Commit 6bf1df54 authored by François Grisez's avatar François Grisez

AuthDB: avoid giving empty password list to password cache

Giving an empty list to the password cache corrupts it by adding
a user in the cache without password. Then, the next time
AuthDb calls getCachedPassword() for the same user, VALID_PASS_FOUND
is returned but there is no password returned by the out argument.

This commit adds a protection in cachePassword() that throw an
invalid_argument exception if the given password list is empty.
parent 74a84e5f
......@@ -228,7 +228,7 @@ void SociAuthDB::getPasswordWithPool(const string &id, const string &domain,
stop = steady_clock::now();
SLOGD << "[SOCI] Got pass for " << id << " in " << DURATION_MS(start, stop) << "ms";
cachePassword(createPasswordKey(id, authid), domain, passwd, mCacheExpire);
if (!passwd.empty()) cachePassword(createPasswordKey(id, authid), domain, passwd, mCacheExpire);
if (listener){
listener->onResult(passwd.empty() ? PASSWORD_NOT_FOUND : PASSWORD_FOUND, passwd);
}
......@@ -249,7 +249,7 @@ void SociAuthDB::getPasswordWithPool(const string &id, const string &domain,
SLOGE << "[SOCI] retrying mysql error " << e.err_num_;
retry = true;
}
} catch (exception const &e) {
} catch (const runtime_error &e) {
errorCount++;
stop = steady_clock::now();
SLOGE << "[SOCI] getPasswordWithPool error after " << DURATION_MS(start, stop) << "ms : " << e.what();
......
......@@ -125,6 +125,7 @@ void AuthDbBackend::clearCache() {
}
bool AuthDbBackend::cachePassword(const string &key, const string &domain, const vector<passwd_algo_t> &pass, int expires) {
if (pass.empty()) throw invalid_argument("empty password list");
time_t now = getCurrentTime();
map<string, CachedPassword> &passwords = mCachedPasswords[domain];
unique_lock<mutex> lck(mCachedPasswordMutex);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment