111 lines
3.8 KiB
Diff
111 lines
3.8 KiB
Diff
From 48ef747b731b5debfefc20757f3b3775828504c2 Mon Sep 17 00:00:00 2001
|
|
From: tbordaz <tbordaz@redhat.com>
|
|
Date: Thu, 18 Aug 2022 11:17:30 +0200
|
|
Subject: [PATCH 3/4] Issue 5418 - Sync_repl may crash while managing invalid
|
|
cookie (#5420)
|
|
|
|
Bug description:
|
|
If the servers receives an invalid cookie without separator '#',
|
|
it parses it into an empty cookie (Sync_Cookie) instead of a NULL
|
|
cookie (failure).
|
|
Later it sigsegv when using the empty cookie.
|
|
|
|
Fix description:
|
|
If the parsing fails return NULL
|
|
|
|
relates: #5418
|
|
|
|
Reviewed by: Viktor Ashirov, Mark Reynolds, William Brown, Simon
|
|
Pichugin (thanks !)
|
|
---
|
|
.../suites/syncrepl_plugin/basic_test.py | 76 +++++++++++++++++++
|
|
1 file changed, 76 insertions(+)
|
|
|
|
diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
|
|
index 533460e8f..375517693 100644
|
|
--- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
|
|
+++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
|
|
@@ -594,3 +594,79 @@ def test_sync_repl_cenotaph(topo_m2, request):
|
|
pass
|
|
|
|
request.addfinalizer(fin)
|
|
+
|
|
+def test_sync_repl_invalid_cookie(topology, request):
|
|
+ """Test sync_repl with invalid cookie
|
|
+
|
|
+ :id: 8fa4a8f8-acf4-42a5-90f1-6ba1d8080e46
|
|
+ :setup: install a standalone instance
|
|
+ :steps:
|
|
+ 1. reset instance to standard (no retroCL, no sync_repl, no dynamic plugin)
|
|
+ 2. Enable retroCL/content_sync
|
|
+ 3. Establish a sync_repl connection
|
|
+ 4. Tests servers results to search with invalid cookie
|
|
+ 5. Add/delete an user entry to check the server is up and running
|
|
+ :expectedresults:
|
|
+ 1. Should succeeds
|
|
+ 2. Should succeeds
|
|
+ 3. Should succeeds
|
|
+ 4. Should succeeds
|
|
+ 5. Should succeeds
|
|
+ """
|
|
+
|
|
+ # Reset the instance in a default config
|
|
+ # Disable content sync plugin
|
|
+ topology.standalone.restart()
|
|
+ topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC)
|
|
+
|
|
+ # Disable retro changelog
|
|
+ topology.standalone.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
|
|
+
|
|
+ # Disable dynamic plugins
|
|
+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'off')])
|
|
+ topology.standalone.restart()
|
|
+
|
|
+ # Enable retro changelog
|
|
+ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
|
|
+
|
|
+ # Enbale content sync plugin
|
|
+ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
|
|
+ topology.standalone.restart()
|
|
+
|
|
+ # Setup the syncer
|
|
+ sync = ISyncRepl(topology.standalone)
|
|
+
|
|
+ # Test invalid cookies
|
|
+ cookies = ('#', '##', 'a#a#a', 'a#a#1', 'foo')
|
|
+ for invalid_cookie in cookies:
|
|
+ log.info('Testing cookie: %s' % invalid_cookie)
|
|
+ try:
|
|
+ ldap_search = sync.syncrepl_search(base=DEFAULT_SUFFIX,
|
|
+ scope=ldap.SCOPE_SUBTREE,
|
|
+ attrlist=['objectclass', 'cn', 'homedirectory', 'sn','uid'],
|
|
+ filterstr='(|(objectClass=groupofnames)(objectClass=person))',
|
|
+ mode='refreshOnly',
|
|
+ cookie=invalid_cookie)
|
|
+ poll_result = sync.syncrepl_poll(all=1)
|
|
+
|
|
+ log.fatal('Invalid cookie accepted!')
|
|
+ assert False
|
|
+ except Exception as e:
|
|
+ log.info('Invalid cookie correctly rejected: {}'.format(e.args[0]['info']))
|
|
+ pass
|
|
+
|
|
+ # check that the server is still up and running
|
|
+ users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
|
|
+ user = users.create_test_user(uid=1000)
|
|
+
|
|
+ # Success
|
|
+ log.info('Test complete')
|
|
+
|
|
+ def fin():
|
|
+ topology.standalone.restart()
|
|
+ try:
|
|
+ user.delete()
|
|
+ except:
|
|
+ pass
|
|
+
|
|
+ request.addfinalizer(fin)
|
|
--
|
|
2.37.1
|
|
|