You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Benjamin Mahler (JIRA)" <ji...@apache.org> on 2017/09/01 23:26:00 UTC
[jira] [Created] (MESOS-7932) LibeventSSLSocket downgrade code can
look at garbage data.
Benjamin Mahler created MESOS-7932:
--------------------------------------
Summary: LibeventSSLSocket downgrade code can look at garbage data.
Key: MESOS-7932
URL: https://issues.apache.org/jira/browse/MESOS-7932
Project: Mesos
Issue Type: Bug
Components: libprocess
Reporter: Benjamin Mahler
The libprocess downgrade code can look at garbage data when it's unable to peek a sufficient amount of data:
{code}
// Comments redacted.
ssize_t size = ::recv(fd, data, 6, MSG_PEEK);
bool ssl = false;
if (size < 2) {
ssl = false;
} else if ((data[0] & 0x80) && data[2] == SSL2_MT_CLIENT_HELLO) {
ssl = true;
} else if (data[0] == SSL3_RT_HANDSHAKE &&
data[1] == SSL3_VERSION_MAJOR &&
data[5] == SSL3_MT_CLIENT_HELLO) {
ssl = true;
}
{code}
See here: https://github.com/apache/mesos/blob/1.3.1/3rdparty/libprocess/src/libevent_ssl_socket.cpp#L948-L1012
Here if we read more than 2 bytes but fewer than 6, we will be looking at garbage data at {{data\[5\]}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)