View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000337 | Main CAcert Website | certificate issuing | public | 2006-09-27 01:55 | 2013-01-14 20:33 |
Reporter | Sourcerer | Assigned To | Sourcerer | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2007 | ||||
Summary | 0000337: Race condition in the Database | ||||
Description | First we insert the half-finished row into the database: The problem is that the Communication Module is running asynchronously, and can read the record already when the CSR isn´t written to the file yet, and before the CSR_NAME in the table is set properly. Now the nasty problem is that we have a couple of dependencies here: We first need the insert_id to create the filename. We need the filename to write the CSR to the file We need the file to be loaded by the Communication Module The Communication Module needs the record in the table (and acts upon it as soon as it finds it). For Perl, the CounterFile provides a flexible, rock-solid counter which would solve that problem, but PHP doesn´t have something like that yet. $query = "insert into `emailcerts` set `CN`='$defaultemail', `keytype`='NS', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".$_SESSION['_config']['codesign']."', `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) foreach($addys as $addy) mysql_query("insert into `emaillink` set `emailcertsid`='$emailid', `emailid`='$addy'"); $CSRname = $_SESSION['_config']['filepath']."/csr/client-$emailid.csr"; $fp = fopen($CSRname, "w"); fputs($fp, $emails); fclose($fp); mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
locking the table from read/writes should solve this regardless of language. |
|
I have implemented the following solution in the new CommModule: At first the row is inserted with an empty csr_filename. The Row-ID is used to generate the filename. The file is written to the filename. When everything is ok, the row is updated, and the csr_filename is inserted. The CommModule waits for rows that have the csr_filename not null. The same concept is done in the other direction with the crt_filename. This way, it is a safe and secure solution. The necessary updates are included in the CommModule. Do you want the updates seperated, so that we can do that update now, seperately from the CommModule? |
|
Has been fixed. |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-09-27 01:55 | Sourcerer | New Issue | |
2006-09-27 02:03 | duane | Note Added: 0000689 | |
2006-11-27 13:19 | duane | Status | new => needs work |
2006-11-27 13:19 | duane | Assigned To | => Sourcerer |
2006-11-28 02:57 | Sourcerer | Note Added: 0000739 | |
2007-07-30 21:18 | Sourcerer | Status | needs work => closed |
2007-07-30 21:18 | Sourcerer | Note Added: 0000885 | |
2007-07-30 21:18 | Sourcerer | Resolution | open => fixed |
2007-07-30 21:18 | Sourcerer | Fixed in Version | => production |
2013-01-14 20:33 | Werner Dworak | Fixed in Version | => 2007 |