otp.git/lib/diameter/include, branch OTP-17.3.3 Mirror of Erlang/OTP repository. Don't leave extra bit in decoded AVP data 2014-09-08T18:15:36+00:00 Anders Svensson anders@erlang.org 2014-09-08T18:15:36+00:00 f1c76cec3d025df75bf76c0c5f596a5b00e24e41 The bit is added in diameter_codec to induce a decode error in the case of 5014 errors, but was not removed before returning the decoded result. Code examining the binary data in a diameter_avp record would then see the extra bit. 
The bit is added in diameter_codec to induce a decode error in the case
of 5014 errors, but was not removed before returning the decoded result.
Code examining the binary data in a diameter_avp record would then see
the extra bit.
Fix best effort decode of Failed-AVP 2014-09-08T12:26:02+00:00 Anders Svensson anders@erlang.org 2014-08-20T20:44:28+00:00 0f9cdbaf4d7fde93d319be7789dd4119092d91c6 Commit c2c00fdd didn't get it quite right: it only decoded failed AVPs in the common dictionary since it's this dictionary an answer-message is decoded in. An extra dictionary isn't something that's easily passed through the decode without rewriting dictionary compilation however, and that's no small job, so continue with the use/abuse of the process dictionary by storing the dictionary module for the decode to retrieve. This is one step worse than previous uses since the dictionary is put in one module (diameter_codec) and got in another (the dictionary module), but it's the lesser of two evils. 
Commit c2c00fdd didn't get it quite right: it only decoded failed AVPs
in the common dictionary since it's this dictionary an answer-message is
decoded in. An extra dictionary isn't something that's easily passed
through the decode without rewriting dictionary compilation however, and
that's no small job, so continue with the use/abuse of the process
dictionary by storing the dictionary module for the decode to retrieve.
This is one step worse than previous uses since the dictionary is put in
one module (diameter_codec) and got in another (the dictionary module),
but it's the lesser of two evils.
Fix decode of Failed-AVP in RFC 3588 answer-message 2014-09-08T12:25:34+00:00 Anders Svensson anders@erlang.org 2014-08-14T19:07:07+00:00 deb951bf382edaf7e8fcec7f57a94d798d2a460f Commit 066544fa had the unintended consequence of breaking the decode of Failed-AVP in answer-message as defined in the RFC 3588, since the grammar doesn't list Failed-AVP as an explicit component AVP, in contrast to the RFC 6733 grammar, which does. Handle this case explicitly, as an exception, just as with Failed-AVP as parent AVP. 
Commit 066544fa had the unintended consequence of breaking the decode of
Failed-AVP in answer-message as defined in the RFC 3588, since the
grammar doesn't list Failed-AVP as an explicit component AVP, in
contrast to the RFC 6733 grammar, which does. Handle this case
explicitly, as an exception, just as with Failed-AVP as parent AVP.
Merge branch 'anders/diameter/hardening/OTP-11721' into maint 2014-05-28T06:35:54+00:00 Anders Svensson anders@erlang.org 2014-05-28T06:35:54+00:00 495b44babd659247f674ef88d50440e10891e138 * anders/diameter/hardening/OTP-11721: Change answer_errors default from report to discard 
* anders/diameter/hardening/OTP-11721:
  Change answer_errors default from report to discard
Change answer_errors default from report to discard 2014-05-27T07:52:21+00:00 Anders Svensson anders@erlang.org 2014-05-27T07:45:54+00:00 631522514dbd409dbb789103b54bd81c879aff34 In the same vein as commit 00584303, to avoid logging traffic-related happenings. Not that the value in diameter.hrl is just documentation: the value is set explicitly when diameter:start_service/2 creates diameter_app records. 
In the same vein as commit 00584303, to avoid logging traffic-related
happenings.

Not that the value in diameter.hrl is just documentation: the value is
set explicitly when diameter:start_service/2 creates diameter_app
records.
Do best-effort decode of Failed-AVP 2014-05-26T15:51:54+00:00 Anders Svensson anders@erlang.org 2014-05-22T22:24:41+00:00 c2c00fdd4de1b8883e47ec1b5b048659ef033302 Commit 4ce2d3a6 (diameter-1.4.2, OTP-11007) disabled the decode of values in Failed-AVP components since any error caused the decode of Failed-AVP itself to fail. This is less than useful since (1) we should be able to decode it given that we've sent it (modulo mangling on the way to the peer and back), and (2) it's not unheard of to examine Failed-AVP to see what the peer objected to. This commits adds a best-effort decode: decode if possible, otherwise not, using the same abuse of the process dictionary as commit bbdb027c. 
Commit 4ce2d3a6 (diameter-1.4.2, OTP-11007) disabled the decode of
values in Failed-AVP components since any error caused the decode of
Failed-AVP itself to fail. This is less than useful since (1) we should
be able to decode it given that we've sent it (modulo mangling on the
way to the peer and back), and (2) it's not unheard of to examine
Failed-AVP to see what the peer objected to.

