letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Copy authz.challenges to fix data race. (#3520) 

This race was uncovered by running the load generator as part of our CI.

Also, update ra_test.go. It was previously testing that the returned authz
and the stored authz should be identical, which is not actually a property
of UpdateAuthorization; in general, they will not be identical.
This commit is contained in:
Jacob Hoffman-Andrews 2018-03-03 09:19:56 -08:00 committed by GitHub
parent fded62c183
commit 2d1d895da1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ra/ra.go
View File

@ -1487,6 +1487,13 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, ba
vaCtx := context.Background()
go func(authz core.Authorization) {
// We will mutate challenges later in this goroutine to change status and
// add error, but we also return a copy of authz immediately. To avoid a
// data race, make a copy of the challenges slice here for mutation.
challenges := make([]core.Challenge, len(authz.Challenges))
copy(challenges, authz.Challenges)
authz.Challenges = challenges
records, err := ra.VA.PerformValidation(vaCtx, authz.Identifier.Value, authz.Challenges[challengeIndex], authz)
var prob *probs.ProblemDetails
if p, ok := err.(*probs.ProblemDetails); ok {

13
ra/ra_test.go
View File

@ -950,17 +950,18 @@ func TestUpdateAuthorizationNewRPC(t *testing.T) {
t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete")
}
// Verify that returned authz same as DB
dbAuthz, err := sa.GetAuthorization(ctx, authz.ID)
test.AssertNotError(t, err, "Could not fetch authorization from database")
assertAuthzEqual(t, authz, dbAuthz)
// Verify that the VA got the authz, and it's the same as the others
assertAuthzEqual(t, authz, vaAuthz)
// Sleep so the RA has a chance to write to the SA
time.Sleep(100 * time.Millisecond)
dbAuthz, err := sa.GetAuthorization(ctx, authz.ID)
test.AssertNotError(t, err, "Could not fetch authorization from database")
// Verify that the responses are reflected
test.Assert(t, len(vaAuthz.Challenges) > 0, "Authz passed to VA has no challenges")
test.Assert(t, authz.Challenges[ResponseIndex].Status == core.StatusValid, "challenge was not marked as valid")
test.Assert(t, dbAuthz.Challenges[ResponseIndex].Status == core.StatusValid, "challenge was not marked as valid")
}
func TestCertificateKeyNotEqualAccountKey(t *testing.T) {