Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-34280

Memcached should disallow DCP connections with names greater than 200 characters (was: ns_server connections may be terminated if a client uses a long DCP_OPEN.name)

    XMLWordPrintable

Details

    • KV-Engine MH 2nd Beta

    Description

      Summary

      If a DCP client uses a long (exact length TBD) name when connecting, it can result in
      STATS calls (for example performed by ns_server to monitor rebalance) to fail:

       462445 2019-05-11T08:18:28.525392+00:00 WARNING 143: exception occurred in runloop during packet execution. Cookie info: {"packet":{"magic":"ClientRequest","opcode":"STAT","keylen":3,"extlen":0,"datatype":"raw","vbucket":0,"bodylen":3,"opaque":"0x0","cas":0},"connection":"[ 127.0.0.1:48735 - 127.0.0.1:11209 (<ud>@ns_server</ud>) ]"} - closing connection: Response::setKeylen: key cannot exceed 1 byte

      Details

      Looks like problem is here - we cap the response keyLen to 1 byte for all response types, not just "Response with flex-framing extras" (0x18):

          void setKeylen(uint16_t value) {
      		 
              if (value > 0xff) {
      		 
                  throw std::invalid_argument(
      		 
                          "Response::setKeylen: key cannot exceed 1 byte");
      		 
              }
      		 
              keylen = uint8_t(value);
      		 
          }

      This change was introduced via: http://review.couchbase.org/#/c/86393/

      See https://github.com/couchbase/kv_engine/blob/master/docs/BinaryProtocol.md#response-header - it should be permitted to return keys up to 65,535 bytes long for "regular" response packets (0x81).

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. MB-49271 Backport MB-35881 to 6.6.4

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. MB-35881 ns_server should generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MB-37246 Ensure Views does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MB-37283 Ensure XDCR does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MB-37243 Ensure Query does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. MB-37244 Ensure 2i does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. CBES-145 Ensure ElastricSearch Connector does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. JDCP-136 Ensure java-DCP-client does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. KAFKAC-160 Ensure Kafka Connector does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. CBG-626 Ensure Sync-Gateway does not generate DCP connection names that are no longer than allowed by memcached

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MB-37241 Ensure FTS does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MB-37242 Ensure Backup does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MB-37245 Ensure Eventing does not generate DCP connection names that are no longer than allowed by memcached

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MB-35882 The Memcached STATS "dcp" command should have a mode that only retrieves stats on connections owned by the user

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. DOC-9381 names used for DCP connections must not be longer than 200 characters

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. JDCP-137 Increase connection name limit from 148 bytes to 200 bytes

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. CMOS-154 Add check for DCP names > 200 chars (MB-34280)

          • Major - Major loss of function.
          • In Review
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Ascending order - Click to sort in descending order
            drigby Dave Rigby created issue -
            drigby Dave Rigby made changes -
            Field Original Value New Value
            Description Looks like problem is here - we cap the response keyLen to 1 byte for all response types, not just "Response with flex-framing extras" (0x18):

            {code:cpp}
                void setKeylen(uint16_t value) {
                    if (value > 0xff) {
                        throw std::invalid_argument(
                                "Response::setKeylen: key cannot exceed 1 byte");
                    }
                    keylen = uint8_t(value);
                }
            {code}

            See https://github.com/couchbase/kv_engine/blob/master/docs/BinaryProtocol.md#response-header - it should be permitted to return keys up to 65,535 bytes long for "regular" response packets (0x81).
            		h2. Summary

            If a DCP client uses a long (exact length TBD) name when connecting, it can result in
            STATS calls (for example performed by ns_server to monitor rebalance) to fail:

            {code}
             462445 2019-05-11T08:18:28.525392+00:00 WARNING 143: exception occurred in runloop during packet execution. Cookie info: {"packet":{"magic":"ClientRequest","opcode":"STAT","keylen":3,"extlen":0,"datatype":"raw","vbucket":0,"bodylen":3,"opaque":"0x0","cas":0},"connection":"[ 127.0.0.1:48735 - 127.0.0.1:11209 (<ud>@ns_server</ud>) ]"} - closing connection: Response::setKeylen: key cannot exceed 1 byte
            {code}

            h2. Details

            Looks like problem is here - we cap the response keyLen to 1 byte for all response types, not just "Response with flex-framing extras" (0x18):

            {code:cpp}
                void setKeylen(uint16_t value) {
                    if (value > 0xff) {
                        throw std::invalid_argument(
                                "Response::setKeylen: key cannot exceed 1 byte");
                    }
                    keylen = uint8_t(value);
                }
            {code}

            See https://github.com/couchbase/kv_engine/blob/master/docs/BinaryProtocol.md#response-header - it should be permitted to return keys up to 65,535 bytes long for "regular" response packets (0x81).
            drigby Dave Rigby made changes -
            Description h2. Summary

