[Twisted-Python] Broker leak in spread server on login failure = denial of service?
David K. Hess
dhess at verscend.com
Fri Sep 9 17:31:28 EDT 2005
I believe I've discovered a broker leak when a checker denies a login
and that it can be used to launch a denial of service attack on a
When a checker throws a Failure exception, since requestAvatar in the
realm doesn't get called, the realm (or anything else) doesn't end up
with a reference it can use to disconnect the network connection that
was denied login.
If a malicious (or just buggy as was my case) client tries to login
over and over again and doesn't shutdown each connection from the
client side, the server will continue to leak brokers until (under
Windows) the select() call begins to fail because there are greater
than 512 (with a stock Python build) file descriptors open and being
monitored by the reactor. At this point, your server is dead as the
reactor goes into an infinite loop retrying failing select() calls
when this happens.
What I think might be best is if another method in the realm (say
"loginFailed(self, mind)") was called with the remote reference so
the server could then call mind.broker.transport.loseConnection() on
it. It would be nice too if this was after the Failure had been sent
back across the connection and not before.
clientConnectionMade in PBServerFactory also looks promising but it
doesn't seem possible to figure out which connection is
authenticating from within the checker.
Can anybody offer some advice on how best to handle this?
More information about the Twisted-Python