summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1668273
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1668273')
-rw-r--r--results/scraper/launchpad-without-comments/166827364
1 files changed, 64 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1668273 b/results/scraper/launchpad-without-comments/1668273
new file mode 100644
index 000000000..4490a2d4a
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1668273
@@ -0,0 +1,64 @@
+DoS possible on - a QEMU process using userspace SLIRP?
+
+Steps to reproduce:
+
+- Launch a VM using QEMU:
+
+$ qemu-system-x86_64 -machine accel=kvm \
+                     -hda Fedora-Cloud-Base-25-1.3.x86_64.qcow2 \
+                     -m 2G \
+                     -smp 2 \
+                     -vnc :8 \
+                     -boot dc \
+                     -vga std \
+                     -cpu host \
+                     -net nic,vlan=0 \
+                     -net user,vlan=0,hostfwd=tcp::10024-:22,hostfwd=tcp::8082-:80
+
+- SSH into the VM, install httpd, start httpd
+
+$ ssh -p 10024 root@localhost 'dnf install -y httpd && systemctl start httpd'
+
+- Compile and run the following Java program:
+
+$ cat <<EOF > URLConnectionReader.java
+import java.net.*;
+import java.io.*;
+
+public class URLConnectionReader {
+    public static void main(String[] args) throws Exception {
+        int i = 0;
+        while (i < 1024) {
+            URL this_is_404 = new URL("http://localhost:8082/blah");
+            URLConnection yc = this_is_404.openConnection();
+            try {
+                BufferedReader in = new BufferedReader(new InputStreamReader(
+                            yc.getInputStream()));
+                String inputLine;
+                while ((inputLine = in.readLine()) != null)
+                    System.out.println(inputLine);
+                in.close();
+            } catch (Exception e) {
+                //HttpURLConnection urlConnection = (HttpURLConnection) yc;
+                //urlConnection.disconnect();
+            }
+            i++;
+        }
+        Thread.sleep(1000000000);
+    }
+}
+
+$ javac URLConnectionReader.java
+
+$ java URLConnectionReader &
+
+The java program tries to open a lot of HTTP connections, but never calls disconnect() on any.
+
+- Take a look at the list of open FDs of the qemu process:
+
+$ ls -tl /proc/${qemu-pid}/fd
+
+$ lsof -p ${qemu-pid}
+All of the TCP connections will be stuck at FIN_WAIT2
+
+The VM becomes unresponsive. Neither SSH or VNC works on this.
\ No newline at end of file