Skip to content

malformed packet received on agent peer-port crashes agent #259

New issue
New issue
Closed
#261
Closed
malformed packet received on agent peer-port crashes agent#259
#261
Labels
bugSomething isn't working
@sunqifs7

Description

@sunqifs7
sunqifs7
opened on May 19, 2020

Describe the bug
The bug happens when random packet received on the peer-port of the kraken-agent, instead of a p2p message from other peers.
When receiving a packet from the peer-port , this code will retrieve the content and validate the msg:
https://github.com/uber/kraken/blob/master/lib/torrent/scheduler/conn/message.go#L126-L144
However, if some malformed packet accidentally passes those 4 checks, and finally constructs an empty p2p.Message struct, the empty msg struct will then go to here:

kraken/lib/torrent/scheduler/conn/handshaker.go

Line 97 in d8d5afb

func handshakeFromP2PMessage(m *p2p.Message) (*handshake, error) {

m.Type checking is fine, since the default value for int32 is 0 - unexpectedly matches this check; but when retrieving m.Bitfield, there would be a nil pointer panic.

To Reproduce
Try to send an empty p2p msg mocking the peer msg

Expected behavior
kraken-agent will panic with nil pointer.

Environments
docker container running on bare metal.

Additional context
panic strack trace:

panic: runtime error: invalid memory address or nil pointer dereference
signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x8148f8

goroutine 200 [running]:
github.com/uber/kraken/lib/torrent/scheduler/conn.handshakeFromP2PMessage(0xc0004024b0, 0xc00000e1c0, 0x12a05f200, 0xc0004024b0)
	/go/src/github.com/uber/kraken/lib/torrent/scheduler/conn/handshaker.go:101 +0x48
github.com/uber/kraken/lib/torrent/scheduler/conn.(*Handshaker).readHandshake(0xc000404280, 0xccbda0, 0xc00000e1c0, 0xc000200c40, 0xc000200cb0, 0xc000200d20)
	/go/src/github.com/uber/kraken/lib/torrent/scheduler/conn/handshaker.go:302 +0xe9
github.com/uber/kraken/lib/torrent/scheduler/conn.(*Handshaker).Accept(0xc000404280, 0xccbda0, 0xc00000e1c0, 0xc000201180, 0xc0002011f0, 0xc000201260)
	/go/src/github.com/uber/kraken/lib/torrent/scheduler/conn/handshaker.go:228 +0x43
github.com/uber/kraken/lib/torrent/scheduler.(*scheduler).listenLoop.func1(0xc0000e2500, 0xccbda0, 0xc00000e1c0)
	/go/src/github.com/uber/kraken/lib/torrent/scheduler/scheduler.go:326 +0x4a
created by github.com/uber/kraken/lib/torrent/scheduler.(*scheduler).listenLoop
	/go/src/github.com/uber/kraken/lib/torrent/scheduler/scheduler.go:325 +0x174

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions