Project

General

Profile

Actions

Bug #12585

closed

insufficient validation in svccfg for service name

Added by Till Wegmüller about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The attached manifest validates but makes svccfg import keep over with

svccfg_libscf.c:7961: fmri_to_entity() failed with unexpected error 1007.  Aborting.
Abort (core dumped)

Core attached aswell


Files

attachment.tar.gz (1.68 MB) attachment.tar.gz Till Wegmüller, 2020-04-21 02:34 PM
Actions #1

Updated by John Levon about 2 years ago

  • Assignee set to John Levon
Actions #2

Updated by John Levon about 2 years ago

  • Subject changed from svccfg has keeled over when encountering the attached manifest has to insufficient validation in svccfg for service name

The problem is that the service name in the manifest is incorrectly prefixed with "svc:/" but we don't validate that. Our only check is that the name is a valid FMRI, which of course a svc:/-prefixed name is. But then we try to process "svc:/svc:/...".

We should do some checking during svccfg validate. I confirmed that all of:

name="svc:/oci-process"
name="SVC:/oci-process"
name="oci-process:default"
name="svc:/oci-process:default"

now correctly failed validation.

Actions #3

Updated by Electric Monk about 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 2f602de35d44213d39581c59632aa8365348850b

commit  2f602de35d44213d39581c59632aa8365348850b
Author: John Levon <john.levon@joyent.com>
Date:   2020-04-29T14:33:40.000Z

    12585 insufficient validation in svccfg for service name
    Reviewed by: Robert Mustacchi <rm@fingolfin.org>
    Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF