eProsima
The SecurityManager handshake issue [13691]
(1) There is an assert issue in “process_participant_stateless_message” when SecurityManager receives "AUTHENTICATION REQUEST" message and processes it.
As we know that it will generate reply handshake message and set "remote_participant_info->handshake_handle_" to be non-null in "on_process_handshake" when received the "AUTHENTICATION REQUEST" message for the first time, and then create new "CacheChange_t" to send it asynchronously.
The detailed info for the issue is the “assert(!remote_participant_info->handshake_handle_)” will be hit and throw exception if “process_participant_stateless_message” received duplicate "AUTHENTICATION REQUEST" message before the reply handshake msg above is sent successfully.
Based on the perhaps status of the reply handshake msg is sending, pls help me to confirm that my solution is “process_participant_stateless_message” should return directly if received duplicate "AUTHENTICATION REQUEST" message.
(2) Another issue is it does not process the return error code of "on_process_handshake" in “process_participant_stateless_message”,
it will return error code if the "auth_status_ == AUTHENTICATION_WAITING_REQUEST" and "participant_stateless_message_writer_->new_change" failed,
pls help me to confirm that should it set "remote_participant_info->handshake_handle_" to be null after the fail?
void SecurityManager::process_participant_stateless_message(
const CacheChange_t* const change)
{
................................................................
mutex_.lock();
auto dp_it = discovered_participants_.find(remote_participant_key);
if (dp_it != discovered_participants_.end())
{
remote_participant_info = dp_it->second.get_auth();
participant_data = &(dp_it->second.participant_data());
}
mutex_.unlock();
if (remote_participant_info && participant_data)
{
if (remote_participant_info->auth_status_ == AUTHENTICATION_WAITING_REQUEST)
{
////////////////// do not assert,return directly if receive duplicate REQUEST message//////////////////////////////////
assert(!remote_participant_info->handshake_handle_);
// Preconditions
if (message.related_message_identity().source_guid() != GUID_t::unknown())
{
logInfo(SECURITY,
"Bad ParticipantGenericMessage. related_message_identity.source_guid is not GUID_t::unknown()");
restore_discovered_participant_info(remote_participant_key, remote_participant_info);
return;
}
if (message.message_data().size() != 1)
{
logInfo(SECURITY, "Bad ParticipantGenericMessage. message_data size is not 1");
restore_discovered_participant_info(remote_participant_key, remote_participant_info);
return;
}
}
.........................................................
on_process_handshake(*participant_data, remote_participant_info,
std::move(message.message_identity()), std::move(message.message_data().at(0)));
//////////////////////////////should process the return error code of on_process_handshake and set "remote_participant_info->handshake_handle_" to be null if it is "REQUEST" msg////////////////////////////
restore_discovered_participant_info(remote_participant_key, remote_participant_info);
}
else
{
logInfo(SECURITY, "Received Authentication message but not found related remote_participant_key");
}
}
else
{
logInfo(SECURITY, "Discarted ParticipantGenericMessage with class id " << message.message_class_id());
}
}
Hello @fenggaobj Thanks for the report and sorry for the delay in the response. Please, check if you can still reproduce the issue in a newer version (although we kept the preventive assertion there). If it persists, please attach a minimal reproducer and provide some information about the Fast DDS version and the platform that you are using so that we can analyse it further.
According to our CONTRIBUTING.md guidelines, I am closing this issue due to inactivity. Please, feel free to reopen it if necessary.