From c430218e26852cca72ef6806719a74bfcc5735f0 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 17 Nov 2022 16:26:50 +0800 Subject: [PATCH] chore: make remsh node name away from the atom DOS attack The remsh node name is generated to be unique, this may cause atom leakage, so we need to change the generation rule to limit the total of these names --- bin/emqx | 2 +- bin/nodetool | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/bin/emqx b/bin/emqx index 811bb2981..89ebed7c6 100755 --- a/bin/emqx +++ b/bin/emqx @@ -396,7 +396,7 @@ remsh() { # Generate a random id relx_gen_id() { - od -t x -N 4 /dev/urandom | head -n1 | awk '{print $2}' + od -t u -N 4 /dev/urandom | head -n1 | awk '{print $2 % 1000}' } call_nodetool() { diff --git a/bin/nodetool b/bin/nodetool index 4af7aae02..b4f0a0183 100755 --- a/bin/nodetool +++ b/bin/nodetool @@ -226,9 +226,14 @@ nodename(Name) -> this_node_name(longnames, Name) -> [Node, Host] = re:split(Name, "@", [{return, list}, unicode]), - list_to_atom(lists:concat(["remsh_maint_", Node, os:getpid(), "@", Host])); + list_to_atom(lists:concat(["remsh_maint_", Node, node_name_suffix_id(), "@", Host])); this_node_name(shortnames, Name) -> - list_to_atom(lists:concat(["remsh_maint_", Name, os:getpid()])). + list_to_atom(lists:concat(["remsh_maint_", Name, node_name_suffix_id()])). + +%% use the reversed value that from pid mod 1000 as the node name suffix +node_name_suffix_id() -> + Pid = os:getpid(), + string:slice(string:reverse(Pid), 0, 3). %% For windows??? create_mnesia_dir(DataDir, NodeName) ->