Headline
CVE-2022-45196: FAB-2931: do not create a chain if it's already created by kopaygorodsky · Pull Request #2934 · hyperledger/fabric
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.
Signed-off-by: Vladyslav Kopaihorodskyi [email protected]
Type of change
- Bug fix
Description
Do not create a new chain of type etcdraft.Chain if such exists in the map of chains. This can happen when in Raft protocol a channel was created, but not marked as done in WAL logs. So at orderer startup, it tried to create another instance of a chain and panicked because that instance startup failed.
Related issues
#2931
Release Note
Fixed bug when an orderer crashed at channel creation and after restart couldn’t bootstrap because of desynchronization between WAL logs and ledger state.