Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential race condition when using Ledger.Update #425

Open
sgebbie opened this issue Aug 9, 2024 · 1 comment
Open

Potential race condition when using Ledger.Update #425

sgebbie opened this issue Aug 9, 2024 · 1 comment

Comments

@sgebbie
Copy link

sgebbie commented Aug 9, 2024
edited
Loading

While reviewing the code for Ledger.AuthOK in order to understand how to configure authentication, a visual inspection of the locking of Ledger.Update stood out as a potential race condition:

In particular,

// Update updates the internal values of the ledger.                                                                    
func (l *Ledger) Update(ln *Ledger) {                                                                                   
    l.Lock()                                                                                                            
    defer l.Unlock()                                                                                                    
    l.Auth = ln.Auth                                                                                                    
    l.ACL = ln.ACL                                                                                                      
}

takes care to lock and release the mutex. However, neither Ledger.AuthOK nor Ledger.ACLOk participate in the locking.

While I have not reproduced a bug, reviewing the code it would seem that a race condition on reading l.Auth or l.ACL might occur, if the ledge is updated concurrently.

Additionally, related but separately, l.Users is not carried over by l.Update.

Potential Remediation

  1. Extend l.Update to additionally perform l.Users = ln.Users
  2. Protect the access to the authentication configuration:

Additional considerations:

  1. given that l.AuthOK() and l.ACLOk might be contended under load, it might be worth using an sync.RWMutex and then only holding reader locks in the authentication check routines.

Coordination

If someone, who is more familiar with the code base, can confirm that the above problem should be addressed, I can prepare a PR to submit for review.

Thanks,
Stewart.
@sgebbie sgebbie changed the title Potential race condition with Ledger.AuthOK Potential race condition when using Ledger.Update Aug 9, 2024
@werbenhu
Copy link
Member

The scenarios in which l.Update() is called are likely not very frequent, and using lock would waste a lot of performance. I think using atomic.Value is a better choice. @sgebbie , it would be great if you could submit a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgebbie @werbenhu