Good catch on the bug you patched.
I'd love to open a discussion of the UUID feature.
Let me state the problem area for background information:
1. owserver can be configured to send requests "upstream" -- to another
owserver
A. This is done at the command line or via a configuration file
B This cannot be done by a mear user
C There is no limit on the length of the chain of owserver redirections.
2. Any chain of owserver redirections will eventually reach an end unless
there is a loop in the sequence.
The solution: owserver adds a "unique token" (16 bytes of data) to the
end of messages passing upstream, and makes sure incoming messages don't
have it's unique token.
Potential problems:
1. owserver could be altered to not look for the token
A. Well, any rogue program or shell script that you allow to be run can
be malicious.
2. The tokens could be altered in transit.
A. Again, if you don't have control of your network traffic, anyone can
inject any amount of traffic
3. The token might be non-unique
A. The is a fail safe in terms of network traffic
B Part of the 1-wire network would be inaccessible.
Based on my analysis, the only real risk is non-unique tokens, and given
the typically small extent of owserver networks, only modest uniqueness
guarantees are needed.
I thought of using an existing library (like UUID) but it's a nuisance for
users to find and build another package. Especially since we are
cross-platform and multiarchitecture. I try to reserve using libraries for
complex and essential functions (like USB access).
Still, I'm open to the debate.
Paul
On Thu, May 1, 2014 at 5:46 PM, Stefano Miccoli <mo...@icloud.com> wrote:
> Thanks for including my suggestions in p4!
>
> I found a small bug in the new antiloop code
> (module/owserver/src/c/owserver.c) please see the attached patch.
>
> Stefano
>
>
>
>
> PS:
>
> in my opinion, instead of the MD5 hash of some process data, a UUID <
> http://en.wikipedia.org/wiki/Universally_unique_identifier> would be more
> appropriate for the antiloop feature.
>
> On 30 Apr 2014, at 02:35, Paul Alfille <paul.alfi...@gmail.com> wrote:
>
> Release Notes owfs 2.9p4
> 4/30/2014
>
> New features
> 1. Switch to git for source management
> Still hosted on sourceforge.net
> git clone git://git.code.sf.net/p/owfs/code owfs-code
> cvs history brought over.
> 2. Clean and test DS2409 (Microlan) hubs
> Addressing problem found by Ors Tiszay
> Works well with passive devices
> Problems with powered slaves, but probably not a software issue.
> 3. Improved and tested owserver protocol for server-to-server communication
> Use md5 hash for unique token
> Fixed byte counting issue in write messages
> Null-terminated string no longer required in path string
> (problem pointed out by Stefano Miccoli)
> 4. Added /system/configuration/version
> Reports owserver version
> Request from Stefano Miccoli
>
> Fixes
> 1. Double initialization of mutex fixed
> Show stopper in FreeBSD
> Found by Johan Strom
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
>
> http://p.sf.net/sfu/SauceLabs_______________________________________________
> Owfs-developers mailing list
> Owfs-developers@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Owfs-developers mailing list
> Owfs-developers@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owfs-developers
>
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Owfs-developers mailing list
Owfs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owfs-developers
