Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include ServerName in tls transport cache key #56415

Merged
merged 2 commits into from
Nov 28, 2017
Merged

Include ServerName in tls transport cache key #56415

merged 2 commits into from
Nov 28, 2017
+21 −2

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Nov 27, 2017
edited
Loading

Fixes #56385

Fixes server name verification of aggregated API servers and webhook admission endpoints

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 27, 2017
@liggitt liggitt mentioned this pull request Nov 27, 2017
Closed
@liggitt liggitt added cherrypick-candidate kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels Nov 27, 2017
@liggitt liggitt added this to the v1.9 milestone Nov 27, 2017
@k8s-github-robot k8s-github-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. milestone/needs-approval labels Nov 27, 2017
@deads2k
Copy link
Contributor

deads2k commented Nov 27, 2017

This will need picks.

/lgtm
/status approved-for-milestone

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. status/approved-for-milestone labels Nov 27, 2017
@liggitt
Copy link
Member Author

liggitt commented Nov 27, 2017

/status in-progress

@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Pull Request Current

@caesarxuchao @deads2k @liggitt

Note: This pull request is marked as priority/critical-urgent, and must be updated every 1 day during code freeze.

Example update:

ACK.  In progress
ETA: DD/MM/YYYY
Risks: Complicated fix required
Pull Request Labels
  • sig/api-machinery: Pull Request will be escalated to these SIGs if needed.
  • priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
  • kind/bug: Fixes a bug discovered during the current release.
Help

This was referenced Nov 27, 2017
Merged
Merged
Merged
@liggitt
Copy link
Member Author

liggitt commented Nov 27, 2017

picks opened

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Nov 27, 2017
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 27, 2017
@liggitt
Copy link
Member Author

liggitt commented Nov 27, 2017
edited
Loading

integration test setup for one test had a bug that was masked because the extension server and kube apiserver were both in-process and shared the tls config cache. pushed a test update

@deads2k
Copy link
Contributor

deads2k commented Nov 27, 2017

still
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 27, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, liggitt

Associated issue: 56385

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@caesarxuchao
Copy link
Member

lgtm.

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 56094, 52910, 55953, 56405, 56415). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit a46153e into kubernetes:master Nov 28, 2017
@liggitt liggitt deleted the tls-cache-key branch November 28, 2017 05:05
@wojtek-t wojtek-t added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Nov 28, 2017
k8s-github-robot pushed a commit that referenced this pull request Nov 28, 2017
Merge pull request #56420 from liggitt/automated-cherry-pick-of-#5641…
7f46075 
…5-upstream-release-1.6

Automatic merge from submit-queue.

Automated cherry pick of #56415

Cherry pick of #56415 on release-1.6.

#56415: Include ServerName in tls transport cache key
k8s-github-robot pushed a commit that referenced this pull request Nov 29, 2017
Merge pull request #56419 from liggitt/automated-cherry-pick-of-#5641…
304233a 
…5-upstream-release-1.7

Automatic merge from submit-queue.

Automated cherry pick of #56415

Cherry pick of #56415 on release-1.7.

#56415: Include ServerName in tls transport cache key
k8s-github-robot pushed a commit that referenced this pull request Nov 30, 2017
Merge pull request #56418 from liggitt/automated-cherry-pick-of-#5641…
39d73e3 
…5-upstream-release-1.8

Automatic merge from submit-queue.

Automated cherry pick of #56415

Cherry pick of #56415 on release-1.8.

#56415: Include ServerName in tls transport cache key
lavalamp
lavalamp reviewed Nov 30, 2017
View reviewed changes
staging/src/k8s.io/client-go/transport/cache.go
@@ -88,5 +88,5 @@ func tlsConfigKey(c *Config) (string, error) {
return "", err
}
// Only include the things that actually affect the tls.Config
return fmt.Sprintf("%v/%x/%x/%x", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData), nil
return fmt.Sprintf("%v/%x/%x/%x/%v", c.TLS.Insecure, c.TLS.CAData, c.TLS.CertData, c.TLS.KeyData, c.TLS.ServerName), nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh, are we printing very sensitive key data into the cache key? That seems like a terrible idea, doesn't it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's safer to put things into a key struct, that way you don't have to worry about collisions (things maybe having / in them that shouldn't, say).

Copy link
Member Author

@liggitt liggitt Nov 30, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh, are we printing very sensitive key data into the cache key? That seems like a terrible idea, doesn't it?

If you have memory access to the cache keys, you also have it to the cache data, which has the same information in a different form

It's safer to put things into a key struct, that way you don't have to worry about collisions (things maybe having / in them that shouldn't, say).

/ isn't an issue in this particular case with the current data (%x hex-encodes, and the first value is a bool), but agree a key struct would be better here

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@liggitt

If you have memory access to the cache keys, you also have it to the cache data, which has the same information in a different form

I can easily see someone printing the keys to a debug log or something, which is readable by more people than they expect. People don't usually expect cache keys to be super sensitive.

I agree the separator is likely not an actual bug in this particular case, but if you use the struct approach everywhere you prevent an entire class of really hard to find bugs, some of which are serious security problems.

I will likely file an issue about these items.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fair enough. opened #56811 to switch to struct key with its own String() impl that omits logging the key data

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lavalamp lavalamp lavalamp left review comments

Assignees

@caesarxuchao caesarxuchao

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.9
Development

Successfully merging this pull request may close these issues.
7 participants
@liggitt @deads2k @k8s-github-robot @caesarxuchao @lavalamp @wojtek-t @k8s-ci-robot