You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benjamin Mahler (JIRA)" <ji...@apache.org> on 2017/09/01 23:26:00 UTC

[jira] [Created] (MESOS-7932) LibeventSSLSocket downgrade code can look at garbage data.

Benjamin Mahler created MESOS-7932:
--------------------------------------

             Summary: LibeventSSLSocket downgrade code can look at garbage data.
                 Key: MESOS-7932
                 URL: https://issues.apache.org/jira/browse/MESOS-7932
             Project: Mesos
          Issue Type: Bug
          Components: libprocess
            Reporter: Benjamin Mahler


The libprocess downgrade code can look at garbage data when it's unable to peek a sufficient amount of data:

{code}
  // Comments redacted.
  ssize_t size = ::recv(fd, data, 6, MSG_PEEK);

  bool ssl = false;

  if (size < 2) {
    ssl = false;
  } else if ((data[0] & 0x80) && data[2] == SSL2_MT_CLIENT_HELLO) {
    ssl = true;
  } else if (data[0] == SSL3_RT_HANDSHAKE &&
             data[1] == SSL3_VERSION_MAJOR &&
             data[5] == SSL3_MT_CLIENT_HELLO) {
    ssl = true;
  }
{code}

See here: https://github.com/apache/mesos/blob/1.3.1/3rdparty/libprocess/src/libevent_ssl_socket.cpp#L948-L1012

Here if we read more than 2 bytes but fewer than 6, we will be looking at garbage data at {{data\[5\]}}.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)