Skip to content

fix: protocol parsers can panic on malformed input, crashing the agent #210

Description

@mayankpande88

Problem

15 L7 protocol parsers process raw network bytes from eBPF. The ClickHouse parser already has recover() for panics, suggesting other parsers are also vulnerable to panics on malformed packets.

A single panic in the event handler goroutine (registry.go handleEvents) takes down the entire agent — all containers on that node lose observability.

Fix

Two approaches (both should be done):

  1. Short-term: Wrap each protocol parser call in recover() in the L7 event handler
  2. Long-term: Add fuzz tests (testing.F) for every protocol parser. These parsers handle untrusted network data and must be crash-proof.

Protocols to fuzz: HTTP, HTTP2, Postgres, MySQL, Redis, Memcached, MongoDB, Kafka, Cassandra, RabbitMQ, NATS, DNS, ClickHouse, Zookeeper, FoundationDB, Dubbo2.

Impact

High — a single malformed packet can crash the entire node agent.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions