aboutsummaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)Author
2015-05-04Prepare for webtool integration with CTPeter Andersson
OTP-12704
2015-04-22Update release notesErlang/OTP
2015-04-22Merge branch 'hans/ssh/banner_grabbing/OTP-12659' into maint-17Erlang/OTP
* hans/ssh/banner_grabbing/OTP-12659: ssh: added id_string option for server and client
2015-04-21inets: Add value 'none' in server_tokens configHans Nilsson
When the Server header has empty info (or 'none' in config), it is not generated. This is for limiting Banner Grabbing attempts.
2015-04-21ssh: added id_string option for server and clientHans Nilsson
For limiting Banner Grabbing attempts.
2015-04-10Update release notesErlang/OTP
2015-04-07ssh: Reset upgrade instructions to defaultIngela Anderton Andin
2015-04-07ssh: Change version (vsn.mk)Hans Nilsson
2015-04-07ssh: Option minimal_remote_max_packet_size and test casesHans Nilsson
2015-04-07ssh: fix loop bug for zero maximum_packet_size.Hans Nilsson
A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping. The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump.
2015-04-07ssh: Add ssh_info:print/1 to write onto a file descriptorHans Nilsson
2015-04-07ssh: Add {active, false} to ssh listen socketIngela Anderton Andin
The ssh acceptor process listens for connections and spawns a process to handle each new connection that it accepts. The ownership of the accepted socket will be transfered to the new process that will handle the incomming messages. Before the ownership is transfered the socket should be in {active, false} or the acceptor process may receive data aimed for the connection. As the accept socket inherits the listen options we set {active, false} there.
2015-04-07ssh: Change send_buf implementation from list to queueIngela Anderton Andin
A queue is the behaviour that we want, so this makes the code easier to understand and more effective.
2015-04-07ssh: Remove error reportIngela Anderton Andin
The error report was assumed to only happen if our code was wrongly implemented "internal error". However it would also occur when bad input was recived from the peer, and could hence cause extensive logging on DoS attacks.
2015-03-31Prepare releaseErlang/OTP
2015-03-30Merge branch 'dgud/observer/fix-atom-tostr/OTP-12634' into maintDan Gudmundsson
* dgud/observer/fix-atom-tostr/OTP-12634: observer: Fix crash in process_window
2015-03-27observer: Fix crash in process_windowDan Gudmundsson
Links can be to named processes, convert atom to list
2015-03-27Merge branch 'anders/diameter/hardening/OTP-12628' into maintAnders Svensson
* anders/diameter/hardening/OTP-12628: Remove potentially large error reason in call to diameter_lib:log/4 Limit FQDN in DiameterURI to 255 octets Limit DiameterURI ports to 0-65535 digits on decode Add service_opt() incoming_maxlen Add guard to reject {spawn_opt, false} as transport/service_opt()
2015-03-27Remove potentially large error reason in call to diameter_lib:log/4Anders Svensson
The function is intended to be traced on, to see abnormalities (mostly) without producing excessive output. In the case of decode failure, the error reason can be things like {badmatch, HugeBinary}. Missed in commit 0058430.
2015-03-27Limit FQDN in DiameterURI to 255 octetsAnders Svensson
As for the port number in the parent commit, a FQDN can't be arbitrarily long, at most 255 octets. Make decode fail if it's more.
2015-03-27Limit DiameterURI ports to 0-65535 digits on decodeAnders Svensson
A port number is a 16-bit integer, but the regexp used to parse it in commit 1590920 slavishly followed the RFC 6733 grammar in matching an arbitrary number of digits. Make decode fail if it's anything more than 5, to avoid doing erlang:list_to_integer/1 on arbitrarily large lists. Also make it fail if the resulting integer is outside of the expected range.
2015-03-27Add service_opt() incoming_maxlenAnders Svensson
To bound the length of incoming messages that will be decoded. A message longer than the specified number of bytes is discarded. An incoming_maxlen_exceeded counter is incremented to make note of the occurrence. The motivation is to prevent a sufficiently malicious peer from generating significant load by sending long messages with many AVPs for diameter to decode. The 24-bit message length header accomodates (16#FFFFFF - 20) div 12 = 1398099 Unsigned32 AVPs for example, which the current record-valued decode is too slow with in practice. A bound of 16#FFFF bytes allows for 5461 small AVPs, which is probably more than enough for the majority of applications, but the default is the full 16#FFFFFF.
2015-03-26stdlib: Support upgrading from and to stdlib-2.3Björn Gustavsson
2015-03-26Add guard to reject {spawn_opt, false} as transport/service_opt()Anders Svensson
It was possible to configure the option, but doing so caused the service to fail when starting a watchdog process: {function_clause, [{diameter_service,'-spawn_opts/1-lc$^0/1-0-', [false], [{file,"base/diameter_service.erl"},{line,846}]}, {diameter_service,start,5, [{file,"base/diameter_service.erl"},{line,820}]}, {diameter_service,start,3, [{file,"base/diameter_service.erl"},{line,782}]}, {diameter_service,handle_call,3, [{file,"base/diameter_service.erl"},{line,385}]}, {gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,607}]}, {gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,639}]}, {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]} Tests for the option in the config suite were also missing. Bungled in commit 78b3dc6.
