[Twisted-Python] Broker leak in spread server on login failure = denial of service?

David K. Hess dhess at verscend.com
Fri Sep 9 17:31:28 EDT 2005

I believe I've discovered a broker leak when a checker denies a login  
and that it can be used to launch a denial of service attack on a  
spread server.

When a checker throws a Failure exception, since requestAvatar in the  
realm doesn't get called, the realm (or anything else) doesn't end up  
with a reference it can use to disconnect the network connection that  
was denied login.

If a malicious (or just buggy as was my case) client tries to login  
over and over again and doesn't shutdown each connection from the  
client side, the server will continue to leak brokers until (under  
Windows) the select() call begins to fail because there are greater  
than 512 (with a stock Python build) file descriptors open and being  
monitored by the reactor. At this point, your server is dead as the  
reactor goes into an infinite loop retrying failing select() calls  
when this happens.

What I think might be best is if another method in the realm (say  
"loginFailed(self, mind)") was called with the remote reference so  
the server could then call mind.broker.transport.loseConnection() on  
it. It would be nice too if this was after the Failure had been sent  
back across the connection and not before.

clientConnectionMade in PBServerFactory also looks promising but it  
doesn't seem possible to figure out which connection is  
authenticating from within the checker.

Can anybody offer some advice on how best to handle this?



More information about the Twisted-Python mailing list