Skip to content

Throwing exception while creating a service or a subscription on request can cause clients to wait forever #1581

Open
Open
Throwing exception while creating a service or a subscription on request can cause clients to wait forever#1581
Labels
backlog
@squizz617

Description

@squizz617
squizz617
opened on Mar 16, 2021

Bug report

Required Info:

  • Operating System: Ubuntu 18.04.5
  • Installation type: From source
  • Version or commit hash: Dashing (e8cf066d)
  • DDS implementation: Fast-RTPS
  • Client library (if applicable): Both rclcpp and rclpy

Steps to reproduce issue

  1. Run turtlesim_node
$ ros2 run turtlesim turtlesim_node
  1. Send request to topic /spawn with any invalid name (e.g., 256 bytes of "A"s)
$ ros2 service call /spawn turtlesim/srv/Spawn "{x: 1.0, y: 1.0, theta: 0.0, name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}"
  1. The requester (/_ros2cli_requester_turtlesim_Spawn in this case) waits forever as turtlesim_node is terminated throwing rclcpp::exceptions::InvalidTopicNameError.

Expected behavior

Rather than just terminating, Node::create_subscription() and Node::create_service() should handle such exception and return something (e.g., a NULL pointer) so that the caller can properly handle the error.

Actual behavior

In ros2/rclcpp/rclcpp/src/rclcpp/expand_topic_or_service_name.cpp, if the validation of the expanded service name fails, rclcpp::exceptions::InvalidServiceNameError is thrown, terminating the node that tried to create a service. As a result, the requester keeps waiting for the response to its spawn request.

Additional information

I've taken an example of turtlesim for its simplicity, and aware that turtlesim itself could try-catch an exception. However, I suggest rcl handles this issue as a middleware for the following reasons:
(1) as far as I know, this behavior is not documented anywhere,
(2) none of the code included in the ros2 repositories (https://raw.githubusercontent.com/ros2/ros2/dashing/ros2.repos) try-catch those exceptions when creating subscriptions or services,
(3) merely remapping any topic to an invalid name kills the node, leaving chances to be maliciously used by attackers, and
(4) there can be many other systems that are already being affected.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlog

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions