Able to DOS server and keep it down
Activity
Paul Piao August 5, 2012 at 7:43 PM
PASSED Manual Testing using the following steps:
download the test.java from the ticket, change the 2000000, to something smaller, like 100.
Startup Liferay to use mysql.
Run the test.java script.
Check in the database if the ClassName_ table has the "aaaaa.." entries in it.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.0 CE GA1.
In ClassName_ table has the "aaaaa.." entries in it.
Fixed on:
Tomcat 6.0 + MySQL 5. Portal 6.0.x EE GIT ID: f1afbc3f478c6aa51d03395e8061b658b5416ced.
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 32d80b3096d5dddd356cf616f8ff0972bceb88ad.
Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GIT ID: b63a515afd2116f7d0e5f9ef2e71b34e5538f1cf.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: a1504ad0359b4095cb7dc02c0857500937487390.
Be no "aaaa..." entries in ClassName_ table.
Michael Saechang July 26, 2012 at 1:39 PM
Committed on:
Portal 6.1.x CE GIT ID: 8f428216ff0bcbb160f97384248f81a7b0ba83cb.
Portal 6.2.x GIT ID: 78dfe3d52fb7fa4ec4a953e01f0fe89033ba3f4b.
Details
Assignee
Paul PiaoPaul Piao(Deactivated)Reporter
Amos FongAmos FongBranch Version/s
6.1.x6.0.xBackported to Branch
CommittedFix Priority
4Git Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Paul PiaoReporter
Amos FongBranch Version/s
Backported to Branch
Fix Priority
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
You are able to DOS the server through the className service (although it can take a while). This attack can occur over any period of time because data is persisted in the database.
-Create a script to hit the className service. (.java script attached)
It might take over 1 million entries before the server is dos'ed. (This will take forever...)
Depending on the fix is done, this might be hard to test. So the way I've tested is to use a mysql script (attached) that inserts rows into the className table which is much faster.
After the server gets DOS'ed, it's permanently DOS'ed until you delete all the entries in the className table. During startup Liferay will iterate through every className, which will take forever for 1 million enties, and memory will fill up before server even finishes starting up.