Skip to content

Bug: open non-filename #1

New issue
New issue
Open
Open
Bug: open non-filename#1
@drok

Description

@drok
drok
opened on Jan 22, 2024

The following sequence was seen while running a test. The lasso library attempts to open an XML snippet:

...
[pid 16997] open("../../../tests/data//idp5-saml2/metadata.xml", O_RDONLY) = 4
[pid 16997] open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 16997] open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 16997] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3545, ...}) = 0
[pid 16997] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3545, ...}) = 0
[pid 16997] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3545, ...}) = 0
[... BAD open here vvv]
[pid 16997] open("<?xml version=\"1.0\"?>\n<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n      xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"\n      xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\n      entityID=\"http://sp5/metadata\">\n  <SPSSODescriptor\n      AuthnRequestsSigned=\"true\"\n      protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <KeyDescriptor use=\"signing\">\n      <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n        <ds:X509Data>\n          <ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNqh9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+uuVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxHioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8GA1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IBAQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQBZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUapkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMewfiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/APNC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqRLlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>\n        </ds:X509Data>\n      </ds:KeyInfo>\n    </KeyDescriptor>\n  \n    <KeyDescriptor use=\"encryption\">\n      <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n        <ds:X509Data>\n          <ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNqh9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+uuVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxHioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8GA1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IBAQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQBZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUapkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMewfiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/APNC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqRLlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>\n        </ds:X509Data>\n      </ds:KeyInfo>\n    </KeyDescriptor>\n  \n    <ArtifactResolutionService isDefault=\"true\" index=\"0\"\n      Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n      Location=\"http://sp5/artifact\" />\n    <SingleLogoutService\n      Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n      Location=\"http://sp5/singleLogoutSOAP\" />\n    <SingleLogoutService\n      Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n      Location=\"http://sp5/singleLogout\"\n      ResponseLocation=\"http://sp5/singleLogoutReturn\" />\n    <ManageNameIDService\n      Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n      Location=\"http://sp5/manageNameIdSOAP\" />\n    <ManageNameIDService\n      Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n      Location=\"http://sp5/manageNameId\"\n      ResponseLocation=\"http://sp5"..., O_RDONLY) = -1 ENAMETOOLONG (File name too long)
[... BAD open here ^^^]
[pid 16997] open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 16997] open("/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 16997] open("../../../tests/data//sp5-saml2/private-key.pem", O_RDONLY) = 4
...

To reproduce, after make check:

builder-48:radu [Linux] ~/proj/lasso/build/Xenial  ((v2.8.0))
$ tests/tests

Stack frame where provider->filename is an XML fragment, not a filename:

init_from_xml(LassoNode * node, xmlNode * xmlnode) (\home\radu\proj\lasso\lasso\id-ff\provider.c:693)
init_from_xml(LassoNode * node, xmlNode * xmlnode) (\home\radu\proj\lasso\lasso\id-ff\server.c:352)
lasso_node_new_from_xmlNode_with_type(xmlNode * xmlnode, char * typename) (\home\radu\proj\lasso\lasso\xml\xml.c:2492)
_lasso_node_new_from_xmlNode(xmlNode * xmlnode) (\home\radu\proj\lasso\lasso\xml\xml.c:2417)
lasso_node_new_from_dump(const char * dump) (\home\radu\proj\lasso\lasso\xml\xml.c:2245)
lasso_server_new_from_dump(const gchar * dump) (\home\radu\proj\lasso\lasso\id-ff\server.c:823)
test02_saml2_serviceProviderLogin(int _i) (\home\radu\proj\lasso\tests\login_tests_saml2.c:160)
tcase_run_tfun_nofork.isra (Unknown Source:0)
srunner_run (Unknown Source:0)
main(int argc, char ** argv) (\home\radu\proj\lasso\tests\tests.c:180)

lasso/lasso/id-ff/provider.c

Line 721 in 6e1306c

if (provider->metadata_filename) {

It looks like line 672 casts a LassoNode into a LassoProvider:

lasso/lasso/id-ff/provider.c

Line 672 in 6e1306c

LassoProvider *provider = LASSO_PROVIDER(node);

I don't know enough about the internals to know if this is a valid cast at this point, so I'm leaving this bug here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions