Bug #12507 Simple perl script causes a denial of services condition for MySQLD
Submitted: 10 Aug 2005 19:59 Modified: 1 Sep 2005 15:50
Reporter: Jonathan Miller Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.0.26-BK, 5.0.12-BK OS:Linux (Linux)
Assigned to: CPU Architecture:Any

[10 Aug 2005 19:59] Jonathan Miller 
Description:
Running 6 - 7 instances of the perl script can cause logins to database to be denied for short periods of time.

No errors in the error log. No core or stack traces produced.

#!/user/bin/perl -w
#/* Copyright (C) 2000-2005 MySQL AB
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
# Version 1.1

####################### Includes ############################
use DBI;

####################### Globals ############################
my  $m_host='';
my  $m_port='';
my  $m_user='';
my  $m_pass='';
my  $dbhM='';

####################### Sub Pototypes ############################
sub CollectCommandPromptInfo;
sub ConnectToDatabases;
sub DisconnectFromDatabases;

######################## Program Main ###########################
CollectCommandPromptInfo;
while(1)
{
  ConnectToDatabases;
  DisconnectFromDatabases;
}
######################  Collect Command Prompt Info #############
sub CollectCommandPromptInfo
{
        ### Check that user has supplied correct number of command line args
        die "Usage:\n
             inout.pl <master MySQL host> <master MySQL port> <master user> <
master pass>\n
             All 4 arguments must be passed. Use BLANK for NULL passwords\n"
             unless @ARGV == 4;

        $m_host =$ARGV[0];
        $m_port = $ARGV[1];
        $m_user = $ARGV[2];
        $m_pass = $ARGV[3];

        if ($m_pass eq "BLANK") { $m_pass = '';}
}

######################  Collect Command Prompt Info #############
sub ConnectToDatabases
{
        $dbhM =
DBI->connect("dbi:mysql:database=test;host=$m_host;port=$m_port", "$m_user",
"$m_pass")
                        or die "Can't connect to Master Cluster MySQL process!
Error: $DBI::errstr\n";
}

sub DisconnectFromDatabases
{
       $dbhM->disconnect
        or warn " Disconnection failed: $DBI::errstr\n";
}

How to repeat:
Run 6 - 7 instances of the perl script above
[17 Aug 2005 23:15] Jim Winstead 
i was unable to repeat using the command-line client by launching several scripts like:

#!/bin/sh
while ./client/mysql -B -S mysql-test/var/master-data/mysql.sock -e "select 1"
do
 true 
done

without knowing what "logins to the database are denied" actually means in terms of what the script outputs, and eliminating DBI as the possible problem, there is nothing i can really do with this bug.
[18 Aug 2005 11:48] Jonathan Miller 
I am not sure why you don't use the perl script provided for you in the bug. 

What denial of services means it that all the scripts bail out with a "can not connect to database" shortly after being launched.
[18 Aug 2005 12:01] Jonathan Miller 
One other note here, since LAMP is one of our biggest points of sales and intros into companys, even if it is a DBI problem, we need to know that. It is not unlikely that a customer will create apps that logs in, does 1 or 2 things and logs out and repeats.

Please use scripts provided, if it is DBI, then at least we can document it. If it is MySQL we should fix it.
BR,
JBM
[18 Aug 2005 15:06] Jim Winstead 
this needs to go through a proper verification by the bugs team, where they can verify that the bug is repeatable, whether DBI is a factor, whether it matters whether unix socket or tcp/ip connections are being used, etc.

i suspect the perl test case is also about 10 times longer than it needs to be.
[26 Aug 2005 16:07] Valeriy Kravchuk 
I'd like to verify this bug. Just want to know what did SHOW VARIABLES gave you on the test machine?
[31 Aug 2005 21:54] Jonathan Miller 
I am not sure what show variables would have produced. I am back to testing 5.1 clone at the present time. My suggestion is to setup the latest 5.0 build and either use the scripts provided, or edit the mysql_client_test.c to do the same thing.
[1 Sep 2005 15:43] Valeriy Kravchuk 
Sligtly modified Perl script

Attachment: 12507.pl (application/octet-stream, text), 2.36 KiB.
[1 Sep 2005 15:44] Valeriy Kravchuk 
Launch program for it. Pass number of copies to run as a first parameter

Attachment: 12507.sh (application/octet-stream, text), 131 bytes.
[1 Sep 2005 15:45] Valeriy Kravchuk 
Results of test run (continues to infinitum)... 10 simultaneous copies...

Attachment: 12507.txt (text/plain), 2.29 KiB.
[1 Sep 2005 15:50] Valeriy Kravchuk 
I tried to repeat with slightly modified 12507.pl test script (change path to perl and added 2 print statements), 12507.sh to launch any number of copies of the script. The sample results shown in 12507.txt. No denial of service, as you defined it. No error messages from perl upon connections. Connect and disconnect attempts continues for any time I want.

Stopped the perl instances from the other terminal after some time using:

[openxs@Fedora 5.0]$ kill -9 `ps -ef | grep perl | awk '{print $2}'`
[openxs@Fedora 5.0]$ uname -a
Linux Fedora 2.4.22-1.2115.nptl #1 Wed Oct 29 15:42:51 EST 2003 i686 i686 i386 GNU/Linux

Tested with 5.0.12-BK and 4.0.26-BK (just to be sure), yesterdays builds.