ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gabriel Jimenez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-11426) Denial of Service Attack Vulnerability
Date Tue, 26 Feb 2019 19:59:00 GMT
Gabriel Jimenez created IGNITE-11426:
----------------------------------------

             Summary: Denial of Service Attack Vulnerability
                 Key: IGNITE-11426
                 URL: https://issues.apache.org/jira/browse/IGNITE-11426
             Project: Ignite
          Issue Type: Bug
    Affects Versions: 2.6
            Reporter: Gabriel Jimenez


{{*Problem Statement*: The DiscoverySPI and CommunicationSPI have components that listen on
open ports (Various GridNIOServer(Communication) and SocketReader(Discovery) instances). These
open ports result on a vulnerability to denial of service attacks. Even more concerning is
the fact that the rejection behavior for GridNIOServer relies on asserting instanceof for
the incoming message (subsequently throwing an exception on failed assertion). This is relatively
costly computationally, and can lead to OutOfMemory issues for the node JVM. Additionally,
the exception is not properly handled by the GridNIOServer instances, and can result in error
messages:}}

{{"}}
{{[ERROR] [grid-nio-worker-client-listener-0-#110] ClientListenerProcessor - Closing NIO session
because of unhandled exception. org.apache.ignite.IgniteCheckedException: Invalid handshake
message at org.apache.ignite.internal.processors.odbc.ClientListenerNioServerBuffer.read(ClientListenerNioServerBuffer.java:115)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.processors.odbc.ClientListenerBufferedParser.decode(ClientListenerBufferedParser.java:60)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.processors.odbc.ClientListenerBufferedParser.decode(ClientListenerBufferedParser.java:40)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioCodecFilter.onMessageReceived(GridNioCodecFilter.java:114)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioServer$HeadFilter.onMessageReceived(GridNioServer.java:3490)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioFilterChain.onMessageReceived(GridNioFilterChain.java:175)
~[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioServer$ByteBufferNioClientWorker.processRead(GridNioServer.java:1113)
[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2339)
[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2110)
[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1764)
[bdp-ignite-core-2.6.0.jar:2.6.0] at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
[bdp-ignite-core-2.6.0.jar:2.6.0] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_172]}}
{{"}}

{{Relevant Lines:}}
{{[https://github.com/apache/ignite/blob/ignite-2.6/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java#L483]}}

[https://github.com/apache/ignite/blob/ignite-2.6/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java#L541]

 

*Solution*: On our internal build we opted to replace the assert statements with conditionals
to simply close the session and log a warning if the incoming message isn't of the expected
type. This approach is present throughout other parts of the codebase, thus it seemed fitting.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message