Giter VIP home page Giter VIP logo

fts3's People

Contributors

amadio avatar andrea-manzi avatar bbockelm avatar carles-garcia avatar edwardkaravakis avatar joaopblopes avatar mpatrascoiu avatar murrayc3 avatar okeeble avatar rcarpa avatar shubhangi-misra avatar simonmichal avatar smithdh avatar tomhepz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

mlassnig marcelovilaca dynamic-entropy fno2010 juztas joaopblopes ryanyunruiyang dsmaugy jennimao css9091 paxjryan jackiedong6 lilyzhouzyj edengorevoy

fts3's Issues

Bug report - Code properties violations during software vulnerabilities investigation

Hello,

We found some potential code failures that might cause a security vulnerability.
To identify this kind of vulnerabilities I used tool LSVerifier: https://github.com/janislley/LSVerifier

More about the tool: https://ssvlab.github.io/lucasccordeiro/papers/sbseg2023.pdf

Please, check this report for code property violations:

1 - Dereference failure: NULL pointer

[FILE] ext/fts3/fts3_expr.c
[ARGS] ['--unwind', '1', '--no-unwinding-assertions']
[FUNCTION] sqlite3Fts3OpenTokenizer

int sqlite3Fts3OpenTokenizer(
  sqlite3_tokenizer *pTokenizer,
  int iLangid,
  const char *z,
  int n,
  sqlite3_tokenizer_cursor **ppCsr
){
  sqlite3_tokenizer_module const *pModule = pTokenizer->pModule;
  sqlite3_tokenizer_cursor *pCsr = 0;
  int rc;

  rc = pModule->xOpen(pTokenizer, z, n, &pCsr);
  assert( rc==SQLITE_OK || pCsr==0 );
  if( rc==SQLITE_OK ){
    pCsr->pTokenizer = pTokenizer; // line 145
    if( pModule->iVersion>=1 ){
      rc = pModule->xLanguageid(pCsr, iLangid);
      if( rc!=SQLITE_OK ){
        pModule->xClose(pCsr);
        pCsr = 0;
      }
    }
  }
  *ppCsr = pCsr;
  return rc;
}

Counterexample:

State 5 file fts3_expr.c line 145 function sqlite3Fts3OpenTokenizer thread 0

Violated property:
file fts3_expr.c line 145 function sqlite3Fts3OpenTokenizer
dereference failure: NULL pointer
line 145: pCsr->pTokenizer = pTokenizer;

Pre-analysis:

The function pointer xOpen is called, which presumably sets the value of pCsr. The assertion ensures that if the return code is not SQLITE_OK, then pCsr must be null. If the return code is SQLITE_OK, the code dereferences pCsr with pCsr->pTokenizer = pTokenizer;. This is safe because the assertion guarantees that pCsr is not null when rc is SQLITE_OK.

However, there's a potential issue if the function pointer xOpen or any other function pointer in the pModule structure is null. The code doesn't check for this, and if any of these function pointers are null, it would result in a null pointer dereference.

Different fts3 uid for the fts3-server, fts-monitoring and fts-rest docker images

Hi all,

I have configured an fts3 instance (v3.11.0) using docker compose with the following docker images/containers:

CONTAINER ID   IMAGE                                                COMMAND                  CREATED          STATUS                     PORTS                                       NAMES
16622c2fd4fb   gitlab-registry.cern.ch/fts/fts-monitoring:v3.11.0   "/scripts/startup-ft…"   10 minutes ago   Up 10 minutes              0.0.0.0:8449->8449/tcp, :::8449->8449/tcp   arendina-fts3-fts-mon-1
682721f923c1   gitlab-registry.cern.ch/fts/fts-rest:v3.11.0         "/scripts/startup-ft…"   10 minutes ago   Up 10 minutes              0.0.0.0:8446->8446/tcp, :::8446->8446/tcp   arendina-fts3-fts-rest-1
ef5e9f3908cb   gitlab-registry.cern.ch/fts/fts3:v3.11.0             "/scripts/startup-ft…"   10 minutes ago   Up 10 minutes              2170/tcp                                    arendina-fts3-fts-server-1
06c96e18b270   alpine                                               "sh -c ' apk add --n…"   10 minutes ago   Exited (0) 8 minutes ago                                               arendina-fts3-init-db-1
e40216d8bdfc   mysql:5                                              "docker-entrypoint.s…"   10 minutes ago   Up 10 minutes              3306/tcp, 33060/tcp                         arendina-fts3-ftsdb-1
b19f249a04eb   indigoiam/egi-trustanchors                           "/bin/sh -c ' yum in…"   10 minutes ago   Exited (0) 8 minutes ago                                               arendina-fts3-trust-1

I have noticed that the fts3 uid is different form the fts3-server to the other two containers as shown below:

# docker compose exec fts-server bash
# id fts3
uid=999(fts3) gid=997(fts3) groups=997(fts3)

# docker compose exec fts-rest bash
# id fts3
uid=1000(fts3) gid=1000(fts3) groups=1000(fts3)

# docker compose exec fts-mon bash
# id fts3
uid=1000(fts3) gid=1000(fts3) groups=1000(fts3)

This configuration could be the reason of permissions issues or errors.
Is this behaviour expected or is it modified in any other fts3 releases?

It seems that this is solved in the v3.12.0, but the last version of the fts-rest is the 3.11.1 and the fts3 uid is still 1000:

#  docker run --rm --entrypoint id gitlab-registry.cern.ch/fts/fts3:v3.12.0 fts3
uid=999(fts3) gid=997(fts3) groups=997(fts3)
#  docker run --rm --entrypoint id gitlab-registry.cern.ch/fts/fts-monitoring:v3.12.0 fts3
uid=999(fts3) gid=997(fts3) groups=997(fts3),48(apache)
#  docker run --rm --entrypoint id gitlab-registry.cern.ch/fts/fts-rest:v3.11.1 fts3
uid=1000(fts3) gid=1000(fts3) groups=1000(fts3)

Maybe, is it enough to wait the 3.12.0 release of the fts-rest image?

Sorry if I made any mistakes or I was not clear and, please, feel free to move this issue if needed.

Thank you very much!
Andrea

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.