2015-03-26Merge branch 'peppe/common_test/failing_telnet_tests' into maintPeter Andersson
* peppe/common_test/failing_telnet_tests: Add documentation and make get_data behaviour backwards compatible Introduce polling feature in ct_telnet Fix problem with invalid timeouts because of truncated floats OTP-12627
2015-03-26Add documentation and make get_data behaviour backwards compatiblePeter Andersson
2015-03-24Introduce polling feature in ct_telnetPeter Andersson
2015-03-24vsn -> 1.9Anders Svensson
2015-03-24Update appup for 17.5Anders Svensson
Required load order by ticket. - OTP-11492, answer messages discarded - OTP-12415, retransmission failure - OTP-12475, grouped AVP decode - OTP-12543, no requests after DPR none - OTP-12412, shutdown issues diameter_lib diameter_service - OTP-12428, transport_opt() pool_size diameter_lib diameter_service diameter, diameter_config diameter_{tcp,sctp} diameter, diameter_config - OTP-12439, new time api in Erlang/OTP 18 diameter_lib diameter_{config,peer,reg,service,session,stats,sync,watchdog,sctp} - OTP-11952, service_opt() decode_string - OTP-12589, DiameterURI encode/decode diameter_{capx,codec,peer} diameter_types diameter_traffic diameter_{service,peer_fsm} diameter_watchdog diameter, diameter_config - OTP-12542, DPR with diameter:call/4 diameter_{peer_fsm,watchdog} diameter, diameter_config - OTP-12609, transport_opt() dpr_timeout diameter_peer_fsm diameter, diameter_config
2015-03-24Minor doc fixAnders Svensson
2015-03-24Merge branch 'anders/diameter/dpr/OTP-12609' into maintAnders Svensson
* anders/diameter/dpr/OTP-12609: Discard incoming/outgoing requests after incoming DPR Add transport_opt() dpr_timeout Be lenient with errors in incoming DPR
2015-03-24Adapt to changed DiameterURI defaults in RFC 6733Anders Svensson
Despite claims of full backwards compatibility, the text of RFC 6733 changes the interpretation of unspecified values in a DiameterURI. In particular, 3588 says that the default port and transport are 3868 and sctp respectively, while 6733 says it's either 3868/tcp (aaa) or 5658/tcp (aaas). The 3588 defaults were used regardless, but now use them only if the common dictionary is diameter_gen_base_rfc3588. The 6733 defaults are used otherwise. This kind of change in the standard can lead to interop problems, since a node has to know which RFC its peer is following to know that it will properly interpret missing URI components. Encode of a URI includes all components to avoid such confusion. That said, note that the defaults in the diameter_uri record have *not* been changed. This avoids breaking code that depends on them, but the risk is that such code sends inappropriate values. The record defaults may be changed in a future release, to force values to be explicitly specified.
2015-03-24Reject transport=udp;protocol=diameter at DiameterURI encodeAnders Svensson
Both RFC 3588 and 6733 disallow the combination. Make its encode fail.
2015-03-24Merge branch 'anders/diameter/string_decode/OTP-11952' into maintAnders Svensson
* anders/diameter/string_decode/OTP-11952: Let examples override default service options Set {restrict_connections, false} in example server Set {string_decode, false} in examples Test {string_decode, false} in traffic suite Add service_opt() string_decode Strip potentially large terms when sending outgoing Diameter messages Improve language consistency in diameter(1)
2015-03-24Merge branch 'anders/diameter/route_record/OTP-12551' into maintAnders Svensson
* anders/diameter/route_record/OTP-12551: Fix ordering of AVPs in relayed messages
2015-03-24Let examples override default service optionsAnders Svensson
To make them a bit more flexible. Can now do things like this: server:start([{'Product-Name', "Bob"}]), server:listen({tcp, [{capx_timeout, 2000}]}) Beware that the latter is completely different from this: server:listen(tcp, [{capx_timeout, 2000}])
2015-03-24Set {restrict_connections, false} in example serverAnders Svensson
Since there's no reason to reject a client that wants to establish multiple connections, given that diameter can handle it.
2015-03-24Set {string_decode, false} in examplesAnders Svensson
So as to do what's now recommended in diameter(1), in the grandparent commit.
2015-03-24Test {string_decode, false} in traffic suiteAnders Svensson
By adding string decode or not in the server or client as another combination. Run all traffic cases in parallel: remove the sequential tests. Common test seems unable to deal with {group, X, [parallel]} within a group.
