summaryrefslogtreecommitdiffstats
path: root/results/scraper/launchpad-without-comments/1668273
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/scraper/launchpad-without-comments/166827364
1 files changed, 64 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1668273 b/results/scraper/launchpad-without-comments/1668273
new file mode 100644
index 00000000..4490a2d4
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1668273
@@ -0,0 +1,64 @@
+DoS possible on - a QEMU process using userspace SLIRP?
+
+Steps to reproduce:
+
+- Launch a VM using QEMU:
+
+$ qemu-system-x86_64 -machine accel=kvm \
+ -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
+ -m 2G \
+ -smp 2 \
+ -vnc :8 \
+ -boot dc \
+ -vga std \
+ -cpu host \
+ -net nic,vlan=0 \
+ -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
+
+- SSH into the VM, install httpd, start httpd
+
+$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start httpd'
+
+- Compile and run the following Java program:
+
+$ cat <<EOF > URLConnectionReader.java
+import java.net.*;
+import java.io.*;
+
+public class URLConnectionReader {
+ public static void main(String[] args) throws Exception {
+ int i = 0;
+ while (i < 1024) {
+ URL this_is_404 = new URL("http://localhost:8082/blah");
+ URLConnection yc = this_is_404.openConnection();
+ try {
+ BufferedReader in = new BufferedReader(new InputStreamReader(
+ yc.getInputStream()));
+ String inputLine;
+ while ((inputLine = in.readLine()) != null)
+ System.out.println(inputLine);
+ in.close();
+ } catch (Exception e) {
+ //HttpURLConnection urlConnection = (HttpURLConnection) yc;
+ //urlConnection.disconnect();
+ }
+ i++;
+ }
+ Thread.sleep(1000000000);
+ }
+}
+
+$ javac URLConnectionReader.java
+
+$ java URLConnectionReader &
+
+The java program tries to open a lot of HTTP connections, but never calls disconnect() on any.
+
+- Take a look at the list of open FDs of the qemu process:
+
+$ ls -tl /proc/${qemu-pid}/fd
+
+$ lsof -p ${qemu-pid}
+All of the TCP connections will be stuck at FIN_WAIT2
+
+The VM becomes unresponsive. Neither SSH or VNC works on this. \ No newline at end of file