Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-57727

Race conditions in x509_invalid.js

    • Fully Compatible
    • ALL
    • v5.0, v4.4, v4.2, v4.0
    • Security 2021-07-12
    • 49

      In SERVER-55797 a following race condition was fixed in x509_invalid.js: 'No verified subject name available from client' could be emitted by mongod after assert.eq(!shouldSucceed, rawMongoProgramOutput().includes(...) check.

      There are two more race conditions which should be addressed:

      1. 'No verified subject name available from client' message from previous testClient(...) could be emitted after clearRawMongoProgramOutput(). This is likely what caused BF-21145

      2. when 'No verified subject name available from client' message arrives late for assert.eq(!shouldSucceed, rawMongoProgramOutput().includes(...) check, it will be picked up for positive tests, as assert.soon() will wait for it to appear. However, it will not be picked up for negative tests, because assert.soon will see no message, happily exit, and the message will show after.

      We need to refactor x509_invalid.js in following way:

      • every test should spawn a separate mongod
      • checkLog should be used so that it ties to an individual mongod, and therefore messages from one test would not contaminate the other test
      • assert.soon should be checking for both successful auth and failed auth. This way we could exit immediately after it fails or succeeds and not have to spin forever
      • perhaps reduce the default 5 min wait time to 30 sec or so
      • disable hang analyzer
      • also perhaps get rid of assert in runMongoProgram script, as it is confusing to see an assert in the test which does not indicate that there was an actual test fail

            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            0 Vote for this issue
            2 Start watching this issue