Tomcat7 Zulu8环境下OpenRASP引起崩溃
cnzzr opened this issue · 4 comments
Bug report
运行环境:Server 2012 R2 x64、Tomcat7.0.109、Zulu8 1.8.0_212-b04 OpenJDK 64-bit
baidu-rasp-java-v1.3.7,使用默认配置和官方提供的插件文件
故障现象:两台服务器的tomcat在启动大概20几天后分别出现了 1次、2次造成jdk崩溃的现象
监控进程没有发现异常。
进程崩溃的关键日志如下:
根据异常的信息发现与这个issue存在相似点:#230
异常信息都与异常有关;
NotifyUserStatusJob类所做的操作是应用通过httpclient发起get请求
`Stack: [0x0000000030240000,0x0000000030340000], sp=0x000000003033ea60, free space=1018k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [openrasp_v8_java.dll+0x67c7e]
C [openrasp_v8_java.dll+0x67d8d]
C [openrasp_v8_java.dll+0xd7af8c]
C 0x00000000030f3792
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
J 9595 com.baidu.openrasp.v8.V8.Check(Ljava/lang/String;[BILcom/baidu/openrasp/v8/Context;I)[B (0 bytes) @ 0x00000000030f370c [0x00000000030f3680+0x8c]
J 14231 C2 com.baidu.openrasp.plugin.js.JS.Check(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Ljava/util/List; (528 bytes) @ 0x00000000045311e0 [0x00000000045307c0+0xa20]
J 13893 C2 com.baidu.openrasp.plugin.checker.v8.V8AttackChecker.checkParam(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Ljava/util/List; (5 bytes) @ 0x0000000002b6dad4 [0x0000000002b6daa0+0x34]
J 13643 C2 com.baidu.openrasp.plugin.checker.AbstractChecker.check(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Z (80 bytes) @ 0x00000000038be3a0 [0x00000000038be360+0x40]
J 13790 C2 com.baidu.openrasp.HookHandler.doRealCheckWithoutRequest(Lcom/baidu/openrasp/plugin/checker/CheckParameter$Type;Ljava/util/Map;)V (295 bytes) @ 0x0000000004444e6c [0x0000000004444ae0+0x38c]
J 13846 C2 com.baidu.openrasp.HookHandler.doCheckWithoutRequest(Lcom/baidu/openrasp/plugin/checker/CheckParameter$Type;Ljava/util/Map;)V (230 bytes) @ 0x000000000446b0c4 [0x000000000446aa00+0x6c4]
J 20149 C2 sun.reflect.GeneratedMethodAccessor31.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (50 bytes) @ 0x0000000003b782c4 [0x0000000003b78180+0x144]
J 20058 C2 java.net.InetAddress.getAllByName(Ljava/lang/String;)[Ljava/net/InetAddress; (83 bytes) @ 0x0000000005689a54 [0x00000000056897c0+0x294]
J 22701 C2 java.net.Socket.(Ljava/lang/String;ILjava/net/InetAddress;I)V (44 bytes) @ 0x0000000003987108 [0x0000000003987060+0xa8]
J 23202 C2 org.apache.commons.httpclient.HttpConnection.open()V (403 bytes) @ 0x00000000060ad008 [0x00000000060acd60+0x2a8]
J 22700 C2 org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Lorg/apache/commons/httpclient/HttpMethod;)V (467 bytes) @ 0x0000000005ffb748 [0x0000000005ffb600+0x148]
J 22699 C2 org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Lorg/apache/commons/httpclient/HttpMethod;)V (552 bytes) @ 0x0000000003c10608 [0x0000000003c0f820+0xde8]
J 22568 C2 com.icss.resourceone.sso.util.NotifyUserStatusJob$Notifier.run()V (248 bytes) @ 0x0000000005f9c020 [0x0000000005f98600+0x3a20]
J 22115 C2 java.lang.Thread.run()V (17 bytes) @ 0x00000000020959e8 [0x00000000020959a0+0x48]
v ~StubRoutines::call_stub`
tomcat7已经不更新了,要不试试tomcat8.5
tomcat7已经不更新了,要不试试tomcat8.5
老旧系统,升级tomcat不易。OpenRASP官方文档是支持"Tomcat 5 ~ 10"
pdb文件不知是否可以提供下,可以分析下异常到底在哪里?
还有一种可能是因为后台线程调用NotifyUserStatusJob太频繁了,正在尝试降低请求的次数看是否能够消除此异常。
@CaledoniaProject 请问下 v1.3.7 openrasp_v8_java.pdb文件是否可以提供
调用配置通过减少后台Thread调用httpclient的频繁,异常的现象暂时未再发生。