[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54723] [PATCH] Check URI when verifying narinfo validity.
|
From: |
Guillaume Le Vaillant |
|
Subject: |
[bug#54723] [PATCH] Check URI when verifying narinfo validity. |
|
Date: |
Mon, 11 Apr 2022 13:31:31 +0000 |
Guillaume Le Vaillant <glv@posteo.net> skribis:
> There are 2 errors that occur a lot in the guix-publish log files:
>
> - "In procedure fport_write: Broken pipe"
> It happens when trying to write to a socket apparently.
>
> - "In procedure sign: gcrypt: Cannot allocate memory"
> The machine has 64 GiB of RAM, of which at least 50 GiB is free, so
> gcrypt should have enough to make a signature...
I captured the network traffic between the "guix publish" server and
a "guix upgrade" client to see if the "broken pipe" errors could
come from real networking issues.
According to wireshark the problem doesn't come from there, the TCP
stream didn't have any error.
However, looking at the full TCP stream in wireshark I saw that the
"guix publish" server sends some bad narinfo responses.
Sometimes some parts of the response are missing (here, Signature
incomplete, URL and Compression fields missing):
--8<---------------cut here---------------start------------->8---
HTTP/1.1 200 OK
Content-Length: 959
Content-Type: application/x-nix-narinfo;charset=UTF-8
StorePath:
/gnu/store/dxpaqmix7zixm8pwcvvmq8q969q50jpp-pngload-2.0.0-2.91f1d70-checkout
NarHash: sha256:0s94fdbrbqj12qvgyn2g4lfwvz7qhhzbclrpz5ni7adwxgrmvxl1
NarSize: 245224
References:
Deriver: ybdimrfjs090kzmimf5j1x5hs8y4d24p-pngload-2.0.0-2.91f1d70-checkout.drv
Signature:
1;kitej;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogIChoYXNoIHNoYTI1NiAjNDY3NDk2RTJEOTZBMzc0QzFGN0M1MzJCNjc3MTM1NzVFOTkyRjQ0Qzc3MzQwRDUwQTcyRTkyMDJGRURDQkQxMyMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjMDZEQTAwMkQyNjE3MEQ3ODVDNkM3NkMyMUEwM0UzNDlCMkUwMDc4MTUyQzFBQURFNjhFMEZGOUJDRkUyMUFDNSMpCiAgIChzICMwNjNDM0UyNjg2MEU2OTIzNDdEMjNGNTQ4RUM3RDJGRUZGQjc0Q0I4NjNEMjlDMUE3QjA4REFCQjEzQjZDRjAxIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIC
--8<---------------cut here---------------end--------------->8---
Sometimes the response looks like almost complete garbage:
--8<---------------cut here---------------start------------->8---
HTTP/1.1 200 OK
Content-Length: 970
Content-Type: application/x-nix-narinfo;charsetcharsetHTTP/=UTF-8
1
1
1
.S
--8<---------------cut here---------------end--------------->8---
When the client receives these bad narinfos, it often makes it crash
with errors like:
- Wrong type (expecting exact integer): #f
- unmatched line "1\r"
- Wrong type argument in position 1 (expecting pair): ()
So it looks like the broken pipe problem comes from the "guix publish"
server, or from Guile... And making the code reconstructing narinfos
from HTTP responses more robust in case of bad input would be useful.
signature.asc
Description: PGP signature
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/05
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Ludovic Courtès, 2022/04/05
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/05
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Ludovic Courtès, 2022/04/09
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/09
- [bug#54723] [PATCH] Check URI when verifying narinfo validity.,
Guillaume Le Vaillant <=
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Ludovic Courtès, 2022/04/12
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/12
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/14
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Ludovic Courtès, 2022/04/18
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Guillaume Le Vaillant, 2022/04/20
- [bug#54723] [PATCH] Check URI when verifying narinfo validity., Ludovic Courtès, 2022/04/29