1) Don't actually kill anything with the kill command, otherwise kill(0,
SIGKILL) will kill the fuzzer itself.
2) Don't require a valid signature when authenticating with JWT, since
the private key is generated on each process startup.
3) Log when the JWT would be invalid due to an expired timestamp.
Change-Id: I0da285617e27910329c0e7ed80a6d02e86344ccf
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91737
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
The purpose of the convert() function (without arguments) is to either
return fast in case the type of the JSON value and the argument match or
do a conversion.
We generate this JSON, so we know the JSON type will be always a string
and the argument type will be a size_t, so use the variant that always
does a conversion.
(Additional benefit is that I seem to hit a false alarm with
admin_fuzzer in the old code and it goes away with this change.)
Change-Id: I40851ab3ddd46fb1515ea9f0c9f40d9ec2006de7
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91652
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
This is no longer a huge problem, but it's still a good idea to return
early in that case.
Found with the recently added admin_fuzzer, when I locally disabled the
StringVector safety checks for test purposes.
(If you view the diff with -U30, then you see that we access tokens[2]
later, so if size is < 3, we should give up.)
Change-Id: I46fc531fb042cc1485a17a9e994ad37e9ff0cd80
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91587
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.
The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.
This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)
Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.
Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
removed use of Poco::StringTokenizer from the wsd directory using LOOLProtocol::tokenize and std::vecor<std::string>
Change-Id: Ic50b4d4d71d4ffd005aacf6aef0ed2bfde66d40d
Reviewed-on: https://gerrit.libreoffice.org/82569
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
This is needed so we can use this inside ChildSession.
Change-Id: I88f2cc767412fd52dbb242938f0f9897d4277639
Reviewed-on: https://gerrit.libreoffice.org/63836
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531
rational: setup is easier in case, when user does not use ssl in loolwsd config
Reviewed-on: https://gerrit.libreoffice.org/61076
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
