Bug #31513 | mysql-proxy is crashed by running nmap against its port | ||
---|---|---|---|
Submitted: | 10 Oct 2007 18:27 | Modified: | 4 Jun 2009 13:21 |
Reporter: | Maxim Volkov | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Proxy: Core | Severity: | S3 (Non-critical) |
Version: | 0.6.0 | OS: | Linux (Suse 10.1) |
Assigned to: | CPU Architecture: | Any | |
Tags: | An interesting follow up |
[10 Oct 2007 18:27]
Maxim Volkov
[10 Oct 2007 19:50]
Giuseppe Maxia
Thanks for your bug report. Verified as described. Notice though that the Proxy aborted, did not crash. How to repeat. Start the proxy normally. Then run nmap -p 4040 proxy-host
[18 Oct 2007 22:14]
Maxim Volkov
After compiling the latest revision (261) and trying to scan the mysql-proxy port with nmap once more I had very peculiar turn condition: -- when mysql-proxy was scanned from any suse server (kernel 2.6.18) the scan proceeds normally -- when scan was done from centos (kernel 2.6.18) mysql-proxy was shut with the following debug message: network-mysqld.c.564: write() failed: Connection reset by peer network-mysqld.c.911: network_mysqld_write(CON_STATE_SEND_HANDSHAKE) returned an error
[18 Oct 2007 22:22]
Maxim Volkov
In addition the version of nmap in all scans was 4.11
[5 Nov 2007 8:39]
Colin Charles
Revision 294, on Ubuntu 7.10 (Gutsy Gibbon) gives me odd results, i.e. I get a crash network-mysqld.c.958: unhandled state: 16 Aborted (core dumped) Triggered by a simple nmap -p 4040 localhost
[18 Mar 2008 17:26]
Kay Roepke
I cannot reproduce neither the abort nor the crash with 0.7.0 on Mac OS X. Could you please try this again with a more recent release (0.6.1 or preferably the latest SVN trunk)? Thanks, Kay
[27 Mar 2008 15:19]
Jürgen Hötzel
I use current trunk head (revision 369) and can confirm this bug. This bug depends on timing issues. nmap sends RST after 3-Way-Handshake. If meanwhile the mysql-proxy has finished CON_STATE_SEND_HANDSHAKE mysql-proxy does not abort. Otherwise network_mysqld_write will fail because RST was already received. So the following plugin_call will abort with unhandled state CON_STATE_ERROR=16. I suggest error handling like in CON_STATE_SEND_QUERY_RESULT. Patch enclosed!
[27 Mar 2008 15:20]
Jürgen Hötzel
handle closed connection in CON_STATE_SEND_HANDSHAKE
Attachment: mysql-proxy-SEND_HANDSHAKE-error.patch (text/x-patch), 618 bytes.
[4 Jun 2009 13:21]
Kay Roepke
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at http://dev.mysql.com/downloads/mysql-proxy/index.html