Impact
The scheduler service may sometimes output two different logging messages stating two different reasons why a task is being registered as a normal task.
The following code is used to register a peer and trigger a seed peer download task.
// RegisterPeerTask registers peer and triggers seed peer download task.
func (v *V1) RegisterPeerTask(ctx context.Context, req *schedulerv1.PeerTaskRequest)
(*schedulerv1.RegisterResult, error) {
[skipped]
// The task state is TaskStateSucceeded and SizeScope is not invalid.
switch sizeScope {
case commonv1.SizeScope_EMPTY:
[skipped]
case commonv1.SizeScope_TINY:
// Validate data of direct piece.
if !peer.Task.CanReuseDirectPiece() {
}
result, err := v.registerTinyTask(ctx, peer)
if err != nil {
}
return result, nil
case commonv1.SizeScope_SMALL:
result, err := v.registerSmallTask(ctx, peer)
if err != nil {
peer.Log.Warnf("register as normal task, because of %s",
err.Error())
break
}
return result, nil
}
result, err := v.registerNormalTask(ctx, peer)
if err != nil {
peer.Log.Error(err)
v.handleRegisterFailure(ctx, peer)
return nil, dferrors.New(commonv1.Code_SchedError, err.Error())
}
peer.Log.Info("register as normal task, because of invalid size scope")
return result, nil
}Each of the highlighted sets of lines above print “register as normal task, because [reason],” before exiting from the switch statement. Then, the task is registered as a normal task. Finally, another message is logged: “register as normal task, because of invalid size scope.” This means that two different messages may be printed (one as a warning message, one as an informational message) with two contradicting reasons for why the task was registered as a normal task.
This does not cause any security problems directly but may lead to difficulties while managing a DragonFly system or debugging DragonFly code.
Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.
Impact
The scheduler service may sometimes output two different logging messages stating two different reasons why a task is being registered as a normal task.
The following code is used to register a peer and trigger a seed peer download task.
Each of the highlighted sets of lines above print “register as normal task, because [reason],” before exiting from the switch statement. Then, the task is registered as a normal task. Finally, another message is logged: “register as normal task, because of invalid size scope.” This means that two different messages may be printed (one as a warning message, one as an informational message) with two contradicting reasons for why the task was registered as a normal task.
This does not cause any security problems directly but may lead to difficulties while managing a DragonFly system or debugging DragonFly code.
Patches
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.