Basho Product Alert: Socket reuse issue with Riak Golang client 1.5.1

Seema Jethani seema at basho.com
Thu Mar 3 13:28:51 EST 2016


Overview

When using the Riak golang client 1.5.1, if the socket read timeout is
exceeded during execution of a Riak request, data may be contaminated
between subsequent requests that use the same socket. The product advisory
has been posted here:
http://docs.basho.com/riak/latest/community/product-advisories/

Description

When using the Riak golang client 1.5.1, if the socket read timeout is
exceeded during execution of a Riak request, instead of closing it, the
connection will be returned to the connection pool for use by a different
request. The server still sends a response on that socket and it will be
available the next time the socket is read. If the socket is provided by
the connection pool, the next request will read data from Riak intended for
the original request.

If the next request is of a different type than the first that timed out,
you will see an error similar to the following raised by the golang
client: expected
response code X, got: Y. If the next request is of the same type as the
first one that timed out, the original possibly unrelated response, will be
returned by the client library without logging any message.

Affected Users

This issue will affect you only if both of the following are true:

   - You are using the golang 1.5.1 client, AND
   - The client request timeout is being hit.

Impact

Results from client requests may be returned against the wrong call. For
example, results from a previous search request may be returned instead of
the correct ones.

If it occurs in a GET/PUT cycles this may result in the incorrect GET
response being used in a PUT request, leaving the object permanently
modified.

Mitigation Strategy

Downgrade to 1.5.0 or upgrade to the 1.6.0 Golang client which can be found
here: https://github.com/basho/riak-go-client/releases

If you cannot upgrade, set RequestTimeout in NodeOptions to be a very large
value (5 minutes, for instance) to reduce the likelihood of the socket
being reused.

-- 
Seema Jethani
Director of Product Management, Basho <http://basho.com>
4083455739 | @seemaj <http://twitter.com/seemaj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20160303/4250f063/attachment-0002.html>


More information about the riak-users mailing list