Red Hat Bugzilla – Bug 597290
sasl_decode buffer overflow under load
Last modified: 2014-12-01 18:14:52 EST
+++ This bug was initially created as a clone of Bug #569698 +++
Description of problem:
saslwrapper's sasl_decode can fail in the following manner under load
Seems to be 100% so far.
Steps to Reproduce:
from qpid.messaging import *
c = Connection("localhost", 5672)
s = c.session()
rcvs = 
for i in range(20000):
rcvs.append(s.receiver("amq.topic/%s" % i))
qpid.messaging.exceptions.ConnectError: Traceback (most recent call last):
File "/home/rhs/qpid/python/qpid/messaging/driver.py", line 502, in write
data = self._sasl.decode(data)
File "/home/rhs/qpid/python/qpid/sasl.py", line 66, in decode
SASLError: Error in sasl_decode (-3) SASL(-3): overflowed buffer: input too large for default sasl_decode
script should print connecting, then connected, and exit
--- Additional comment from firstname.lastname@example.org on 2010-05-27 23:38:21 EDT ---
Created an attachment (id=417456)
Attached is a proposed fix for this bug. The man page for sasl_decode states that no more than max-buffer-size bytes should be give to sasl_decode at one time. This patch divides up long strings into strings of at-most max-buffer-size.
--- Additional comment from email@example.com on 2010-05-28 04:43:48 EDT ---
I verified that the patch fixes the issue as I observed it and committed it to trunk (r949126) and the release repo (fa3441b41b2d437a67ce9071fb70dd1939c1d7f2).
--- Additional comment from firstname.lastname@example.org on 2010-05-28 04:48:16 EDT ---
Created an attachment (id=417519)
To reprduce the problem very simply, create a queue named my-queue, fill it up with lots of messages (e.g. 100,000), the run the attached python script. This opens a subscription with unlimited credit causing a flood of messages to be sent which overwhelms the sasl_decode and the script fails with something like:
Traceback (most recent call last):
File "/home/gordon/Desktop/qpid_receive_old_unreliable", line 57, in <module>
message = queue.get(timeout=600)
File "/home/gordon/projects/git-qpid/qpid/qpid/python/qpid/queue.py", line 55, in get
qpid.exceptions.Closed: (None, 'connection aborted')
This is the case whenever the sasl_wrapper support is on the path (if using packages if python-saslwrapper is installed), regardless of whether any sasl layer is actually used.
Fixed in saslwrapper-0.1.934605-2.el6.
Created attachment 433226 [details]
Updated reproducer based on testcase  from original bug report.
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.