            If a DCP client uses a long (exact length TBD) name when connecting, it can result in
            STATS calls (for example performed by ns_server to monitor rebalance) to fail:

            {code}
             462445 2019-05-11T08:18:28.525392+00:00 WARNING 143: exception occurred in runloop during packet execution. Cookie info: {"packet":{"magic":"ClientRequest","opcode":"STAT","keylen":3,"extlen":0,"datatype":"raw","vbucket":0,"bodylen":3,"opaque":"0x0","cas":0},"connection":"[ 127.0.0.1:48735 - 127.0.0.1:11209 (<ud>@ns_server</ud>) ]"} - closing connection: Response::setKeylen: key cannot exceed 1 byte
            {code}

            h2. Details

            Looks like problem is here - we cap the response keyLen to 1 byte for all response types, not just "Response with flex-framing extras" (0x18):

            {code:cpp}
                void setKeylen(uint16_t value) {
                    if (value > 0xff) {
                        throw std::invalid_argument(
                                "Response::setKeylen: key cannot exceed 1 byte");
                    }
                    keylen = uint8_t(value);
                }
            {code}

            See https://github.com/couchbase/kv_engine/blob/master/docs/BinaryProtocol.md#response-header - it should be permitted to return keys up to 65,535 bytes long for "regular" response packets (0x81).
            		h2. Summary

            If a DCP client uses a long (exact length TBD) name when connecting, it can result in
            STATS calls (for example performed by ns_server to monitor rebalance) to fail:

            {code}
             462445 2019-05-11T08:18:28.525392+00:00 WARNING 143: exception occurred in runloop during packet execution. Cookie info: {"packet":{"magic":"ClientRequest","opcode":"STAT","keylen":3,"extlen":0,"datatype":"raw","vbucket":0,"bodylen":3,"opaque":"0x0","cas":0},"connection":"[ 127.0.0.1:48735 - 127.0.0.1:11209 (<ud>@ns_server</ud>) ]"} - closing connection: Response::setKeylen: key cannot exceed 1 byte
            {code}

            h2. Details

            Looks like problem is here - we cap the response keyLen to 1 byte for all response types, not just "Response with flex-framing extras" (0x18):

            {code:cpp}
                void setKeylen(uint16_t value) {
                    if (value > 0xff) {
                        throw std::invalid_argument(
                                "Response::setKeylen: key cannot exceed 1 byte");
                    }
                    keylen = uint8_t(value);
                }
            {code}
            This change was introduced via: http://review.couchbase.org/#/c/86393/

