Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
<== Date ==> <== Thread ==>

Subject: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request]
From: Michael Davidsaver <mdavidsaver@gmail.com>
To: "Hartman, Steven M." <hartmansm@ornl.gov>, Benjamin Franksen <benjamin.franksen@helmholtz-berlin.de>
Cc: EPICS Tech Talk <tech-talk@aps.anl.gov>
Date: Tue, 23 Jan 2018 13:44:38 -0800
On 01/23/2018 10:54 AM, Hartman, Steven M. wrote:
> Nonetheless, a malformed packet crashing a server would be considered in bug in the server implementation and should be fixed. 

I don't think anyone is going to argue that these sort of issues shouldn't be fixed.
The problem is as usual a question of time and/or money.  Actively finding and
_fixing_ packet validation issues has never been a priority for anyone.

FYI, if someone could spend time on this, a place to start might be:

https://github.com/mdavidsaver/catvs

which is a framework I started for verifying consistency between
CA implementations.  This works be constructing packets with
a python script.  It is straightforward to create invalid/corrupt
messages.

A test case for zero length PVs could be added here

https://github.com/mdavidsaver/catvs/blob/master/catvs/server/test_search.py#L16

Replies:
RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
References:
Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Shuei YAMADA
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] J. Lewis Muir
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Ralph Lange
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Benjamin Franksen
Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.

Navigate by Date:
Prev: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.
Next: RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
Navigate by Thread:
Prev: Re: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Hartman, Steven M.
Next: RE: Port scan with nmap causes infinite loop in casDGClient::processDG() [Re: CA gatway runs away when zero length PV name in UDP search request] Mark Engbretson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <20182019 
ANJ, 24 Jan 2018 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·