[tickets] [opensaf:tickets] Re: #1227 MDS: Receiving zero bytes result in abort

Sun, 07 Dec 2014 23:49:08 -0800 

Hi Bertil,

You are right this abort can be used by someone to cause continuous restarts of 
components, but this abort logic on empty message (length 0) cant be  replace 
with continue for connectionless socket (SOCK_RDM ) , this is required to 
handle  an undelivered data message  that was originally sent by this socket ,  
otherwise it will introduce lot of out of order messages issues.

We also need to prevent the hacking as well, so can you please share the 
security test application so that I can understand (NON-MDS application) and 
think of solution to prevent the hacking the solution can be in TIPC code , why 
because the hacker is simulating event whic is implicitly done by TIPC on a 
undelivered data message that was originally sent by this socket

-AVM


---

** [tickets:#1227] MDS: Receiving zero bytes result in abort**

**Status:** assigned
**Milestone:** 4.6.FC
**Created:** Tue Dec 02, 2014 02:34 PM UTC by Bertil Engelholm
**Last Updated:** Mon Dec 08, 2014 06:39 AM UTC
**Owner:** A V Mahesh (AVM)

If someone sends an empty message (lenght 0) to a MDS TIPC port it will result 
in a restart of that component due to an abort in the MDS TIPC part. This 
should of course not happen normally but this abort can be used by someone 
(hackers) wanting to cause restarts of components. So the abort (replace with 
continue?) should be removed and the log entry should be changed. 

/Bertil


---

Sent from sourceforge.net because [email protected] is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets

Reply via email to