2015-03-24Add service_opt() string_decodeAnders Svensson
To control whether stringish Diameter types are decoded to string or left as binary. The motivation is the same as in the parent commit: to avoid large strings being copied when incoming Diameter messages are passed between processes; or *if* in the case of messages destined for handle_request and handle_answer callbacks, since these are decoded in the dedicated processes that the callbacks take place in. It would be possible to do something about other messages without requiring an option, but disabling the decode is the most effective. The value is a boolean(), true being the default for backwards compatibility. Setting false causes both diameter_caps records and decoded messages to contain binary() in relevant places that previously had string(): diameter_app(3) callbacks need to be prepared for the change. The Diameter types affected are OctetString and the derived types that can contain arbitrarily large values: OctetString, UTF8String, DiameterIdentity, DiameterURI, IPFilterRule, and QoSFilterRule. Time and Address are unaffected. The DiameterURI decode has been redone using re(3), which both simplifies and does away with a vulnerability resulting from the conversion of arbitrary strings to atom. The solution continues the use and abuse of the process dictionary for encode/decode purposes, last seen in commit 0f9cdba.
2015-03-23Fix problem with invalid timeouts because of truncated floatsPeter Andersson
2015-03-23Strip potentially large terms when sending outgoing Diameter messagesAnders Svensson
Both incoming and outgoing Diameter messages pass through two or three processes, depending on whether they're incoming or outgoing: the transport process and corresponding peer_fsm process and (for incoming) watchdog processes. Since terms other than binary are copied when passing process boundaries, large terms lead to copying that can be problematic, if frequent enough. Since only the bin and transport_data fields of a diameter_packet record are needed by the transport process, discard others when sending outgoing messages. Strictly speaking, the statement that only the aforementioned fields are needed by the transport process depends on the transport process. It's true of those implemented by diameter (in diameter_tcp and diameter_sctp), but an implementation that makes use of other fields is assuming more than the documentation in diameter_transport(3) promises.
2015-03-23Discard incoming/outgoing requests after incoming DPRAnders Svensson
With the same motivation as in commits 5bd2d72 and b1fd629. As in the latter, incoming DPR is the only exception.
2015-03-23Add transport_opt() dpr_timeoutAnders Svensson
To cause a peer connection to be closed following an outgoing DPA, in case the peer fails to do so. It is the recipient of DPA that should close the connection according to RFC 6733.
2015-03-23Be lenient with errors in incoming DPRAnders Svensson
To avoid having the peer interpret the error as meaning the connection shouldn't be closed, which probably does more harm than ignoring syntactic errors in the DPR. Note that RFC 6733 says this about incoming DPR, in 5.4 Disconnecting Peer Connections: Upon receipt of the message, the Disconnect-Peer-Answer message is returned, which SHOULD contain an error if messages have recently been forwarded, and are likely in flight, which would otherwise cause a race condition. The race here is presumably between answers to forwarded requests and the outgoing DPA, but we have no handling for this: whether or not there are pending answers is irrelevant to how DPR is answered. It's questionable that a peer should be able to prevent disconnection in any case: it has to be the node sending DPR that decides if it's approriate, and the peer should take it as an indication of what's coming. Incoming DPA is already treated leniently: the only error that's not ignored is mismatching End-to-End and Hop-by-Hop Identifiers, since there's no distinguishing an erroneous value from an unsolicited DPA. This mismatch could also be ignored, which is the case for DWA for example, but this problem is already dealt with by dpa_timeout, which causes a connection to be closed even when the expected DPA isn't received.
2015-03-23Merge branch 'anders/diameter/dpr/OTP-12542' into maintAnders Svensson
* anders/diameter/dpr/OTP-12542: Discard CER or DWR sent with diameter:call/4 Allow DPR to be sent with diameter:call/4 Add transport_opt() dpa_timeout Add testcase for sending DPR with diameter:call/4
2015-03-23Merge branch 'anders/diameter/dpr/OTP-12543' into maintAnders Svensson
* anders/diameter/dpr/OTP-12543: Discard incoming requests after outgoing DPR Discard outgoing requests after outgoing DPR
2015-03-23Merge branch 'erland/revert_time/OTP-12444' into maintErland Schönbeck
* erland/revert_time/OTP-12444: Revert "Use new time API and be back-compatible in ssh"
2015-03-23Fix ordering of AVPs in relayed messagesAnders Svensson
6.1.9 of RFC 6733 states this: A relay or proxy agent MUST append a Route-Record AVP to all requests forwarded. The AVP was inserted as the head of the AVP list, not appended, since the entire AVP list was reversed relative to the received order. Thanks to Andrzej Trawiński.
2015-03-22Discard CER or DWR sent with diameter:call/4Anders Svensson
These are requests that diameter itself sends. It's previously been possible to send them, but answers timed out at the caller since they were discarded in diameter_watchdog. Answers will still timeout, but now the requests are discarded before being sent.