Impact
The scheduler service may sometimes output two different logging messages stating two different reasons why a task is being registered as a normal task.
The following code is used to register a peer and trigger a seed peer download task.
// RegisterPeerTask registers peer and triggers seed peer download task.
func (v *V1) RegisterPeerTask(ctx context.Context, req *schedulerv1.PeerTaskRequest)
(*schedulerv1.RegisterResult, error) {
[skipped]
// The task state is TaskStateSucceeded and SizeScope is not invalid.
switch sizeScope {
case commonv1.SizeScope_EMPTY:
[skipped]
case commonv1.SizeScope_TINY:
// Validate data of direct piece.
if !peer.Task.CanReuseDirectPiece() {
}
result, err := v.registerTinyTask(ctx, peer)
if err != nil {
}
return result, nil
case commonv1.SizeScope_SMALL:
result, err := v.registerSmallTask(ctx, peer)
if err != nil {
peer.Log.Warnf("register as normal task, because of %s",
err.Error())
break
}
return result, nil
}
result, err := v.registerNormalTask(ctx, peer)
if err != nil {
peer.Log.Error(err)
v.handleRegisterFailure(ctx, peer)
return nil, dferrors.New(commonv1.Code_SchedError, err.Error())
}
peer.Log.Info("register as normal task, because of invalid size scope")
return result, nil
}Each of the highlighted sets of lines above print “register as normal task, because [reason],” before exiting from the switch statement. Then, the task is registered as a normal task. Finally, another message is logged: “register as normal task, because of invalid size scope.” This means that two different messages may be printed (one as a warning message, one as an informational message) with two contradicting reasons for why the task was registered as a normal task.
This does not cause any security problems directly but may lead to difficulties while managing a DragonFly system or debugging DragonFly code.
Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].
Impact
The scheduler service may sometimes output two different logging messages stating two different reasons why a task is being registered as a normal task.
The following code is used to register a peer and trigger a seed peer download task.
Each of the highlighted sets of lines above print “register as normal task, because [reason],” before exiting from the switch statement. Then, the task is registered as a normal task. Finally, another message is logged: “register as normal task, because of invalid size scope.” This means that two different messages may be printed (one as a warning message, one as an informational message) with two contradicting reasons for why the task was registered as a normal task.
This does not cause any security problems directly but may lead to difficulties while managing a DragonFly system or debugging DragonFly code.
Patches
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at [email protected].