            See https://github.com/couchbase/kv_engine/blob/master/docs/BinaryProtocol.md#response-header - it should be permitted to return keys up to 65,535 bytes long for "regular" response packets (0x81).
            drigby Dave Rigby made changes -
            Affects Version/s 5.5.4 [ 16003 ]
            Affects Version/s 6.0.1 [ 15522 ]
            Affects Version/s 5.5.3 [ 15520 ]
            Affects Version/s 5.5.2 [ 15412 ]
            Affects Version/s 5.5.1 [ 15159 ]
            Affects Version/s 5.5.0 [ 14610 ]
            Affects Version/s 6.0.0 [ 15048 ]
            drigby Dave Rigby made changes -
            Is this a Regression? Unknown [ 10452 ] Yes [ 10450 ]
            drigby Dave Rigby made changes -
            Link This issue causes CBSE-6804 [ CBSE-6804 ]
            drigby Dave Rigby made changes -
            Fix Version/s 6.0.3 [ 16164 ]
            trond Trond Norbye made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            trond Trond Norbye made changes -
            Actual Start 2019-05-22 06:48 (issue has been started)
            owend Daniel Owen made changes -
            Rank Ranked lower
            drigby Dave Rigby made changes -
            Affects Version/s 6.0.2 [ 15919 ]
            drigby Dave Rigby made changes -
            Sprint KV-Engine MH Beta Refresh [ 872 ]
            drigby Dave Rigby made changes -
            Rank Ranked lower
            dhaikney David Haikney made changes -
            Link This issue relates to CBSE-7201 [ CBSE-7201 ]
            dfinlay Dave Finlay made changes -
            Assignee Trond Norbye [ trond ] Dave Finlay [ dfinlay ]
            dfinlay Dave Finlay made changes -
            Fix Version/s 6.0.3 [ 16164 ]
            dfinlay Dave Finlay made changes -
            Component/s ns_server [ 10019 ]
            dfinlay Dave Finlay made changes -
            Summary ns_server connections may be terminated if a client uses a long DCP_OPEN.name Memcached should disallow DCP connections with names greater than 200 characters (was: ns_server connections may be terminated if a client uses a long DCP_OPEN.name)
            dfinlay Dave Finlay made changes -
            Component/s ns_server [ 10019 ]
            dfinlay Dave Finlay made changes -
            Issue Type Bug [ 1 ] Improvement [ 4 ]
            dfinlay Dave Finlay made changes -
            Fix Version/s Cheshire-Cat [ 15915 ]
            Fix Version/s Mad-Hatter [ 15037 ]
            dfinlay Dave Finlay made changes -
            Assignee Dave Finlay [ dfinlay ] Trond Norbye [ trond ]
            dfinlay Dave Finlay made changes -
            Link This issue depends on MB-35881 [ MB-35881 ]
            dfinlay Dave Finlay made changes -
            Link This issue depends on MB-35882 [ MB-35882 ]
            drigby Dave Rigby made changes -
            Sprint KV-Engine MH 2nd Beta [ 872 ] KV-Engine MH 2nd Beta, KV-Engine MH 2nd Beta 2 [ 872, 910 ]
            drigby Dave Rigby made changes -
            Sprint KV-Engine MH 2nd Beta, KV-Engine Mad-Hatter GA [ 872, 910 ] KV-Engine MH 2nd Beta [ 872 ]
            owend Daniel Owen made changes -
            Link This issue causes CBSE-7505 [ CBSE-7505 ]
            trond Trond Norbye made changes -
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Resolved [ 5 ]
            trond Trond Norbye made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            michael.zilberstein Michael Zilbertstein (Inactive) made changes -
            Link This issue backports to CBSE-7584 [ CBSE-7584 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37241 [ MB-37241 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37242 [ MB-37242 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37243 [ MB-37243 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37244 [ MB-37244 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37245 [ MB-37245 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37246 [ MB-37246 ]
            owend Daniel Owen made changes -
            Link This issue depends on CBG-626 [ CBG-626 ]
            owend Daniel Owen made changes -
            Link This issue depends on JDCP-136 [ JDCP-136 ]
            owend Daniel Owen made changes -
            Link This issue depends on KAFKAC-160 [ KAFKAC-160 ]
            owend Daniel Owen made changes -
            Link This issue depends on CBES-145 [ CBES-145 ]
            david.nault David Nault made changes -
            Link This issue relates to JDCP-137 [ JDCP-137 ]
            owend Daniel Owen made changes -
            Link This issue depends on MB-37283 [ MB-37283 ]
            owend Daniel Owen made changes -
            Resolution Fixed [ 1 ]
            Status Closed [ 6 ] Reopened [ 4 ]
            owend Daniel Owen made changes -
            Resolution Fixed [ 1 ]
            Status Reopened [ 4 ] Closed [ 6 ]
            owend Daniel Owen made changes -
            Link This issue relates to CBSE-10104 [ CBSE-10104 ]
            Elliot.goodwin Elliot Goodwin made changes -
            Link This issue relates to CBSP-3701 [ CBSP-3701 ]
            lynn.straus Lynn Straus made changes -
            Fix Version/s 7.0.0 [ 17233 ]
            lynn.straus Lynn Straus made changes -
            Fix Version/s Cheshire-Cat [ 15915 ]
            drigby Dave Rigby made changes -
            Labels releasenote
            owend Daniel Owen made changes -
            Fix Version/s 7.0.0 [ 17233 ]
            owend Daniel Owen made changes -
            Fix Version/s 7.0.0 [ 17233 ]
            owend Daniel Owen made changes -
            Resolution Fixed [ 1 ]
            Status Closed [ 6 ] Reopened [ 4 ]
            owend Daniel Owen made changes -
            Fix Version/s 6.6.4 [ 17614 ]
            wayne Wayne Siu made changes -
            Link This issue blocks MB-47673 [ MB-47673 ]
            wayne Wayne Siu made changes -
            Labels releasenote approved-for-6.6.4 releasenote
            meni.hillel Meni Hillel made changes -
            Link This issue depends on MB-49271 [ MB-49271 ]
            trond Trond Norbye made changes -
            Resolution Fixed [ 1 ]
            Status Reopened [ 4 ] Resolved [ 5 ]
            trond Trond Norbye made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            wayne Wayne Siu made changes -
            Assignee Trond Norbye [ trond ] Ritam Sharma [ ritam.sharma ]
            tony.hillman Tony Hillman made changes -
            Link This issue relates to DOC-9381 [ DOC-9381 ]
            marks.polakovs Marks Polakovs made changes -
            Link This issue is triggering CBSE-11034 [ CBSE-11034 ]
            marks.polakovs Marks Polakovs made changes -
            Link This issue relates to CMOS-154 [ CMOS-154 ]
            callum.majumdar Callum Majumdar made changes -
            Link This issue causes CBSE-11043 [ CBSE-11043 ]

            People

              ritam.sharma Ritam Sharma
              drigby Dave Rigby
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty