From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@dev.tarantool.org, sergepetrenko@tarantool.org
Subject: [Tarantool-patches] [PATCH 6/8] raft: fix ignorance of bad state receipt
Date: Sun, 13 Dec 2020 18:15:28 +0100 [thread overview]
Message-ID: <3ff242ba644867ee41dcb6efcf7210153b2d43a4.1607879643.git.v.shpilevoy@tarantool.org> (raw)
In-Reply-To: <cover.1607879643.git.v.shpilevoy@tarantool.org>
raft_process_msg() only validated that the state is specified. But
it didn't check if the state is inside of the allowed value range.
Such messages were considered valid, and even their other fields
were accepted. For instance, an invalid message could bump term.
It is safer to reject such messages.
Part of #5303
---
src/lib/raft/raft.c | 4 ++--
src/lib/raft/raft.h | 1 +
test/unit/raft.c | 10 +++++++++-
test/unit/raft.result | 4 +++-
4 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/lib/raft/raft.c b/src/lib/raft/raft.c
index df34d81dc..ab007a462 100644
--- a/src/lib/raft/raft.c
+++ b/src/lib/raft/raft.c
@@ -309,8 +309,8 @@ raft_process_msg(struct raft *raft, const struct raft_msg *req, uint32_t source)
say_info("RAFT: message %s from %u", raft_msg_to_string(req), source);
assert(source > 0);
assert(source != raft->self);
- if (req->term == 0 || req->state == 0) {
- diag_set(RaftError, "Raft term and state can't be zero");
+ if (req->term == 0 || req->state == 0 || req->state >= raft_state_MAX) {
+ diag_set(RaftError, "Invalid term or state");
return -1;
}
if (req->state == RAFT_STATE_CANDIDATE &&
diff --git a/src/lib/raft/raft.h b/src/lib/raft/raft.h
index 7a3db79c1..e447f6634 100644
--- a/src/lib/raft/raft.h
+++ b/src/lib/raft/raft.h
@@ -85,6 +85,7 @@ enum raft_state {
RAFT_STATE_CANDIDATE = 2,
/** Election was successful. The node accepts write requests. */
RAFT_STATE_LEADER = 3,
+ raft_state_MAX,
};
/**
diff --git a/test/unit/raft.c b/test/unit/raft.c
index 1ed8b7af7..b97d9d0aa 100644
--- a/test/unit/raft.c
+++ b/test/unit/raft.c
@@ -247,7 +247,7 @@ raft_test_recovery(void)
static void
raft_test_bad_msg(void)
{
- raft_start_test(7);
+ raft_start_test(9);
struct raft_msg msg;
struct raft_node node;
struct vclock vclock;
@@ -286,6 +286,14 @@ raft_test_bad_msg(void)
};
is(raft_node_process_msg(&node, &msg, 2), -1, "term can't be 0");
+ msg = (struct raft_msg){
+ .state = 10000,
+ .term = 10,
+ .vote = 2,
+ };
+ is(raft_node_process_msg(&node, &msg, 2), -1, "bad state");
+ is(node.raft.term, 1, "term from the bad message wasn't used");
+
raft_node_destroy(&node);
raft_finish_test();
}
diff --git a/test/unit/raft.result b/test/unit/raft.result
index 2398bd71c..3fa2682c8 100644
--- a/test/unit/raft.result
+++ b/test/unit/raft.result
@@ -45,7 +45,7 @@ ok 1 - subtests
ok 2 - subtests
*** raft_test_recovery: done ***
*** raft_test_bad_msg ***
- 1..7
+ 1..9
ok 1 - state can't be 0
ok 2 - term from the bad message wasn't used
ok 3 - node can't be a candidate but vote for another node
@@ -53,6 +53,8 @@ ok 2 - subtests
ok 5 - node can't be a candidate without vclock
ok 6 - term from the bad message wasn't used
ok 7 - term can't be 0
+ ok 8 - bad state
+ ok 9 - term from the bad message wasn't used
ok 3 - subtests
*** raft_test_bad_msg: done ***
*** raft_test_vote ***
--
2.24.3 (Apple Git-128)
next prev parent reply other threads:[~2020-12-13 17:15 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-13 17:15 [Tarantool-patches] [PATCH 0/8] Raft module, part 4 - unit tests Vladislav Shpilevoy
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 1/8] fakesys: fix ev_is_active not working on fake timers Vladislav Shpilevoy
2020-12-15 9:42 ` Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 2/8] fakesys: introduce fakeev_timer_remaining() Vladislav Shpilevoy
2020-12-15 9:43 ` Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 3/8] raft: introduce raft_ev Vladislav Shpilevoy
2020-12-15 10:02 ` Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 4/8] test: introduce raft unit tests Vladislav Shpilevoy
2020-12-13 18:10 ` Vladislav Shpilevoy
2020-12-16 13:03 ` Serge Petrenko
2020-12-17 22:44 ` Vladislav Shpilevoy
2020-12-18 8:17 ` Serge Petrenko
2020-12-20 17:28 ` Vladislav Shpilevoy
2020-12-21 7:36 ` Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 5/8] raft: fix crash when received 0 term message Vladislav Shpilevoy
2020-12-16 13:05 ` Serge Petrenko
2020-12-13 17:15 ` Vladislav Shpilevoy [this message]
2020-12-16 13:06 ` [Tarantool-patches] [PATCH 6/8] raft: fix ignorance of bad state receipt Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 7/8] raft: fix crash on election timeout decrease Vladislav Shpilevoy
2020-12-16 13:08 ` Serge Petrenko
2020-12-13 17:15 ` [Tarantool-patches] [PATCH 8/8] raft: fix crash on death " Vladislav Shpilevoy
2020-12-16 13:10 ` Serge Petrenko
2020-12-21 16:50 ` [Tarantool-patches] [PATCH 0/8] Raft module, part 4 - unit tests Vladislav Shpilevoy
2020-12-21 17:29 ` Vladislav Shpilevoy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ff242ba644867ee41dcb6efcf7210153b2d43a4.1607879643.git.v.shpilevoy@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=sergepetrenko@tarantool.org \
--cc=tarantool-patches@dev.tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH 6/8] raft: fix ignorance of bad state receipt' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox