Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6621

SSL downgrade path will CHECK-fail when using both temporary and persistent sockets

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 0.28.2, 1.0.2, 1.1.0
    • 0.28.3, 1.0.3, 1.1.1, 1.2.0
    • libprocess
    • SSL with downgrade enabled

    Description

      The code path for downgrading sockets from SSL to non-SSL includes this code:

          // If this address is a temporary link.
          if (temps.count(addresses[to_fd]) > 0) {
            temps[addresses[to_fd]] = to_fd;
            // No need to erase as we're changing the value, not the key.
          }
      
          // If this address is a persistent link.
          if (persists.count(addresses[to_fd]) > 0) {
            persists[addresses[to_fd]] = to_fd;
            // No need to erase as we're changing the value, not the key.
          }
      

      https://github.com/apache/mesos/blob/1.1.x/3rdparty/libprocess/src/process.cpp#L2311-L2321

      It is possible for libprocess to hold both temporary and persistent sockets to the same address. This can happen when a message is first sent (ProcessBase::send), and then a link is established (ProcessBase::link). When the target of the message/link is a non-SSL socket, both temporary and persistent sockets go through the downgrade path.

      If a temporary socket is present while a persistent socket is being created, the above code will remap both temporary and persistent sockets to the same address (it should only remap the persistent socket). This leads to some CHECK failures if those sockets are used or closed later:

      Attachments

        1. test_linkee.cpp
          2 kB
          Joseph Wu
        2. test.patch
          3 kB
          Joseph Wu

        Activity

          People

            kaysoky Joseph Wu
            kaysoky Joseph Wu
            Benjamin Mahler Benjamin Mahler
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: