View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009570CTT UA Scripts1 - Script Issuepublic2024-05-31 13:522024-11-24 07:24
ReporterTim Fortin Assigned ToSebastian Allmendinger  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.03.509 
Summary0009570: MaxSecureChannels should not be reached with empty channels
Description

DOS Attack Tests: Security/Security None/Test Cases/006.js
In Step 1 of test, CTT attempts to create all MaxSecureChannels simultaneously, expecting them all to succeed. However, for the last channel request, the server uses a recycled channel. This server behavior is expected according to 1.04 Spec, but not by the CTT. This results in an error in Part 3 of this test.
According to spec (1.04, 10000-4 5.5.2.1):
"To protect against misbehaving Client and denial of service attacks, the Server shall close the oldest SecureChannel that has no Session assigned before reaching the maximum number of supported SecureChannels".

Example:

  • If MaxSecureChannels = 100, Part 1 of test will create 100 SecureChannels. According to the test, all channel requests succeed. However, the server will only create 99 because it recycled the oldest channel for the 100th channel request. DISCREPANCY.
  • Part 2 will create 10% more overload channels (10 more channels), expecting them all to use recycled channels and pass. PASS.
  • Part 3 will close all created channels, expecting the first 10 to fail. However, the first 11 fail. This is because the 10 overload request recycled the first 10 channels (good) PLUS the very first recycled channel for MaxSecureChannel from Step 1. FAIL
TagsNo tags attached.
Files Affected

/maintree/Security/Security None/Test Cases/006.js

Activities

Paul Hunkar

2024-09-20 11:50

administrator   ~0021765

the script should be able to handle either 10 or 11 both can be valid since the spec is not that clear

Sebastian Allmendinger

2024-10-07 12:50

developer   ~0021846

The test script has been updated to allow servers recycling the oldest channel already if reaching MaxSecureChannels - 1.

Paul Hunkar

2024-11-24 07:24

administrator   ~0022112

Reviewed updates, agreed to change and closed issue

Issue History

Date Modified Username Field Change
2024-05-31 13:52 Tim Fortin New Issue
2024-09-20 11:48 Paul Hunkar Assigned To => Alexander Allmendinger
2024-09-20 11:48 Paul Hunkar Status new => assigned
2024-09-20 11:50 Paul Hunkar Note Added: 0021765
2024-10-07 12:47 Sebastian Allmendinger Files Affected => /maintree/Security/Security None/Test Cases/006.js
2024-10-07 12:50 Sebastian Allmendinger Assigned To Alexander Allmendinger => Sebastian Allmendinger
2024-10-07 12:50 Sebastian Allmendinger Status assigned => resolved
2024-10-07 12:50 Sebastian Allmendinger Resolution open => fixed
2024-10-07 12:50 Sebastian Allmendinger Note Added: 0021846
2024-11-24 07:24 Paul Hunkar Project Compliance Test Tool (CTT) Unified Architecture => CTT UA Scripts
2024-11-24 07:24 Paul Hunkar Status resolved => closed
2024-11-24 07:24 Paul Hunkar Fixed in Version => 1.03.509
2024-11-24 07:24 Paul Hunkar Note Added: 0022112