Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server terminates abnormally when iscDatabaseInfo() is called with buffer size = 0 [CORE4300] #4623

Closed
firebird-automations opened this issue Dec 15, 2013 · 13 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

Attachments:
FbGetDatabaseinfo_java.zip

It seems that there is somewhat like flaw in protection from invalid arguments inside function iscDatabaseInfo.
For example, gardian of FB SuperServer 2.5.2 will stops service if we pass buffer size = 0 instead of returning (for instance) just empty buffer.

Sample for JayBird (source .java see in attah, class FbGetDatabaseInfo).

window #⁠1

java -cp .;jaybird-full-2.2.4.jar FbGetDatabaseInfo

output:
---------
23:28:46.421 trying to attach. . .
23:28:46.531 attached to 192.168.0.201/3252:employee
23:28:46.546 trying to gather db statistics. . .
--- hangs! no output any more ---

After few seconds in firebird.log on host 192.168.0.201:

CSMIRROR (Client) Sun Dec 15 23:29:10 2013
"C:\1Install\FIREBIRD_2_5\bin\fbserver.exe": terminated abnormally (4294967295)

Window #⁠1 will hang infinitely after that moment.

window #⁠2

isql 192.168.0.201/3252:employee
-- also hangs :( // no answer during five minutes; after this I've cancelled this waiting

BTW, even if we kill window #⁠1 Firebird will not answered for further attempts to connect via ISQL. Guardian service can be terminated only after ~ 1 minute rather than in 1-2 seconds as in common case.

===========================
SQL> show version;
ISQL Version: WI-V2.5.3.26722 Firebird 2.5
Server version:
Firebird/x86/Windows NT (access method), version "WI-V2.5.3.26682 Firebird 2.5"
Firebird/x86/Windows NT (remote server), version "WI-V2.5.3.26682 Firebird 2.5/tcp (CSMIRROR)/P12"
Firebird/x86/Windows NT (remote interface), version "WI-V2.5.3.26722 Firebird 2.5/tcp (csprog)/P12"
on disk structure version 11.2

Commits: b2375e3 036a3cb FirebirdSQL/fbt-repository@eb49c6b FirebirdSQL/fbt-repository@d7623bd

====== Test Details ======

No ability to manage buffer size in the Python fdb driver from outside.
See database_info() method of class Connection, file http://fbcore.py:

def database_info(self, info_code, result_type, page_number = None):
....
self.__check_attached()
buf_size = 256 if info_code != fb_info_page_contents else self.page_size + 10
request_buffer = bs([info_code])

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

Attachment: FbGetDatabaseinfo_java.zip [ 12403 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

On SuperClassic such call leads to these messages in firebird.log:
---------
CSMIRROR Sun Dec 15 23:53:20 2013
Shutting down the server with 2 active connection(s) to 1 database(s), 0 active service(s)

CSMIRROR Sun Dec 15 23:53:25 2013
Firebird shutdown is still in progress after the specified timeout

CSMIRROR Sun Dec 15 23:53:25 2013
Operating system call WaitForSingleObject failed. Error code 6

CSMIRROR Sun Dec 15 23:53:25 2013
operating system directive WaitForSingleObject failed
-?????v? ??????????. (national charset decoding trouble: this is "Invalid descriptor")
---------

-- and just after this messages window that runs java class will get:
23:53:04.390 detaching from database. . .
23:53:04.390 EXCEPTION: SQLSTATE=08006, fb_error=335544721, msg=Unable to complete network request to host "".

@firebird-automations
Copy link
Collaborator Author

Commented by: Claudio Valderrama C. (robocop)

The guardian does not terminate the server. The guardian is telling you that server crashed.

@firebird-automations
Copy link
Collaborator Author

Modified by: Claudio Valderrama C. (robocop)

Version: 2.5.2 [ 10450 ]

Component: Engine [ 10000 ]

summary: Guardian abnormally terminates SuperServer.exe with code=4294967295 when someone issues call of iscDatabaseInfo() with error buffer size = 0 => SuperServer.exe terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0

Component: Guardian [ 10100 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

summary: SuperServer.exe terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 => Server terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

summary: Server terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 => Server terminates abnormally when iscDatabaseInfo() is called with buffer size = 0

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

I've committed the fix for v2.5.3, please test.

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

Confirm: this bug was fixed (checked both SS and SC, WI-V2.5.3.26727)

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5.3 [ 10461 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Test Details: No ability to manage buffer size in the Python fdb driver from outside.
See database_info() method of class Connection, file http://fbcore.py:

def database_info(self, info_code, result_type, page_number = None):
....
self.__check_attached()
buf_size = 256 if info_code != fb_info_page_contents else self.page_size + 10
request_buffer = bs([info_code])

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants