From 0808a665bc75ab0845906bfeca0d12fb520ae6eb Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Thu, 20 Feb 2025 12:25:04 +0100 Subject: pkg/rpcserver: pkg/flatrpc: executor: add handshake stage 0 As we figured out in #5805, syz-manager treats random incoming RPC connections as trusted, and will crash if a non-executor client sends an invalid packet to it. To address this issue, we introduce another stage of handshake, which includes a cookie exchange: - upon connection from an executor, the manager sends a ConnectHello RPC message to it, which contains a random 64-bit cookie; - the executor calculates a hash of that cookie and includes it into its ConnectRequest together with the other information; - before checking the validity of ConnectRequest, the manager ensures client sanity (passed ID didn't change, hashed cookie has the expected value) We deliberately pick a random cookie instead of a magic number: if the fuzzer somehow learns to send packets to the manager, we don't want it to crash multiple managers on the same machine. --- pkg/flatrpc/helpers.go | 1 + 1 file changed, 1 insertion(+) (limited to 'pkg/flatrpc/helpers.go') diff --git a/pkg/flatrpc/helpers.go b/pkg/flatrpc/helpers.go index 9a5463b24..5aa5cfe74 100644 --- a/pkg/flatrpc/helpers.go +++ b/pkg/flatrpc/helpers.go @@ -18,6 +18,7 @@ const AllFeatures = ^Feature(0) // Flatbuffers compiler adds T suffix to object API types, which are actual structs representing types. // This leads to non-idiomatic Go code, e.g. we would have to use []FileInfoT in Go code. // So we use Raw suffix for all flatbuffers tables and rename object API types here to idiomatic names. +type ConnectHello = ConnectHelloRawT type ConnectRequest = ConnectRequestRawT type ConnectReply = ConnectReplyRawT type InfoRequest = InfoRequestRawT -- cgit mrf-deployment