Bug #31513 mysql-proxy is crashed by running nmap against its port
Submitted: 10 Oct 2007 18:27 Modified: 4 Jun 2009 13:21
Reporter: Maxim Volkov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Proxy: Core Severity:S3 (Non-critical)
Version:0.6.0 OS:Linux (Suse 10.1)
Assigned to: CPU Architecture:Any
Tags: An interesting follow up

[10 Oct 2007 18:27] Maxim Volkov 
Description:
mysql-proxy is running against few db servers. 

if nmap is run against it to see if service is up.

Result: mysql-proxy crashes with error.

network-mysqld.c.564: write() failed: Connection reset by peer
network-mysqld.c.911: network_mysqld_write(CON_STATE_SEND_HANDSHAKE) returned an error

How to repeat:
run mysql-proxy on port 3306 against few db servers.

issue "nmap -p 3306 mysql-proxy-hostname" from some server.
[10 Oct 2007 19:50] Giuseppe Maxia 
Thanks for your bug report. Verified as described.
Notice though that the Proxy aborted, did not crash.

How to repeat.
Start the proxy normally.
Then run
nmap -p 4040 proxy-host
[18 Oct 2007 22:14] Maxim Volkov 
After compiling the latest revision (261) and trying to scan the mysql-proxy port with nmap once more I had very peculiar turn condition:

-- when mysql-proxy was scanned from any suse server (kernel 2.6.18) the scan proceeds normally
-- when scan was done from centos (kernel 2.6.18) mysql-proxy was shut with the following debug message:

network-mysqld.c.564: write() failed: Connection reset by peer
network-mysqld.c.911: network_mysqld_write(CON_STATE_SEND_HANDSHAKE) returned an error
[18 Oct 2007 22:22] Maxim Volkov 
In addition the version of nmap in all scans was 4.11
[5 Nov 2007 8:39] Colin Charles 
Revision 294, on Ubuntu 7.10 (Gutsy Gibbon) gives me odd results, i.e. I get a crash

network-mysqld.c.958: unhandled state: 16
Aborted (core dumped)

Triggered by a simple nmap -p 4040 localhost
[18 Mar 2008 17:26] Kay Roepke 
I cannot reproduce neither the abort nor the crash with 0.7.0 on Mac OS X.

Could you please try this again with a more recent release (0.6.1 or preferably the latest SVN trunk)?

Thanks,
Kay
[27 Mar 2008 15:19] Jürgen Hötzel 
I use current trunk head (revision 369) and can confirm this bug.

This bug depends on timing issues. nmap sends RST after 3-Way-Handshake. If meanwhile the mysql-proxy has finished  CON_STATE_SEND_HANDSHAKE mysql-proxy does not abort. 

Otherwise network_mysqld_write will fail because RST was already received. So the following plugin_call will abort with unhandled state CON_STATE_ERROR=16.

I suggest error handling like in CON_STATE_SEND_QUERY_RESULT. Patch enclosed!
[27 Mar 2008 15:20] Jürgen Hötzel 
handle closed connection in CON_STATE_SEND_HANDSHAKE

Attachment: mysql-proxy-SEND_HANDSHAKE-error.patch (text/x-patch), 618 bytes.
[4 Jun 2009 13:21] Kay Roepke 
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at

  http://dev.mysql.com/downloads/mysql-proxy/index.html