From da55499db052acd69502de7381850f716dec449c Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 22 Dec 2023 01:26:17 -0800 Subject: [PATCH] fix: reject clients that do not send proper payload (#18701) --- cmd/erasure-server-pool-decom.go | 2 +- cmd/erasure-server-pool-rebalance.go | 8 +++++--- internal/grid/manager.go | 6 +++++- internal/grid/muxserver.go | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/cmd/erasure-server-pool-decom.go b/cmd/erasure-server-pool-decom.go index ab0706073..a009cbc1b 100644 --- a/cmd/erasure-server-pool-decom.go +++ b/cmd/erasure-server-pool-decom.go @@ -716,7 +716,7 @@ func (set *erasureObjects) listObjectsToDecommission(ctx context.Context, bi dec path: bi.Prefix, recursive: true, forwardTo: "", - minDisks: len(disks) / 2, + minDisks: listQuorum, reportNotFound: false, agreed: fn, partial: func(entries metaCacheEntries, _ []error) { diff --git a/cmd/erasure-server-pool-rebalance.go b/cmd/erasure-server-pool-rebalance.go index d8923b518..78a1e7394 100644 --- a/cmd/erasure-server-pool-rebalance.go +++ b/cmd/erasure-server-pool-rebalance.go @@ -624,10 +624,12 @@ func (z *erasureServerPools) rebalanceBucket(ctx context.Context, bucket string, go func() { defer wg.Done() + listQuorum := (len(disks) + 1) / 2 + // How to resolve partial results. resolver := metadataResolutionParams{ - dirQuorum: len(disks) / 2, // make sure to capture all quorum ratios - objQuorum: len(disks) / 2, // make sure to capture all quorum ratios + dirQuorum: listQuorum, // make sure to capture all quorum ratios + objQuorum: listQuorum, // make sure to capture all quorum ratios bucket: bucket, } err := listPathRaw(ctx, listPathRawOptions{ @@ -635,7 +637,7 @@ func (z *erasureServerPools) rebalanceBucket(ctx context.Context, bucket string, bucket: bucket, recursive: true, forwardTo: "", - minDisks: len(disks) / 2, // to capture all quorum ratios + minDisks: listQuorum, reportNotFound: false, agreed: func(entry metaCacheEntry) { workers <- struct{}{} diff --git a/internal/grid/manager.go b/internal/grid/manager.go index 4cbbe3f2c..33cd1cf04 100644 --- a/internal/grid/manager.go +++ b/internal/grid/manager.go @@ -169,6 +169,7 @@ func (m *Manager) Handler() http.HandlerFunc { msg, _, err := wsutil.ReadClientData(conn) if err != nil { logger.LogIf(ctx, fmt.Errorf("grid: reading connect: %w", err)) + w.WriteHeader(http.StatusForbidden) return } if debugPrint { @@ -182,6 +183,7 @@ func (m *Manager) Handler() http.HandlerFunc { fmt.Println("parse err:", err) } logger.LogIf(ctx, fmt.Errorf("handleMessages: parsing connect: %w", err)) + w.WriteHeader(http.StatusForbidden) return } if message.Op != OpConnect { @@ -189,6 +191,7 @@ func (m *Manager) Handler() http.HandlerFunc { fmt.Println("op err:", message.Op) } logger.LogIf(ctx, fmt.Errorf("handler: unexpected op: %v", message.Op)) + w.WriteHeader(http.StatusForbidden) return } var cReq connectReq @@ -198,6 +201,7 @@ func (m *Manager) Handler() http.HandlerFunc { fmt.Println("handler: creq err:", err) } logger.LogIf(ctx, fmt.Errorf("handleMessages: parsing ConnectReq: %w", err)) + w.WriteHeader(http.StatusForbidden) return } remote := m.targets[cReq.Host] @@ -205,7 +209,7 @@ func (m *Manager) Handler() http.HandlerFunc { if debugPrint { fmt.Printf("%s: handler: unknown host: %v. Have %v\n", m.local, cReq.Host, m.targets) } - logger.LogIf(ctx, fmt.Errorf("handler: unknown host: %v", cReq.Host)) + w.WriteHeader(http.StatusForbidden) return } if debugPrint { diff --git a/internal/grid/muxserver.go b/internal/grid/muxserver.go index 6b36394c8..f4ecead24 100644 --- a/internal/grid/muxserver.go +++ b/internal/grid/muxserver.go @@ -202,7 +202,7 @@ func newMuxStream(ctx context.Context, msg message, c *Connection, handler Strea case <-t.C: last := time.Since(time.Unix(atomic.LoadInt64(&m.LastPing), 0)) if last > lastPingThreshold { - logger.LogIf(m.ctx, fmt.Errorf("canceling remote mux %d not seen for %v", m.ID, last)) + logger.LogIf(m.ctx, fmt.Errorf("canceling remote connection %s not seen for %v", m.parent, last)) m.close() return }