[jboss-jira] [JBoss JIRA] (JGRP-2131) UNICAST3 drops all messages until it receives the first one
Bela Ban (JIRA)
issues at jboss.org
Wed Nov 16 05:33:00 EST 2016
[ https://issues.jboss.org/browse/JGRP-2131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13323521#comment-13323521 ]
Bela Ban commented on JGRP-2131:
--------------------------------
Scenario: a rogue member can fake a keyserver and thus send a {{JOIN_RSP}} or {{INSTALL_MERGE_VIEW}} which tricks the joiner (or merger) into thinking the rogue member is the keyserver.
This is prevented by {{AUTH}} (that's why {{ASYM_ENCRYPT}} won't start if {{AUTH}} isn't present): it checks these messages and rejects them if authentication fails.
The unit tests that test this are in {{ASYM_ENCRYPT_Test}}: {{nonMemberInjectingJoinResponse()}} and {{mergeViewInjectionByNonMember()}}.
> UNICAST3 drops all messages until it receives the first one
> -----------------------------------------------------------
>
> Key: JGRP-2131
> URL: https://issues.jboss.org/browse/JGRP-2131
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.6.10
> Reporter: Dennis Reed
> Assignee: Bela Ban
> Fix For: 3.6.12, 4.0
>
>
> UNICAST3.getReceiverEntry returns null if it hasn't seen the first message yet.
> This causes UNICAST3.handleDataReceived to drop the message.
> When you add *ENCRYPT, this causes a major deadlock. *ENCRYPT will queue most messages until it gets the encryption key, which can often include the first message (so UNICAST3 won't see it yet). Then when an important message such as JOIN_RSP comes through, UNICAST3 drops it. Since UNICAST3 never lets any messages through in this case, the encryption key will never get set so that *ENCRYPT can pass the first message up and free the deadlock.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list