Since the rose_del_node() always calls the rose_del_node() function with the same argument, if two users call rose_del_node() with two different arguments, a race will ensue where one of the users might end up doing a valid operation while the other one is doing a invalid one. The result of this race condition is that it is possible for a user to delete a rose_neigh with a zero “count” and “use” and this will cause rose_del_node() to end with an erroneous return value.
If you are interested in this race condition, you can play with it by deleting a rose_neigh with a zero “count” and “use” and see what happens.
Another issue found in the rose driver is that the rose_del_node() function does not check if the “key” argument is a valid key for the rose_neigh. The rose driver uses a unique key per rose_neigh. The rose_del_node() function does not check if “key” is a valid key for the rose_neigh and might end up deleting a rose_neigh that no one uses. If you are interested in this issue, you can experiment with a rose_neigh with a zero “count” and “use” and see what happens.
What to do if you are facing the issue?
If you are facing this issue, the best course of action is to contact the rose driver’s developers.
#1 The rose_del_node() function does not check if the “key” argument is a valid key for the rose_neigh.
The rose driver uses a unique key per rose_neigh. The rose_del_node() function does not check if “key” is a valid key for the rose_neigh and might end up deleting a rose_neigh that no one uses. If you are interested in this issue, you can experiment with a rose_neigh with a zero “count” and “use” and see what happens.
#2 You need to contact developers of the Rose Driver
#3 You can set up an audit log
Timeline
Published on: 08/31/2022 16:15:00 UTC
Last modified on: 09/06/2022 19:24:00 UTC