This commits adds a best-effort decode: decode if possible, otherwise
not, using the same abuse of the process dictionary as commit bbdb027c.
Fix handling of AVP length errors (5014) in unknown AVPs 2014-05-26T15:14:59+00:00 Anders Svensson anders@erlang.org 2014-05-23T16:28:19+00:00 58a74f2b6b6bd604d60fa8dca347cdd4ad2e4a3b Commit 4ce2d3a6 added the insertion of a single bit into binary AVP data to induce an encode error in the case of a header length that pointed past the available bytes: a 5014 = DIAMETER_INVALID_AVP_LENGTH error. Commit 838856b fixed this for stringish Diameter types, but both commits neglected the case in which the offending AVP isn't known to the dictionary in question. Unless the AVP was regarded as erroneous for other reasons (eg. an M-bit resulting in 5001) it would be happily be packed into an 'AVP' field. If it was regarded as an error, the record could be passed back to diameter_codec:pack_avp/1, and if the record contained header data then there was no clause to deal with the unpleasantry. Deal with it by having the dictionary module strip the extra bit and flag the AVP as 5014, and by having diameter_codec handle any extra bit coming from an dictionary compiled against an old diameter_gen. An old dictionary won't detect 5014 however, so dictionaries should be recompiled. Change most of the guards in diameter_codec from is_bitstring/1 to is_binary/1. What's being passed to the decode functions are binaries received other the network. The only case in which a non-binary bitstring is when we've placed an extra bit there ourselves. (Modulo someone doing something they shouldn't.) 
Commit 4ce2d3a6 added the insertion of a single bit into binary AVP data
to induce an encode error in the case of a header length that pointed
past the available bytes: a 5014 = DIAMETER_INVALID_AVP_LENGTH error.
Commit 838856b fixed this for stringish Diameter types, but both commits
neglected the case in which the offending AVP isn't known to the
dictionary in question. Unless the AVP was regarded as erroneous for
other reasons (eg. an M-bit resulting in 5001) it would be happily be
packed into an 'AVP' field. If it was regarded as an error, the record
could be passed back to diameter_codec:pack_avp/1, and if the record
contained header data then there was no clause to deal with the
unpleasantry.

Deal with it by having the dictionary module strip the extra bit and
flag the AVP as 5014, and by having diameter_codec handle any extra bit
coming from an dictionary compiled against an old diameter_gen. An old
dictionary won't detect 5014 however, so dictionaries should be
recompiled.

Change most of the guards in diameter_codec from is_bitstring/1 to
is_binary/1. What's being passed to the decode functions are binaries
received other the network. The only case in which a non-binary
bitstring is when we've placed an extra bit there ourselves. (Modulo
someone doing something they shouldn't.)
Replace traffic-related log reports with no-op function calls 2014-05-26T11:52:04+00:00 Anders Svensson anders@erlang.org 2014-05-22T09:01:45+00:00 0058430352420a8c0dc053900f108e7086f52fad The former were a little over-enthusiastic and could cause a node to be logged to death if a peer Diameter node was sufficiently ill-willed. The function calls are to diameter_lib:log/4, the arguments of which identify the happening in question, and which does nothing but provide a function to trace on. Many existing log calls have been shrunk. The only remaining traffic-related report (hopefully) is that resulting from {answer_errors, report} config, and this has been slimmed. 
The former were a little over-enthusiastic and could cause a node to be
logged to death if a peer Diameter node was sufficiently ill-willed.
The function calls are to diameter_lib:log/4, the arguments of which
identify the happening in question, and which does nothing but provide a
function to trace on. Many existing log calls have been shrunk.

The only remaining traffic-related report (hopefully) is that resulting
from {answer_errors, report} config, and this has been slimmed.
Merge branch 'anders/diameter/17.0_release/OTP-11605' 2014-04-07T08:21:29+00:00 Anders Svensson anders@erlang.org 2014-04-07T08:21:29+00:00 87371fb20e08a50621900c77b2ec4aeecdad18a7 * anders/diameter/17.0_release/OTP-11605: Fix diameter.hrl comment typos 
* anders/diameter/17.0_release/OTP-11605:
  Fix diameter.hrl comment typos
Fix diameter.hrl comment typos 2014-04-07T08:19:38+00:00 Anders Svensson anders@erlang.org 2014-04-07T07:39:16+00:00 558317c4a559afb26caba7f57a854d49020ea6cb A Diameter Header Command Code is 24 bits, not 8, and an Application-ID is 32 bits, not 24. Thanks to Austin Aigbe for pointing it out. 
A Diameter Header Command Code is 24 bits, not 8, and an Application-ID
is 32 bits, not 24.

Thanks to Austin Aigbe for pointing it out.