Uploaded image for project: 'network-transport-tcp'
  1. network-transport-tcp
  2. NTTCP-7

handleConnectionRequest should not blindly believe theirAddress

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • OS:
      Linux

      Description

      From casually reading the code, I'm worried about believing the received EndPointAddress in handleConnectionRequest.

      In an environment where not all processes have the same credentials, this opens up the ability to spoof other processes.

      If node A connects to node B and presents itself as node C, then this is a spoofing attempt.

      (Not fixing this severely restricts the use-cases for CH).

      Rather, I think what should be done is by default to screen the incoming EndPointAddress against Network.Socket.getPeerName and reject anything that does not match.

      Bonus points for having a callback that can act as a "firewall" in case the transport is going through a NAT (in which case accepting the EndPointAddress is essential in getting bi-directional connectivity).

        Attachments

          Activity

            People

            • Assignee:
              hyperthunk Tim Watson [Administrator]
              Reporter:
              ak Alexander Kjeldaas
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: