Headline

CVE-2022-34038: fix(pkg/ioutil):avoid panic in PageWriter.Write() when pageBytes is 0 by secsys-go · Pull Request #14022 · etcd-io/etcd

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go

1 year ago

CVE

Open in Source

#dos #js #git #perl #auth

fix(pkg/ioutil):avoid panic in PageWriter.Write() when pageBytes is 0

fix(pkg/ioutil): Trigger a panic when pageBytes is illegal in NewPateWriter

update(Test pkg/ioutil):Update TestPageWriterPageBytes

migrate e2e & integration role_test to common

tests: Migrate Txn tests to common functional test framework

provide a generic assert function

server: Director can be stopped

Goroutine for new directors would live past director scope. Tests could occassionally fail if this goroutine had log events after test execution should have ended.

server: Add director interrupt handler

Director’s goroutine would not be properly stopped in a non-test scenario. Handler stops it when process is interrupted.

server: Move director interrupt handler to method

server: Don’t register director interrupt handler

remove v2 http proxy in 3.6

tests: Extract cluster test cases

tests: Refactor spawn json command

hide the revision field when it isn’t populated

tests: Make common framework context aware

Documentation: Publish v3.5 data inconsistency postmortem

scripts: Avoid additional repo clone

This PR removes additional clone when building artifacts.

When releasing v3.5.4 this clone was main cause of issues and confusion about what release script is doing.

release.sh script already clones repo in /tmp/ directory, so clonning before build is not needed. As precautions for bug in script leaving /tmp/ clone in bad state I moved “Verify the latest commit has the version tag” and added “Verify the clean working tree” to be always run before build.

scripts: Detect staged files before building release

fix a typo: print the correct error info

Governance: Use lazy consensus when needed to make decision

In lack of supermajority, we sometimes required to hold on to important decisions for long time. In order to speed up, after giving enough time for supermajority, use lazy consensus.

Encapsulation of applier logic: Move Txn related code out of applier.go.

The PR removes calls to applierV3base logic from server.go that is NOT part of 'application’. The original idea was that read-only transaction and Range call shared logic with Apply, so they can call appliers directly (but bypassing all 'corrupt’, ‘quota’ and ‘auth’ wrappers).

This PR moves all the logic to a separate file (that later can become package on its own).

Encapsulating applier logic: UberApplier coordinates all appliers for server

This PR:

moves wrapping of appliers (due to Alarms) out of server.go into uber_applier.go
clearly devides the application logic into: chain of: a) ‘WrapApply’ (generic logic across all the methods) b) dispatcher (translation of Apply into specific method like ‘Put’) c) chain of ‘wrappers’ of the specific methods (like Put).
when we do recovery (restore from snapshot) we create new instance of appliers.

The purpose is to make sure we control all the depencies of the apply process, i.e. we can supply e.g. special instance of ‘backend’ to the application logic.

Marge applierV3Internal into applierV3 interface

Rename EtcdServer.Id with EtcdServer.MemberId.

It was misleading and error prone vs. ClusterId.

Applier does not depend on EtcdServer any longer.

All the depencies are explicily passed to the UberApplier factory method.

Move server/etcdserver/txn.go to new package: server/etcdserver/txn

Move etcdserver/errors.go to sepatate package to avoid cyclic dependencies.

Move apply to its own package (no dependency on etcdserver).

Apply encapsulation: Cleanup metrics reporting.

Side effect: applySec(0.4s) used to be reported as 0s, now it’s correctly 0.4s.

Simplify imports and improve comments.

Move CheckTxnAuth to txn.