[pgpool-general: 891] Re: read_startup_packet: out of memory

Tatsuo Ishii ishii at postgresql.org
Wed Aug 15 14:52:43 JST 2012


>> Greetings,
>> I'm currently testing pgpool-3.2.0 in a staging environment.  While
>> doing so, my IT department decided to perform some sort of security
>> scan of the servers in my network, including the 3.2.0 server.  When
>> this happened, I saw the following in the pgpool log:
>> 
>> 2012-08-08 09:58:33 ERROR: pid 3595: read_startup_packet: invalid startup packet
>> 2012-08-08 09:58:42 ERROR: pid 2049: read_startup_packet: invalid startup packet
>> 2012-08-08 09:58:51 ERROR: pid 3435: read_startup_packet: invalid startup packet
>> 2012-08-08 09:59:00 ERROR: pid 2049: read_startup_packet: invalid startup packet
>> 2012-08-08 09:59:05 ERROR: pid 2049: read_startup_packet: invalid startup packet
>> 2012-08-08 09:59:09 ERROR: pid 2508: read_startup_packet: invalid startup packet
>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: incorrect
>> packet length (-2139750145)
>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: out of memory
>> 2012-08-08 09:59:26 ERROR: pid 2905: read_startup_packet: invalid startup packet
>> 
>> I don't know how to trigger this manually, but it seems like something
>> that is potentially bad.  I don't understand how a packet can have a
>> huge negative length, but I'm most concerned that pgpool seemed to
>> exhaust memory somehow.  Any ideas what is going on here?
> 
> These are all happen in from frontend to pgpool connecting phase. To
> initiate the connection, frontend must send a special packet called
> "startup packet" first.
> 
>> 2012-08-08 09:58:33 ERROR: pid 3595: read_startup_packet: invalid startup packet
> 
> This means the startup packet length is greater than 10000 bytes. I
> believe PostgreSQL has the same limitation. This is necessary to
> prevent from denial-of-service attacks.
> 
>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: incorrect packet length (-2139750145)
> 
> The startup packet has a field which is indicating the length of
> packet. If the length is minus, denfinitely the packet is borken.
> 
>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: out of memory
> 
> Pgpool failed to allocate memory (the size is not known from the log
> but definitely less than 10000 bytes). Maybe swap space is not enough?

I was wrong. pgool tried to allocate (-2139750145) bytes (actually
this is a huge positive number from malloc's point of view, since it's
argument is unsigned, rather than int) and failed. Of course in this
case pgpool should not try to allocate memory.
I have fixed this for master to all supported branches.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp


More information about the pgpool-general mailing list