Project

General

Profile

Actions
Copy link

Bug #39368

open

Multiple race conditions in TokenWhitelisting::TokenStorage

Added by Alex Fisher 20 days ago. Updated 20 days ago.

Status:
Ready For Testing
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/smart-proxy/pull/945
Fixed in Releases:
Found in Releases:
Foreman - 3.19.0, Foreman - 3.3.1
Red Hat JIRA:

Description

There is no locking used during `read`, only `write`. If the token file is being rewritten, a `read` that happens during the write can get an empty file. The code then explodes with...

```
Failed to enable autosign for host.example.com: undefined method `push' for nil:NilClass
/usr/share/foreman-proxy/modules/puppetca_token_whitelisting/puppetca_token_whitelisting_token_storage.rb:42:in `add'
/usr/share/foreman-proxy/modules/puppetca_token_whitelisting/puppetca_token_whitelisting_autosigner.rb:59:in `autosign'
```

It's also possible to lose updates. Two concurrent adds can both read the same old YAML array, append different tokens, then serialize their writes with the last writer winning.

I suspect other people haven't hit these bugs as they're almost certainly using Foreman itself as the smart-proxy client. I'm using terraform to build hosts and calling the API from a datasource in that...

Actions
Copy link
 #1

Updated by The Foreman Bot 20 days ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/945 added
Actions
Copy link

Also available in: Atom PDF