Gabriel Jimenez created IGNITE-11426:
----------------------------------------
Summary: Denial of Service Attack Vulnerability
Key: IGNITE-11426
URL: https://issues.apache.org/jira/browse/IGNITE-11426
Project: Ignite
Issue Type: Bug
Affects Versions: 2.6
Reporter: Gabriel Jimenez
{{*Problem Statement*: The DiscoverySPI and CommunicationSPI have components
that listen on open ports (Various GridNIOServer(Communication) and
SocketReader(Discovery) instances). These open ports result on a vulnerability
to denial of service attacks. Even more concerning is the fact that the
rejection behavior for GridNIOServer relies on asserting instanceof for the
incoming message (subsequently throwing an exception on failed assertion). This
is relatively costly computationally, and can lead to OutOfMemory issues for
the node JVM. Additionally, the exception is not properly handled by the
GridNIOServer instances, and can result in error messages:}}
{{"}}
{{[ERROR] [grid-nio-worker-client-listener-0-#110] ClientListenerProcessor -
Closing NIO session because of unhandled exception.
org.apache.ignite.IgniteCheckedException: Invalid handshake message at
org.apache.ignite.internal.processors.odbc.ClientListenerNioServerBuffer.read(ClientListenerNioServerBuffer.java:115)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.processors.odbc.ClientListenerBufferedParser.decode(ClientListenerBufferedParser.java:60)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.processors.odbc.ClientListenerBufferedParser.decode(ClientListenerBufferedParser.java:40)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioCodecFilter.onMessageReceived(GridNioCodecFilter.java:114)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioServer$HeadFilter.onMessageReceived(GridNioServer.java:3490)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioFilterChain.onMessageReceived(GridNioFilterChain.java:175)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioServer$ByteBufferNioClientWorker.processRead(GridNioServer.java:1113)
[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2339)
[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2110)
[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1764)
[bdp-ignite-core-2.6.0.jar:2.6.0] at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
[bdp-ignite-core-2.6.0.jar:2.6.0] at java.lang.Thread.run(Thread.java:748)
[?:1.8.0_172]}}
{{"}}
{{Relevant Lines:}}
{{[https://github.com/apache/ignite/blob/ignite-2.6/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java#L483]}}
[https://github.com/apache/ignite/blob/ignite-2.6/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java#L541]
*Solution*: On our internal build we opted to replace the assert statements
with conditionals to simply close the session and log a warning if the incoming
message isn't of the expected type. This approach is present throughout other
parts of the codebase, thus it seemed fitting.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
