New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sentinel 2pc controller bug fixes #151
Sentinel 2pc controller bug fixes #151
Conversation
a0a5cd1
to
69eb59d
Compare
@mszulcz-mitre this has a very minimal merge conflict with |
69eb59d
to
53efae3
Compare
@metalicjames when you have a chance to review this, I'd love a second set of eyes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should add a unit test for the potential underflow case, then I think it's good to merge.
Previously, sentinel_2pc::controller would incorrectly calculate the upper bound of the sentinel ID distribution if the number of sentinel clients was 0. The incorrect calculation was due to casting a negative number to an unsigned int. As a result of this error, the sentinel IDs taken from the distribution could exceed the range of the possible sentinel IDs, which could lead to a non-existent element access when a bad ID was used as an index to a vector. Signed-off-by: Michael L. Szulczewski <mszulczewski@mitre.org>
sentinel_2pc::controller allows the sentinel ID to exceed the number of sentinels, which causes a non-existent element access (see GitHub Issue mit-dci#140). This commit checks for that condition and throws an error if it's true. It also adds a unit test to confirm that the code behaves correctly after the fix. Signed-off-by: Michael L. Szulczewski <mszulczewski@mitre.org>
Check that the number of required attestations doesn't exceed the number of sentinels that can provide them. Also add a unit test to confirm that the check works. Signed-off-by: Michael L. Szulczewski <mszulczewski@mitre.org>
Previously, the init() method of the 2PC sentinel controller would exhibit a non-existent element access if no sentinel endpoints were defined. With this commit, the code now checks that at least one endpoint is defined and logs an error if it's not. Signed-off-by: Michael L. Szulczewski <mszulczewski@mitre.org>
53efae3
to
99116fc
Compare
I modified the code to avoid the possibility of underflow. For clarity, I added another check to confirm that at least one sentinel endpoint is defined and I added a related unit test too. |
@HalosGhost It looks like James approved the changes I made in response to his review. Would you like me to do anything more for this pull request? |
Sorry for the delay; I've finally had a chance to walk through the code locally and test it. Tested ACK. All these changes eliminate several failure points and do so minimally. Looks good to me. |
This PR addresses the bugs identified in Issue #140 and Issue #141. The bug fixes and associated unit tests are the same as those described in the issues.