LP#
1836254: Handle null authtoken in PCRUD
When the authtoken received from the client is the unquoted literal
string "null" in a pcrud request, the drone processing the request
will crash with a segmentation fault as the session verification code
passes a NULL pointer to strcmp.
To reproduce this bug, make the following request via srfsh:
request open-ils.pcrud open-ils.pcrud.search.pgt null
{"parent":null},{"flesh":-1,"flesh_fields":{"pgt":["children"]}}
Note that srfsh hangs util it times out.
Next, grep /var/log/syslog for the string segfault. You should find
something resembling the following:
Jul 12 15:29:43 buster kernel: [ 94.794920] opensrf-c[1357]:
segfault at 0 ip
00007fe3bbb8b219 sp
00007fff2877a020 error 4 in
liboils_pcrud.so.2.0.0[
7fe3bbb82000+10000]
After patching Evergreen with this commit, repeat the srfsh request
again. This time, the call should return almost immediately with an
osrfMethodException: "permacrud received a bad auth token: (null)."
When you grep syslog for segfault this time, you should find no new
occurrences.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
projects / Evergreen.git / commit