mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 67357: Added constant time comparison of JWT signatures.
Date Wed, 06 Jun 2018 12:52:50 GMT 


> On June 6, 2018, 12:26 p.m., Mesos Reviewbot Windows wrote:
> > FAIL: Some of the unit tests failed. Please check the relevant logs.
> > 
> > Reviews applied: `['67357']`
> > 
> > Failed command: `Start-MesosCITesting`
> > 
> > All the build artifacts available at: http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/67357
> > 
> > Relevant logs:
> > 
> > - [mesos-tests-stdout.log](http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/67357/logs/mesos-tests-stdout.log):
> > 
> > ```
> > [ RUN      ] SlaveTest.ResourceVersions
> > [       OK ] SlaveTest.ResourceVersions (214 ms)
> > [ RUN      ] SlaveTest.ReconfigurationPolicy
> > [       OK ] SlaveTest.ReconfigurationPolicy (317 ms)
> > [ RUN      ] SlaveTest.ResourceProviderReconciliation
> > [       OK ] SlaveTest.ResourceProviderReconciliation (358 ms)
> > [ RUN      ] SlaveTest.RunTaskResourceVersions
> > [       OK ] SlaveTest.RunTaskResourceVersions (306 ms)
> > [----------] 83 tests from SlaveTest (70519 ms total)
> > 
> > [----------] 3 tests from SlaveStateTest
> > [ RUN      ] SlaveStateTest.CheckpointString
> > [       OK ] SlaveStateTest.CheckpointString (4 ms)
> > [ RUN      ] SlaveStateTest.CheckpointProtobufMessage
> > [       OK ] SlaveStateTest.CheckpointProtobufMessage (9 ms)
> > [ RUN      ] SlaveStateTest.CheckpointRepeatedProtobufMessages
> > [       OK ] SlaveStateTest.CheckpointRepeatedProtobufMessages (10 ms)
> > [----------] 3 tests from SlaveStateTest (25 ms total)
> > 
> > [----------] 30 tests from SlaveRecoveryTest/0, where TypeParam = class mesos::internal::slave::MesosContainerizer
> > [ RUN      ] SlaveRecoveryTest/0.RecoverSlaveState
> > [       OK ] SlaveRecoveryTest/0.RecoverSlaveState (1573 ms)
> > [ RUN      ] SlaveRecoveryTest/0.RecoverTaskStatusUpdateManager
> > [       OK ] SlaveRecoveryTest/0.RecoverTaskStatusUpdateManager (3328 ms)
> > [ RUN      ] SlaveRecoveryTest/0.ReconnectExecutor
> > [       OK ] SlaveRecoveryTest/0.ReconnectExecutor (3707 ms)
> > [ RUN      ] SlaveRecoveryTest/0.ReconnectExecutorRetry
> > [       OK ] SlaveRecoveryTest/0.ReconnectExecutorRetry (1205 ms)
> > [ RUN      ] SlaveRecoveryTest/0.PingTimeoutDuringRecovery
> > ```
> > 
> > - [mesos-tests-stderr.log](http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/67357/logs/mesos-tests-stderr.log):
> > 
> > ```
> >     @   00007FF71117D888  std::invoke<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,process::ProcessBase *>
> >     @   00007FF71119257B  lambda::internal::Partial<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> >::invoke_expand<<lambda_9f5bb6c728b761604e288ae85a7b250c>,std::tuple<process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> >,st
> >     @   00007FF7110C08BA  )<process::ProcessBase *
> >     @   00007FF7110F058C  std::_Invoker_functor::_Call<lambda::internal::Partial<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> >,process::ProcessBase *>
> >     @   00007FF711183EBC  std::invoke<lambda::internal::Partial<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> >,process::ProcessBase *>
> >     @   00007FF7110C9F21  )<lambda::internal::Partial<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> >,process::ProcessBase *
> >     @   00007FF711236416  process::ProcessBase *)>::CallableFn<lambda::internal::Partial<<lambda_9f5bb6c728b761604e288ae85a7b250c>,process::Future<Option<mesos::MasterInfo>
>,std::_Ph<1> > >::operator(
> >     @   00007FF712C1A25D  process::ProcessBase *)>::operator(
> >     @   00007FF712ACB2F9  process::ProcessBase::consume
> >     @   00007FF712C738CA  process::DispatchEvent::consume
> >     @   00007FF70ECE7B07  process::ProcessBase::serve
> >     @   00007FF712AD93B0  process::ProcessManager::resume
> >     @   00007FF712C07371   ?? 
> >     @   00007FF712B2B130  std::_Invoker_functor::_Call<<lambda_124422ac022fa041208b80c1460630d7>
>
> >     @   00007FF712B8B8E0  std::invoke<<lambda_124422ac022fa041208b80c1460630d7>
>
> >     @   00007FF712B4076C  std::_LaunchPad<std::unique_ptr<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
>,std::default_delete<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
> > > >::_Execute<0>
> >     @   00007FF712C5A60A  std::_LaunchPad<std::unique_ptr<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
>,std::default_delete<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
> > > >::_Run
> >     @   00007FF712C45E78  std::_LaunchPad<std::unique_ptr<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
>,std::default_delete<std::tuple<<lambda_124422ac022fa041208b80c1460630d7>
> > > >::_Go
> >     @   00007FF712C2C3CD  std::_Pad::_Call_func
> >     @   00007FFF9BE53428  _register_onexit_function
> >     @   00007FFF9BE53071  _register_onexit_function
> >     @   00007FFFB6391FE4  BaseThreadInitThunk
> >     @   00007FFFB69FF061  RtlUserThreadStart
> > ll containerizers
> > I0606 10:25:26.680230 18356 slave.cpp:7158] Recovering executors
> > I0606 10:25:26.680230 18356 slave.cpp:7182] Sending reconnect request to executor
'3f11d255-bb7b-4e99-967b-055fef95b595' of framework 62cf792a-dc69-4e3c-b54f-d83f98fb9451-0000
at executor(1)@192.10.1.5:55652
> > I0606 10:25:26.688225 22560 slave.cpp:4984] Received re-registration message from
executor '3f11d255-bb7b-4e99-967b-055fef95b595' of framework 62cf792a-dc69-4e3c-b54f-d83f98fb9451-0000
> > I0606 10:25:26.691216 22888 slave.cpp:5901] No pings from master received within
75secs
> > F0606 10:25:26.692219 22888 slave.cpp:1249] Check failed: state == DISCONNECTED
|| state == RUNNING || state == TERMINATING RECOVERING
> > ```
> 
> Alexander Rukletsov wrote:
>     WTF is this... Can you please check the JIRA and file an issue if it is a new one?

filed https://issues.apache.org/jira/browse/MESOS-8983


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67357/#review204374
-----------------------------------------------------------


On June 6, 2018, 10:54 a.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67357/
> -----------------------------------------------------------
> 
> (Updated June 6, 2018, 10:54 a.m.)
> 
> 
> Review request for Alexander Rukletsov.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> A vulnerability in our JWT implementation allows an unauthenticated
> remote attacker to execute to execute timing attacks [1].
> 
> This patch removes the vulnerability by adding a constant time
> comparison of hashes, where the whole message is visited during
> the comparison instead of returning at the first failure.
> 
> [1] https://codahale.com/a-lesson-in-timing-attacks/
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/jwt.cpp 4477ddd17dede2b924a47e33942b39244f10316f 
> 
> 
> Diff: https://reviews.apache.org/r/67357/diff/3/
> 
> 
> Testing
> -------
> 
> ```sh
> make check
> ```
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message