters.
The text was updated successfully, but these errors were encountered: