Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sweep:integration] fix (Core): limit read to TLS payload size #8029

Merged
merged 1 commit into from
Feb 4, 2025
Merged

[sweep:integration] fix (Core): limit read to TLS payload size #8029

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions src/DIRAC/Core/DISET/private/Transports/BaseTransport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

Client <- Service : Close
"""

import time
from io import BytesIO
from hashlib import md5
Expand All @@ -27,6 +28,9 @@
from DIRAC.FrameworkSystem.Client.Logger import gLogger
from DIRAC.Core.Utilities import MixedEncode

# https://datatracker.ietf.org/doc/html/rfc8446#section-5.1
TLS_PAYLOAD_SIZE = 16384


class BaseTransport:
"""Invokes MixedEncode for marshaling/unmarshaling of data calls in transit"""
Expand Down Expand Up @@ -198,7 +202,7 @@ def receiveData(self, maxBufferSize=0, blockAfterKeepAlive=True, idleReceive=Fal
isKeepAlive = self.byteStream.find(BaseTransport.keepAliveMagic, 0, keepAliveMagicLen) == 0
# While not found the message length or the ka, keep receiving
while iSeparatorPosition == -1 and not isKeepAlive:
retVal = self._read(16384)
retVal = self._read(TLS_PAYLOAD_SIZE)
# If error return
if not retVal["OK"]:
return retVal
Expand All @@ -225,6 +229,7 @@ def receiveData(self, maxBufferSize=0, blockAfterKeepAlive=True, idleReceive=Fal
pkgSize = int(self.byteStream[:iSeparatorPosition])
pkgData = self.byteStream[iSeparatorPosition + 1 :]
readSize = len(pkgData)

if readSize >= pkgSize:
# If we already have all the data we need
data = pkgData[:pkgSize]
Expand All @@ -235,7 +240,7 @@ def receiveData(self, maxBufferSize=0, blockAfterKeepAlive=True, idleReceive=Fal
pkgMem.write(pkgData)
# Receive while there's still data to be received
while readSize < pkgSize:
retVal = self._read(pkgSize - readSize, skipReadyCheck=True)
retVal = self._read(min(TLS_PAYLOAD_SIZE, pkgSize - readSize), skipReadyCheck=True)
if not retVal["OK"]:
return retVal
if not retVal["Value"]:
Expand Down
3 changes: 2 additions & 1 deletion src/DIRAC/Core/DISET/private/Transports/M2SSLTransport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,8 @@ def _write(self, buf):
# And writting on a socket that received an RST packet
# triggers a SIGPIPE.
# In practice, this means that if the server replies to a
# dead client with less that 16384 bytes (see),
# dead client with less that 16384 bytes
# (see https://datatracker.ietf.org/doc/html/rfc8446#section-5.1),
# we will never notice that we sent the answer to the vacuum.
# And don't look for a fix, there just isn't.
wrote = self.oSocket.write(buf)
Expand Down
Loading