Sorry I can't share this application (don't know where it is). I have only seen
the results from running it.
I have talked to our TIPC expert here and he said that you have to use
"recvmsg" to see the difference
between received 0 byte message and dropped package indication. In recvmsg
there is a control structure
available where you can see the indication that it's a dropped message.
/Bertil
From: A V Mahesh (AVM) [mailto:[email protected]]
Sent: den 8 december 2014 08:49
To: [opensaf:tickets]
Subject: [opensaf:tickets] Re: #1227 MDS: Receiving zero bytes result in abort
Hi Bertil,
You are right this abort can be used by someone to cause continuous restarts of
components, but this abort logic on empty message (length 0) cant be replace
with continue for connectionless socket (SOCK_RDM ) , this is required to
handle an undelivered data message that was originally sent by this socket ,
otherwise it will introduce lot of out of order messages issues.
We also need to prevent the hacking as well, so can you please share the
security test application so that I can understand (NON-MDS application) and
think of solution to prevent the hacking the solution can be in TIPC code , why
because the hacker is simulating event whic is implicitly done by TIPC on a
undelivered data message that was originally sent by this socket
-AVM
________________________________
[tickets:#1227]<http://sourceforge.net/p/opensaf/tickets/1227> MDS: Receiving
zero bytes result in abort
Status: assigned
Milestone: 4.6.FC
Created: Tue Dec 02, 2014 02:34 PM UTC by Bertil Engelholm
Last Updated: Mon Dec 08, 2014 06:39 AM UTC
Owner: A V Mahesh (AVM)
If someone sends an empty message (lenght 0) to a MDS TIPC port it will result
in a restart of that component due to an abort in the MDS TIPC part. This
should of course not happen normally but this abort can be used by someone
(hackers) wanting to cause restarts of components. So the abort (replace with
continue?) should be removed and the log entry should be changed.
/Bertil
________________________________
Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/opensaf/tickets/1227/<https://sourceforge.net/p/opensaf/tickets/1227>
To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/<https://sourceforge.net/auth/subscriptions>
---
** [tickets:#1227] MDS: Receiving zero bytes result in abort**
**Status:** assigned
**Milestone:** 4.6.FC
**Created:** Tue Dec 02, 2014 02:34 PM UTC by Bertil Engelholm
**Last Updated:** Mon Dec 08, 2014 06:39 AM UTC
**Owner:** A V Mahesh (AVM)
If someone sends an empty message (lenght 0) to a MDS TIPC port it will result
in a restart of that component due to an abort in the MDS TIPC part. This
should of course not happen normally but this abort can be used by someone
(hackers) wanting to cause restarts of components. So the abort (replace with
continue?) should be removed and the log entry should be changed.
/Bertil
---
Sent from sourceforge.net because [email protected] is
subscribed to http://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
http://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
