OpenSRF

Gateway error response is not valid JSON

Bug #1883169 reported by Ken Cox
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenSRF
Fix Released
Undecided
Unassigned
OpenSRF 3.2.2

Bug Description

When a GAPINES cron job kills a long-running query, the response includes a truncated "debug" field. Overall the response is not valid JSON.

Mike R helped me track this error to bad string handling in osrf_json_gateway_method_handler() specifically around snprintf() and "+ 32". Note that snprintf() does NOT guarantee NULL termination; for that you need to manually write a 0 in the last byte.

Also Mike suggests "we could use our safety wrappers there
rather than munging with sprintf ourselves
buff_add etc
search up in the same file for growing_buffer for examples"

Revision history for this message
Ken Cox (kenstir) wrote :
Revision history for this message
Ken Cox (kenstir) wrote :

The attached patch fixes the bug using growing_buffer as suggested. Let me know how it fits for style, I tried to maintain the tabs etc.

Please consider adding my SSH key to the OpenSRF working repo. This is the same one that is alread added to the Evergreen working repo:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8xfl59ziRrWxm80VkSebdJk7fAHRz/MhbRCIDOjlHcWvZN2UH7G5lkEHNUfYTLAX/5yI2mVzd/5ag30na4uY0/F6sIZdf7xAGnclzr2TILx7obvWvG57NwO4qkzgiyLocsnwHXmXQo2pkK0+ptzOFLGTT4G48knMB7Gy/LiJ9yUNaUzOrxsNmBHBMypdAfcdoFwm+oOeoaFecw92ZHHE0NT9ZpUYPhAQf0eMZ8m9s6SE5dIyDQAqeNli3SOzQ2/8mqd3fI92rc26aCNdivO26tYEJJxCZUsRUlYQGRVmBDzU0hjD60ZVhoYdF495ZIK7YUCudMDBNzt/xUd0SxM0X <email address hidden>

Revision history for this message
Ken Cox (kenstir) wrote :

Here is a new branch lp483862493_response_is_not_json with a fix.

https://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/kenstir/lp483862493_response_is_not_json

I will append repro steps if I am able to reliably repro this.

tags: added: pu
tags: added: pullrequest
removed: pu
Terran McCanna (tmccanna)
tags: added: cleanup
Revision history for this message
Ken Cox (kenstir) wrote :

I have a reliable way to reproduce the problem, and it requires hacking OSRF.

First, here are ways that don't reproduce it:
* srfsh - srfsh does not repro this problem because the problem is in the JSON gateway.
* kill the query in psql - If you are fast enough to kill a running query using `select pg_cancel_backend(pid)`, the stack trace is not very long, not long enough to trigger the bug.

The problem only occurs when the error message has enough special characters that need quoting.

Here's how I reproduced it:

1. Build and install a custom version of OpenSRF including the attached patch.

2. Perform a query in the browser e.g.:
```
http://192.168.1.4/osrf-gateway-v1?service=open-ils.search&method=open-ils.search.biblio.multiclass.query&param={%22limit%22:200,%22offset%22:0}&param=%22subject:music%20site(CONS)%22&param=1
```

3. Save the response and verify that it is not JSON, e.g. by pasting it into https://jsonformatter.org/json-pretty-print

Revision history for this message
Mike Rylander (mrylander) wrote :

Thanks for the patch, Ken! I've pushed it to all the release branches advertised on the downloads page, as well as master.

Changed in opensrf:
status: New → Fix Committed
Galen Charlton (gmc)
Changed in opensrf:
milestone: none → 3.2.2
Galen Charlton (gmc)
Changed in opensrf:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.