[pgpool-general: 893] Re: read_startup_packet: out of memory

Lonni J Friedman netllama at gmail.com
Wed Aug 15 22:27:46 JST 2012 

On Tue, Aug 14, 2012 at 10:52 PM, Tatsuo Ishii <ishii at postgresql.org> wrote:
>>> Greetings,
>>> I'm currently testing pgpool-3.2.0 in a staging environment.  While
>>> doing so, my IT department decided to perform some sort of security
>>> scan of the servers in my network, including the 3.2.0 server.  When
>>> this happened, I saw the following in the pgpool log:
>>>
>>> 2012-08-08 09:58:33 ERROR: pid 3595: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:58:42 ERROR: pid 2049: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:58:51 ERROR: pid 3435: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:59:00 ERROR: pid 2049: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:59:05 ERROR: pid 2049: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:59:09 ERROR: pid 2508: read_startup_packet: invalid startup packet
>>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: incorrect
>>> packet length (-2139750145)
>>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: out of memory
>>> 2012-08-08 09:59:26 ERROR: pid 2905: read_startup_packet: invalid startup packet
>>>
>>> I don't know how to trigger this manually, but it seems like something
>>> that is potentially bad.  I don't understand how a packet can have a
>>> huge negative length, but I'm most concerned that pgpool seemed to
>>> exhaust memory somehow.  Any ideas what is going on here?
>>
>> These are all happen in from frontend to pgpool connecting phase. To
>> initiate the connection, frontend must send a special packet called
>> "startup packet" first.
>>
>>> 2012-08-08 09:58:33 ERROR: pid 3595: read_startup_packet: invalid startup packet
>>
>> This means the startup packet length is greater than 10000 bytes. I
>> believe PostgreSQL has the same limitation. This is necessary to
>> prevent from denial-of-service attacks.
>>
>>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: incorrect packet length (-2139750145)
>>
>> The startup packet has a field which is indicating the length of
>> packet. If the length is minus, denfinitely the packet is borken.
>>
>>> 2012-08-08 09:59:21 ERROR: pid 2549: read_startup_packet: out of memory
>>
>> Pgpool failed to allocate memory (the size is not known from the log
>> but definitely less than 10000 bytes). Maybe swap space is not enough?
>
> I was wrong. pgool tried to allocate (-2139750145) bytes (actually
> this is a huge positive number from malloc's point of view, since it's
> argument is unsigned, rather than int) and failed. Of course in this
> case pgpool should not try to allocate memory.
> I have fixed this for master to all supported branches.

Awesome, thanks!

More information about the pgpool-general mailing list