[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1049988: bookworm-pu: package riemann-c-client/1.10.4-2

Hi,

On Thu, Aug 17, 2023 at 01:01:01PM -1000, Romain Tartière wrote:
> [ Reason ]
> Due to improper return value checks, when communicating with a remote
> server over TLS riemann-c-client sometimes send the same data fragment
> multiple times, resulting in the server receiving a malformed payload.
> 
> This happen with all versions of TLS, but TLS 1.3 trigger this bad
> behaviour more often.  With more and more services using TLS 1.3, this
> problem is more and more prevalent.
> 
> [ Impact ]
> When the client send a large payload over TLS faster than the network
> can send it, the improper return value checks cause portions of that
> data to be send multiple times to the server.  When the transfer
> eventually finish, the server detect that the payload is invalid and
> drop the connection.  The client will then reconnect and retry the
> transfer that might fail again and again.
> 
> Beside error messages in the server logs, these data corrupt data
> transfer cause an unexpectedly hight bandwidth usage.

This request was approved but not uploaded in time for the previous point
release (12.5). Should it be included in 12.6, or should this request be
abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: