P4
FULL PRODUCT VERSION :
java version "1.6.0_03"
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
HttpServer will run out of sockets and cannot accept normal HTTP requests when there is a continuous socket connection to it. It can be treated as a source of denial of service attack.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run TestHttpServer and then TcpClient (source code listed below)
Use any socket monitoring tool (e.g. netstat) to check the network connections.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No self-looping connections
ACTUAL -
A number of self-looping connections are created when a socket is connected from TcpClient
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Using TCPView on Windows, it shows a whole bunch of self-looping connections.
javaw.exe:8056 TCP 127.0.0.1:1941 127.0.0.1:1942 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1942 127.0.0.1:1941 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1940 127.0.0.1:1939 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1946 127.0.0.1:1945 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1945 127.0.0.1:1946 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1947 127.0.0.1:1948 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1948 127.0.0.1:1947 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1990 127.0.0.1:1989 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1989 127.0.0.1:1990 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1987 127.0.0.1:1988 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1988 127.0.0.1:1987 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1993 127.0.0.1:1992 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1992 127.0.0.1:1993 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1995 127.0.0.1:1994 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1994 127.0.0.1:1995 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1997 127.0.0.1:1998 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1998 127.0.0.1:1997 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1999 127.0.0.1:2000 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2000 127.0.0.1:1999 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2003 127.0.0.1:2002 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2002 127.0.0.1:2003 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2005 127.0.0.1:2004 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2004 127.0.0.1:2005 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2008 127.0.0.1:2007 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2007 127.0.0.1:2008 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2009 127.0.0.1:2010 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2010 127.0.0.1:2009 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2015 127.0.0.1:2014 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2014 127.0.0.1:2015 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2012 127.0.0.1:2013 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2013 127.0.0.1:2012 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2017 127.0.0.1:2018 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2018 127.0.0.1:2017 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2020 127.0.0.1:2019 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2019 127.0.0.1:2020 ESTABLISHED
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.IOException;
import java.net.InetSocketAddress;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
public class TestHttpServer {
public static void main(String[] args) {
try {
HttpServer server = HttpServer.create(new InetSocketAddress(80), 0);
server.createContext("/", new HttpHandler() {
public void handle(HttpExchange exchange) throws IOException {
System.out.println(exchange.getLocalAddress() + "\t" + exchange.getRemoteAddress());
exchange.sendResponseHeaders(200, -1);
exchange.close();
}
});
server.start();
} catch (IOException e) {
e.printStackTrace();
}
}
}
==========================================
import java.io.IOException;
import java.net.Socket;
import java.text.SimpleDateFormat;
import java.util.Date;
public class TcpClient {
public TcpClient(String host, int port) {
Socket s = null;
try {
SimpleDateFormat formatter = new SimpleDateFormat("HH:mm:ss");
s = new Socket(host, port);
System.out.println("[" + formatter.format(new Date()) + "] Remote address = " + s.getRemoteSocketAddress() + " Local address = "
+ s.getLocalSocketAddress());
} catch (IOException e) {
e.printStackTrace();
} finally {
if (s != null) {
try {
s.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
private static void printUsage() {
System.out.println("usage: java TcpClient [host] [port]");
System.exit(0);
}
public static void main(String[] args) {
switch (args.length) {
case 2:
while (true) {
try {
new TcpClient(args[0], Integer.parseInt(args[1]));
Thread.sleep(2000);
} catch (NumberFormatException e) {
printUsage();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
default:
printUsage();
break;
}
}
}
---------- END SOURCE ----------
java version "1.6.0_03"
Java(TM) SE Runtime Environment (build 1.6.0_03-b05)
Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
HttpServer will run out of sockets and cannot accept normal HTTP requests when there is a continuous socket connection to it. It can be treated as a source of denial of service attack.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run TestHttpServer and then TcpClient (source code listed below)
Use any socket monitoring tool (e.g. netstat) to check the network connections.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No self-looping connections
ACTUAL -
A number of self-looping connections are created when a socket is connected from TcpClient
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Using TCPView on Windows, it shows a whole bunch of self-looping connections.
javaw.exe:8056 TCP 127.0.0.1:1941 127.0.0.1:1942 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1942 127.0.0.1:1941 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1940 127.0.0.1:1939 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1946 127.0.0.1:1945 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1945 127.0.0.1:1946 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1947 127.0.0.1:1948 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1948 127.0.0.1:1947 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1990 127.0.0.1:1989 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1989 127.0.0.1:1990 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1987 127.0.0.1:1988 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1988 127.0.0.1:1987 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1993 127.0.0.1:1992 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1992 127.0.0.1:1993 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1995 127.0.0.1:1994 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1994 127.0.0.1:1995 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1997 127.0.0.1:1998 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1998 127.0.0.1:1997 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:1999 127.0.0.1:2000 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2000 127.0.0.1:1999 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2003 127.0.0.1:2002 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2002 127.0.0.1:2003 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2005 127.0.0.1:2004 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2004 127.0.0.1:2005 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2008 127.0.0.1:2007 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2007 127.0.0.1:2008 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2009 127.0.0.1:2010 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2010 127.0.0.1:2009 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2015 127.0.0.1:2014 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2014 127.0.0.1:2015 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2012 127.0.0.1:2013 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2013 127.0.0.1:2012 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2017 127.0.0.1:2018 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2018 127.0.0.1:2017 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2020 127.0.0.1:2019 ESTABLISHED
javaw.exe:8056 TCP 127.0.0.1:2019 127.0.0.1:2020 ESTABLISHED
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.IOException;
import java.net.InetSocketAddress;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
public class TestHttpServer {
public static void main(String[] args) {
try {
HttpServer server = HttpServer.create(new InetSocketAddress(80), 0);
server.createContext("/", new HttpHandler() {
public void handle(HttpExchange exchange) throws IOException {
System.out.println(exchange.getLocalAddress() + "\t" + exchange.getRemoteAddress());
exchange.sendResponseHeaders(200, -1);
exchange.close();
}
});
server.start();
} catch (IOException e) {
e.printStackTrace();
}
}
}
==========================================
import java.io.IOException;
import java.net.Socket;
import java.text.SimpleDateFormat;
import java.util.Date;
public class TcpClient {
public TcpClient(String host, int port) {
Socket s = null;
try {
SimpleDateFormat formatter = new SimpleDateFormat("HH:mm:ss");
s = new Socket(host, port);
System.out.println("[" + formatter.format(new Date()) + "] Remote address = " + s.getRemoteSocketAddress() + " Local address = "
+ s.getLocalSocketAddress());
} catch (IOException e) {
e.printStackTrace();
} finally {
if (s != null) {
try {
s.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
private static void printUsage() {
System.out.println("usage: java TcpClient [host] [port]");
System.exit(0);
}
public static void main(String[] args) {
switch (args.length) {
case 2:
while (true) {
try {
new TcpClient(args[0], Integer.parseInt(args[1]));
Thread.sleep(2000);
} catch (NumberFormatException e) {
printUsage();
} catch (InterruptedException e) {
e.printStackTrace();
}
}
default:
printUsage();
break;
}
}
}
---------- END SOURCE ----------
- duplicates
-
JDK-6725892 Http server stability issues
-
- Closed
-