Skip to content

gossip: fix DoS with malformed UDP header value/size #7146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

gossip: fix DoS with malformed UDP header value/size #7146

wants to merge 1 commit into from

Conversation

@two-heart
Copy link
Contributor

@two-heart two-heart commented Nov 10, 2025

credits for finding this to Immunefi user @bpop23293

@github-actions
Copy link

github-actions bot commented Nov 10, 2025

Performance Measurements ⏳

Suite Baseline New Change
backtest mainnet-368528500-perf per slot 0.060215 s 0.051004 s -15.297%
backtest mainnet-368528500-perf snapshot load 1.82 s 1.409 s -22.582%
backtest mainnet-368528500-perf total elapsed 60.215117 s 51.003517 s -15.298%
firedancer mem usage with mainnet.toml 992.14 GiB 992.14 GiB 0.000%

jherrera-jump
jherrera-jump requested changes Nov 10, 2025
View reviewed changes
Copy link
Contributor

@jherrera-jump jherrera-jump left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also update

firedancer/src/disco/gui/fd_gui_peers.c

Line 217 in 548c705

+ fd_gui_sum_tiles_counter( peers, "gossvf", gossvf_tile_cnt, MIDX( COUNTER, GOSSVF, MESSAGE_RX_BYTES_DROPPED_UNPARSEABLE) )

mmcgee-jump
mmcgee-jump reviewed Nov 10, 2025
View reviewed changes
src/discof/gossip/fd_gossvf_tile.c Outdated
fd_ip4_hdr_t * ip4_hdr;
fd_udp_hdr_t * udp_hdr;
FD_TEST( fd_ip4_udp_hdr_strip( ctx->payload, sz, &payload, &payload_sz, NULL, &ip4_hdr, &udp_hdr ) );
if( FD_UNLIKELY(!fd_ip4_udp_hdr_strip( ctx->payload, sz, &payload, &payload_sz, NULL, &ip4_hdr, &udp_hdr )) ) return FD_METRICS_ENUM_GOSSVF_MESSAGE_OUTCOME_V_DROPPED_MALFORMED_PACKET_IDX;
Copy link
Contributor

@mmcgee-jump mmcgee-jump Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this reachable? The net tile will not pass the packet to gossvf if the header is not valid

Copy link
Contributor Author

@two-heart two-heart Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The XDP tile does not check all this, see the PoC in https://github.com/firedancer-io/auditor-internal/issues/334

mmcgee-jump
mmcgee-jump requested changes Nov 10, 2025
View reviewed changes
Copy link
Contributor

@mmcgee-jump mmcgee-jump left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@two-heart
gossip: fix DoS with malformed UDP header value/size
75b8d46 
credits for finding this to Immunefi user `@bpop23293`
@two-heart two-heart force-pushed the two-heart/fix-gossvf-udp branch from a88c593 to 75b8d46 Compare November 11, 2025 10:07
@github-actions
Copy link

github-actions bot commented Nov 11, 2025

Performance Measurements ⏳

Suite Baseline New Change
backtest mainnet-368528500-perf per slot 0.062891 s 0.051502 s -18.109%
backtest mainnet-368528500-perf snapshot load 1.853 s 1.408 s -24.015%
backtest mainnet-368528500-perf total elapsed 62.891193 s 51.501695 s -18.110%
firedancer mem usage with mainnet.toml 992.14 GiB 992.14 GiB 0.000%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ravyu-jump ravyu-jump Awaiting requested review from ravyu-jump

@mmcgee-jump mmcgee-jump Awaiting requested review from mmcgee-jump

@jherrera-jump jherrera-jump Awaiting requested review from jherrera-jump

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@two-heart @mmcgee-jump @jherrera-jump