Server segfaults on `parse_url` #139

korydraughn · 2023-11-04T12:16:54Z

Bug Report

I attempted to reach the /authenticate endpoint by typing the URL in Google Chrome and before I got the prompt, the server crashed with the following.

[2023-11-04 08:12:16.669] [P:2566900] [error] [T:2566985] parse_url: curl_url_get(CURLUPART_QUERY) error: 16
Segmentation fault (core dumped)

Below is what I typed in the browser.

http://localhost:9000/irods-http-api/0.1.0/authenticate

The text was updated successfully, but these errors were encountered:

korydraughn · 2023-11-04T14:19:44Z

This was caused by my config not having appropriate OIDC settings defined. The implementation currently relies on a GET request as part of the OIDC flow.

If we want to allow users to authenticate using Basic auth in a browser, we'll need to adjust how the HTTP API handles OIDC. Perhaps an op param can be introduced or a separate endpoint.

trel · 2023-11-04T14:37:50Z

So we definitely need to put bumpers on that use case (missing config items).

A separate endpoint might be easier / separate the concerns.

This commit makes it so that the server only runs OIDC authentication code paths when the OIDC stanza is present. Before this commit, the server would crash when the following was true: - The configuration file did not contain an OIDC stanza. - A user sent a GET request to the /authenticate endpoint. The server crashed because the GET logic of the endpoint handled a special OIDC case.

korydraughn · 2024-01-10T19:24:39Z

Supporting authentication using the following syntax is not a requirement of the HTTP API.

http://<username>:<password>@localhost:9000/irods-http-api/0.1.0/authenticate

For that reason, this issue has been resolved since attempting to do what's described in this issue no longer results in the server crashing.

korydraughn · 2024-01-10T19:28:47Z

Need to add tests for this.

…entication.

korydraughn added the bug Something isn't working label Nov 4, 2023

korydraughn added this to the 0.1.0 milestone Nov 4, 2023

korydraughn self-assigned this Nov 4, 2023

korydraughn modified the milestones: 0.1.0, 0.2.0 Nov 4, 2023

mstfdkmn mentioned this issue Dec 15, 2023

authenticate endpoint doesnt handle wrong request method (GET) #165

Closed

korydraughn closed this as completed Jan 10, 2024

korydraughn reopened this Jan 10, 2024

korydraughn added a commit to korydraughn/irods_client_http_api that referenced this issue Jan 12, 2024

[irods#139,irods#165] Return 405 when HTTP GET is used for basic auth…

1747da2

…entication.

alanking pushed a commit that referenced this issue Jan 12, 2024

[#139,#165] Return 405 when HTTP GET is used for basic authentication.

efe4043

korydraughn closed this as completed Jan 12, 2024

ll4strw mentioned this issue Jan 25, 2024

OIDC confidential access type and Authorization Code Grant #235

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Server segfaults on `parse_url` #139

Server segfaults on `parse_url` #139

korydraughn commented Nov 4, 2023

korydraughn commented Nov 4, 2023 •

edited

Loading

trel commented Nov 4, 2023

korydraughn commented Jan 10, 2024

korydraughn commented Jan 10, 2024

Server segfaults on parse_url #139

Server segfaults on parse_url #139

Comments

korydraughn commented Nov 4, 2023

Bug Report

korydraughn commented Nov 4, 2023 • edited Loading

trel commented Nov 4, 2023

korydraughn commented Jan 10, 2024

korydraughn commented Jan 10, 2024

Server segfaults on `parse_url` #139

Server segfaults on `parse_url` #139

korydraughn commented Nov 4, 2023 •

edited

Loading