andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0015-Issue-5418-Sync_repl-may-crash-while-managing-invali.patch

cb1cc6
From 48ef747b731b5debfefc20757f3b3775828504c2 Mon Sep 17 00:00:00 2001
cb1cc6
From: tbordaz <tbordaz@redhat.com>
cb1cc6
Date: Thu, 18 Aug 2022 11:17:30 +0200
cb1cc6
Subject: [PATCH 3/4] Issue 5418 - Sync_repl may crash while managing invalid
cb1cc6
 cookie (#5420)
cb1cc6
cb1cc6
Bug description:
cb1cc6
	If the servers receives an invalid cookie without separator '#',
cb1cc6
	it parses it into an empty cookie (Sync_Cookie) instead of a NULL
cb1cc6
	cookie (failure).
cb1cc6
	Later it sigsegv when using the empty cookie.
cb1cc6
cb1cc6
Fix description:
cb1cc6
	If the parsing fails return NULL
cb1cc6
cb1cc6
relates: #5418
cb1cc6
cb1cc6
Reviewed by: Viktor Ashirov, Mark Reynolds, William Brown, Simon
cb1cc6
 Pichugin (thanks !)
cb1cc6
---
cb1cc6
 .../suites/syncrepl_plugin/basic_test.py      | 76 +++++++++++++++++++
cb1cc6
 1 file changed, 76 insertions(+)
cb1cc6
cb1cc6
diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
cb1cc6
index 533460e8f..375517693 100644
cb1cc6
--- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
cb1cc6
+++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
cb1cc6
@@ -594,3 +594,79 @@ def test_sync_repl_cenotaph(topo_m2, request):
cb1cc6
                 pass
cb1cc6
 
cb1cc6
     request.addfinalizer(fin)
cb1cc6
+
cb1cc6
+def test_sync_repl_invalid_cookie(topology, request):
cb1cc6
+    """Test sync_repl with invalid cookie
cb1cc6
+
cb1cc6
+    :id: 8fa4a8f8-acf4-42a5-90f1-6ba1d8080e46
cb1cc6
+    :setup: install a standalone instance
cb1cc6
+    :steps:
cb1cc6
+        1. reset instance to standard (no retroCL, no sync_repl, no dynamic plugin)
cb1cc6
+        2. Enable retroCL/content_sync
cb1cc6
+        3. Establish a sync_repl connection
cb1cc6
+        4. Tests servers results to search with invalid cookie
cb1cc6
+        5. Add/delete an user entry to check the server is up and running
cb1cc6
+    :expectedresults:
cb1cc6
+        1. Should succeeds
cb1cc6
+        2. Should succeeds
cb1cc6
+        3. Should succeeds
cb1cc6
+        4. Should succeeds
cb1cc6
+        5. Should succeeds
cb1cc6
+    """
cb1cc6
+
cb1cc6
+    # Reset the instance in a default config
cb1cc6
+    # Disable content sync plugin
cb1cc6
+    topology.standalone.restart()
cb1cc6
+    topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC)
cb1cc6
+
cb1cc6
+    # Disable retro changelog
cb1cc6
+    topology.standalone.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
cb1cc6
+
cb1cc6
+    # Disable dynamic plugins
cb1cc6
+    topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'off')])
cb1cc6
+    topology.standalone.restart()
cb1cc6
+
cb1cc6
+    # Enable retro changelog
cb1cc6
+    topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
cb1cc6
+
cb1cc6
+    # Enbale content sync plugin
cb1cc6
+    topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
cb1cc6
+    topology.standalone.restart()
cb1cc6
+
cb1cc6
+    # Setup the syncer
cb1cc6
+    sync = ISyncRepl(topology.standalone)
cb1cc6
+
cb1cc6
+    # Test invalid cookies
cb1cc6
+    cookies = ('#', '##', 'a#a#a', 'a#a#1', 'foo')
cb1cc6
+    for invalid_cookie in cookies:
cb1cc6
+        log.info('Testing cookie: %s' % invalid_cookie)
cb1cc6
+        try:
cb1cc6
+            ldap_search = sync.syncrepl_search(base=DEFAULT_SUFFIX,
cb1cc6
+                                               scope=ldap.SCOPE_SUBTREE,
cb1cc6
+                                               attrlist=['objectclass', 'cn', 'homedirectory', 'sn','uid'],
cb1cc6
+                                               filterstr='(|(objectClass=groupofnames)(objectClass=person))',
cb1cc6
+                                               mode='refreshOnly',
cb1cc6
+                                               cookie=invalid_cookie)
cb1cc6
+            poll_result = sync.syncrepl_poll(all=1)
cb1cc6
+
cb1cc6
+            log.fatal('Invalid cookie accepted!')
cb1cc6
+            assert False
cb1cc6
+        except Exception as e:
cb1cc6
+            log.info('Invalid cookie correctly rejected: {}'.format(e.args[0]['info']))
cb1cc6
+            pass
cb1cc6
+
cb1cc6
+    # check that the server is still up and running
cb1cc6
+    users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
cb1cc6
+    user = users.create_test_user(uid=1000)
cb1cc6
+
cb1cc6
+    # Success
cb1cc6
+    log.info('Test complete')
cb1cc6
+
cb1cc6
+    def fin():
cb1cc6
+        topology.standalone.restart()
cb1cc6
+        try:
cb1cc6
+            user.delete()
cb1cc6
+        except:
cb1cc6
+            pass
cb1cc6
+
cb1cc6
+    request.addfinalizer(fin)
cb1cc6
-- 
cb1cc6
2.37.1
cb1cc6