| Age | Commit message (Collapse) | Author |
|---|
|
Decode of an answer message not setting the E-bit, and containing
Experiment-Result but not Result-Code, identified Result-Code as the
erroneous when Erroneous-Result-Code was 3xxx. Here's an example (from
trace) of a the errors field after decode:
[{5004,
{diameter_avp,undefined,undefined,false,false,undefined,'Result-Code',
3001,undefined,undefined}}],
The diameter_avp was just constructed from the AVP name and decoded
result, without regard for which result code AVP contained the value.
Fix by extracting the AVP from the incoming message.
|
|
|
|
When several packets where receive in one packet ct_netconf
failed to deliver them to the user.
For example several subscritiption message could be in the buffer
but only the first was sent to the user.
Error handling could be improved, maybe the connection should
be closed when unparseable packet arrives or timeout occurs.
|
|
|
|
OTP-12688
|
|
OTP-12697
|
|
OTP-12704
|
|
OTP-12704
|
|
OTP-12704
|
|
Upgrade instructions have been added for each 17.X release without
adjusting the instructions for preceeding releases: the instructions
have only been sufficient to upgrading one release at a time: 17.0 to
17.1, 17.1 to 17.2, etc.
Conficting load order requirements make smooth upgrade from an
arbitrarily old release impossible. In this case, 17.3 looks to be as
far back as we can go, so require restart from 17.[0-2] or older.
Update the app suite to deal with binary regexps in appup, and to match
version numbers harder.
|
|
Required load order by ticket.
- OTP-12642, extra bit in diameter_avp.data
- OTP-12654, Result-Code/Experimental-Result confusion
- OTP-12701, counting error with unknown Application Id
none
|
|
To start checking that the counters are counting what's expected. The
parent commit fixes a case in which they weren't.
|
|
Statistics could be accumulated on a key like {{23,275,0}, recv} even
though 23 was not the application id of the dictionary in question.
Missed in commits df19c272 and 7816ab2f.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* hans/ssh/banner_grabbing/OTP-12659:
ssh: added id_string option for server and client
|
|
* hans/inets/banner_grabbing/OTP-12661:
inets: Add value 'none' in server_tokens config
|
|
When the Server header has empty info (or 'none' in config), it is not generated. This is for limiting Banner Grabbing attempts.
|
|
For limiting Banner Grabbing attempts.
|
|
|
|
|
|
* ia/ssh/packet_size0/OTP-12645:
ssh: Reset upgrade instructions to default
ssh: Change version (vsn.mk)
ssh: Option minimal_remote_max_packet_size and test cases
ssh: fix loop bug for zero maximum_packet_size.
ssh: Add ssh_info:print/1 to write onto a file descriptor
ssh: Add {active, false} to ssh listen socket
ssh: Change send_buf implementation from list to queue
ssh: Remove error report
|
|
|
|
|
|
|
|
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping.
The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.
|
|
|
|
The ssh acceptor process listens for connections and
spawns a process to handle each new connection that it accepts.
The ownership of the accepted socket will be transfered to the new process
that will handle the incomming messages. Before the ownership is
transfered the socket should be in {active, false} or the acceptor
process may receive data aimed for the connection. As the accept socket
inherits the listen options we set {active, false} there.
|
|
A queue is the behaviour that we want, so this makes the code
easier to understand and more effective.
|
|
The error report was assumed to only happen if our code was wrongly
implemented "internal error". However it would also occur when
bad input was recived from the peer, and could hence cause extensive
logging on DoS attacks.
|
|
In the case of a faulty AVP Length (pointing past the end of a message
or not spanning the header), an extra bit is prepended to data bytes in
diameter_avp:collect_avps/1 in order to force a 5014 decode error. The
bit is supposed to be removed as part of the decode in diameter_gen.hrl
but this didn't happen in case of an AVP that unknown to the dictionary
in question.
|
|
|
|
|
|
* dgud/observer/fix-atom-tostr/OTP-12634:
observer: Fix crash in process_window
|
|
Links can be to named processes, convert atom to list
|
|
* anders/diameter/hardening/OTP-12628:
Remove potentially large error reason in call to diameter_lib:log/4
Limit FQDN in DiameterURI to 255 octets
Limit DiameterURI ports to 0-65535 digits on decode
Add service_opt() incoming_maxlen
Add guard to reject {spawn_opt, false} as transport/service_opt()
|
|
* sverk/large-list_to_integer-bug/OTP-12624:
erts: Fix bug in list_to_integer for very large strings
|
|
The function is intended to be traced on, to see abnormalities (mostly)
without producing excessive output. In the case of decode failure, the
error reason can be things like {badmatch, HugeBinary}.
Missed in commit 0058430.
|
|
As for the port number in the parent commit, a FQDN can't be arbitrarily
long, at most 255 octets. Make decode fail if it's more.
|
|
A port number is a 16-bit integer, but the regexp used to parse it in
commit 1590920 slavishly followed the RFC 6733 grammar in matching an
arbitrary number of digits. Make decode fail if it's anything more than
5, to avoid doing erlang:list_to_integer/1 on arbitrarily large lists.
Also make it fail if the resulting integer is outside of the expected
range.
|
|
To bound the length of incoming messages that will be decoded. A message
longer than the specified number of bytes is discarded. An
incoming_maxlen_exceeded counter is incremented to make note of the
occurrence.
The motivation is to prevent a sufficiently malicious peer from
generating significant load by sending long messages with many AVPs for
diameter to decode. The 24-bit message length header accomodates
(16#FFFFFF - 20) div 12 = 1398099
Unsigned32 AVPs for example, which the current record-valued decode is
too slow with in practice. A bound of 16#FFFF bytes allows for 5461
small AVPs, which is probably more than enough for the majority of
applications, but the default is the full 16#FFFFFF.
|
|
|
|
* egil/maint/process_dictionary-initial-size/OTP-12535:
erts: Document option 'hpds'
erts: Enable command line argument for initial pd size
|
|
It was possible to configure the option, but doing so caused the service
to fail when starting a watchdog process:
{function_clause,
[{diameter_service,'-spawn_opts/1-lc$^0/1-0-',
[false],
[{file,"base/diameter_service.erl"},{line,846}]},
{diameter_service,start,5,
[{file,"base/diameter_service.erl"},{line,820}]},
{diameter_service,start,3,
[{file,"base/diameter_service.erl"},{line,782}]},
{diameter_service,handle_call,3,
[{file,"base/diameter_service.erl"},{line,385}]},
{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,607}]},
{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,639}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
Tests for the option in the config suite were also missing.
Bungled in commit 78b3dc6.
|
|
* peppe/common_test/failing_telnet_tests:
Add documentation and make get_data behaviour backwards compatible
Introduce polling feature in ct_telnet
Fix problem with invalid timeouts because of truncated floats
OTP-12627
|
|
|
