openrasp icon indicating copy to clipboard operation
openrasp copied to clipboard

Published 20 hours ago verified publisher icon baidu

Tomcat7 Zulu8环境下OpenRASP引起崩溃

Open cnzzr opened this issue 2 years ago • 4 comments

Bug report

运行环境:Server 2012 R2 x64、Tomcat7.0.109、Zulu8 1.8.0_212-b04 OpenJDK 64-bit baidu-rasp-java-v1.3.7,使用默认配置和官方提供的插件文件

故障现象:两台服务器的tomcat在启动大概20几天后分别出现了 1次、2次造成jdk崩溃的现象 监控进程没有发现异常。

进程崩溃的关键日志如下: 根据异常的信息发现与这个issue存在相似点:https://github.com/baidu/openrasp/issues/230 异常信息都与异常有关; NotifyUserStatusJob类所做的操作是应用通过httpclient发起get请求

`Stack: [0x0000000030240000,0x0000000030340000], sp=0x000000003033ea60, free space=1018k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [openrasp_v8_java.dll+0x67c7e] C [openrasp_v8_java.dll+0x67d8d] C [openrasp_v8_java.dll+0xd7af8c] C 0x00000000030f3792

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) J 9595 com.baidu.openrasp.v8.V8.Check(Ljava/lang/String;[BILcom/baidu/openrasp/v8/Context;I)[B (0 bytes) @ 0x00000000030f370c [0x00000000030f3680+0x8c] J 14231 C2 com.baidu.openrasp.plugin.js.JS.Check(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Ljava/util/List; (528 bytes) @ 0x00000000045311e0 [0x00000000045307c0+0xa20] J 13893 C2 com.baidu.openrasp.plugin.checker.v8.V8AttackChecker.checkParam(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Ljava/util/List; (5 bytes) @ 0x0000000002b6dad4 [0x0000000002b6daa0+0x34] J 13643 C2 com.baidu.openrasp.plugin.checker.AbstractChecker.check(Lcom/baidu/openrasp/plugin/checker/CheckParameter;)Z (80 bytes) @ 0x00000000038be3a0 [0x00000000038be360+0x40] J 13790 C2 com.baidu.openrasp.HookHandler.doRealCheckWithoutRequest(Lcom/baidu/openrasp/plugin/checker/CheckParameter$Type;Ljava/util/Map;)V (295 bytes) @ 0x0000000004444e6c [0x0000000004444ae0+0x38c] J 13846 C2 com.baidu.openrasp.HookHandler.doCheckWithoutRequest(Lcom/baidu/openrasp/plugin/checker/CheckParameter$Type;Ljava/util/Map;)V (230 bytes) @ 0x000000000446b0c4 [0x000000000446aa00+0x6c4] J 20149 C2 sun.reflect.GeneratedMethodAccessor31.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (50 bytes) @ 0x0000000003b782c4 [0x0000000003b78180+0x144] J 20058 C2 java.net.InetAddress.getAllByName(Ljava/lang/String;)[Ljava/net/InetAddress; (83 bytes) @ 0x0000000005689a54 [0x00000000056897c0+0x294] J 22701 C2 java.net.Socket.(Ljava/lang/String;ILjava/net/InetAddress;I)V (44 bytes) @ 0x0000000003987108 [0x0000000003987060+0xa8] J 23202 C2 org.apache.commons.httpclient.HttpConnection.open()V (403 bytes) @ 0x00000000060ad008 [0x00000000060acd60+0x2a8] J 22700 C2 org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Lorg/apache/commons/httpclient/HttpMethod;)V (467 bytes) @ 0x0000000005ffb748 [0x0000000005ffb600+0x148] J 22699 C2 org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Lorg/apache/commons/httpclient/HttpMethod;)V (552 bytes) @ 0x0000000003c10608 [0x0000000003c0f820+0xde8] J 22568 C2 com.icss.resourceone.sso.util.NotifyUserStatusJob$Notifier.run()V (248 bytes) @ 0x0000000005f9c020 [0x0000000005f98600+0x3a20] J 22115 C2 java.lang.Thread.run()V (17 bytes) @ 0x00000000020959e8 [0x00000000020959a0+0x48] v ~StubRoutines::call_stub`

hs_err_pid3296.log

cnzzr avatar Apr 07 '22 09:04 cnzzr

tomcat7已经不更新了,要不试试tomcat8.5

k4n5ha0 avatar Apr 08 '22 00:04 k4n5ha0

tomcat7已经不更新了,要不试试tomcat8.5

老旧系统,升级tomcat不易。OpenRASP官方文档是支持"Tomcat 5 ~ 10"

pdb文件不知是否可以提供下,可以分析下异常到底在哪里? 还有一种可能是因为后台线程调用NotifyUserStatusJob太频繁了,正在尝试降低请求的次数看是否能够消除此异常。

cnzzr avatar Apr 08 '22 04:04 cnzzr

@CaledoniaProject 请问下 v1.3.7 openrasp_v8_java.pdb文件是否可以提供

cnzzr avatar Apr 11 '22 02:04 cnzzr

调用配置通过减少后台Thread调用httpclient的频繁,异常的现象暂时未再发生。

cnzzr avatar Apr 19 '22 03:04 cnzzr