Benjamin Mahler created MESOS-7932: -------------------------------------- Summary: LibeventSSLSocket downgrade code can look at garbage data. Key: MESOS-7932 URL: https://issues.apache.org/jira/browse/MESOS-7932 Project: Mesos Issue Type: Bug Components: libprocess Reporter: Benjamin Mahler
The libprocess downgrade code can look at garbage data when it's unable to peek a sufficient amount of data: {code} // Comments redacted. ssize_t size = ::recv(fd, data, 6, MSG_PEEK); bool ssl = false; if (size < 2) { ssl = false; } else if ((data[0] & 0x80) && data[2] == SSL2_MT_CLIENT_HELLO) { ssl = true; } else if (data[0] == SSL3_RT_HANDSHAKE && data[1] == SSL3_VERSION_MAJOR && data[5] == SSL3_MT_CLIENT_HELLO) { ssl = true; } {code} See here: https://github.com/apache/mesos/blob/1.3.1/3rdparty/libprocess/src/libevent_ssl_socket.cpp#L948-L1012 Here if we read more than 2 bytes but fewer than 6, we will be looking at garbage data at {{data\[5\]}}. -- This message was sent by Atlassian JIRA (v6.4.14#64029)