From: Serge Petrenko via Tarantool-patches <tarantool-patches@dev.tarantool.org>
To: v.shpilevoy@tarantool.org, gorcunov@gmail.com
Cc: tarantool-patches@dev.tarantool.org
Subject: [Tarantool-patches] [PATCH 2/2] box: fix uninitialized access to version_id in process_subscribe()
Date: Mon, 30 Aug 2021 13:33:48 +0300 [thread overview]
Message-ID: <8f2f052fe5c362de28a8e6b472c7608902be60a2.1630319507.git.sergepetrenko@tarantool.org> (raw)
In-Reply-To: <cover.1630319507.git.sergepetrenko@tarantool.org>
version_id might be left uninitialized if replica doesn't send it in a
SUBSCRIBE request.
This could lead to unpredictable behaviour: for example, master would
randomly choose between sending and not sending Raft state to the
replica.
We were safe until now, because replicas send their version in subscribe
request since at least version 1.7.5.
Try not to depend on replica sending us its version, better always be
safe.
Follow-up #6034
---
src/box/box.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/box/box.cc b/src/box/box.cc
index 2c8113cbb..f98437d05 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -2850,8 +2850,8 @@ box_process_subscribe(struct ev_io *io, struct xrow_header *header)
struct tt_uuid replica_uuid = uuid_nil;
struct tt_uuid peer_replicaset_uuid = uuid_nil;
struct vclock replica_clock;
- uint32_t replica_version_id;
vclock_create(&replica_clock);
+ uint32_t replica_version_id = 0;
bool anon;
uint32_t id_filter;
xrow_decode_subscribe_xc(header, &peer_replicaset_uuid, &replica_uuid,
--
2.30.1 (Apple Git-130)
next prev parent reply other threads:[~2021-08-30 10:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 10:33 [Tarantool-patches] [PATCH 0/2] replication: fix uninitialized replica_version_id access Serge Petrenko via Tarantool-patches
2021-08-30 10:33 ` [Tarantool-patches] [PATCH 1/2] box: remove unused variable in process_register() Serge Petrenko via Tarantool-patches
2021-08-30 10:33 ` Serge Petrenko via Tarantool-patches [this message]
2021-08-30 21:38 ` [Tarantool-patches] [PATCH 2/2] box: fix uninitialized access to version_id in process_subscribe() Vladislav Shpilevoy via Tarantool-patches
2021-08-31 9:17 ` Serge Petrenko via Tarantool-patches
2021-09-01 21:35 ` Vladislav Shpilevoy via Tarantool-patches
2021-08-30 14:55 ` [Tarantool-patches] [PATCH 0/2] replication: fix uninitialized replica_version_id access Cyrill Gorcunov via Tarantool-patches
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f2f052fe5c362de28a8e6b472c7608902be60a2.1630319507.git.sergepetrenko@tarantool.org \
--to=tarantool-patches@dev.tarantool.org \
--cc=gorcunov@gmail.com \
--cc=sergepetrenko@tarantool.org \
--cc=v.shpilevoy@tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH 2/2] box: fix uninitialized access to version_id in process_subscribe()' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox