-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58242/
-----------------------------------------------------------

(Updated April 6, 2017, 11:22 p.m.)


Review request for mesos and Mesos Reviewbot.


Bugs: MESOS-7363
    https://issues.apache.org/jira/browse/MESOS-7363


Repository: mesos


Description
-------

It is possible for a malicious client to send
libprocess SUBSCRIBE requests that will trigger the
!frameworks.principals.contains(...) CHECK. This can happen
if the client sends a subscribe with a framework ID, then a
second subscribe with a different framework ID but the same
UPID. The invariant in the master is that a UPID uniquely
identifies a given framework. This is violated if we allow
multiple frameworks with the same UPID.


Diffs
-----

  src/master/master.cpp e547d2c410471f42bfeaae40a8b57ca30033e54f 


Diff: https://reviews.apache.org/r/58242/diff/2/


Testing (updated)
-------

make check (Fedora 25). Internal fuzzer run.


Thanks,

James Peach