Once unit-bad-doc-load completes (with success in exitTest()), sometimes
we have an error during shutdown.
The reason seems to be that ClientSession::onDisconnect() calls
DocumentBroker::removeSession(), which may delete the ClientSession, so
by time time isCloseFrame() is called, we have trouble.
Fix the problem by keeping a reference to self before calling
removeSession().
Change-Id: If5b409822563ba5a45d453329516671065d8f054
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90681
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
It took both an std::string and a length. Take a char* and a length
instead.
Change-Id: Id37dfa67fe1baae09b69819680848a0a8a1d80ed
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90552
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
But opening a second document now hangs.
Sigh, the plumbing in the mobile apps is so extremely fragile. But
that is to be expected when turning a multi-process structure (where
one class of processes exit as soon as they have done their job) into
a single process running forever.
Change-Id: I0fdb751f44e16efb42843189969e049bf14816f0
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90443
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Essentially we want to be able to separate low-level socket code
for eg. TCP vs. UDS, from Protocol handling: eg. WebSocketHandler
and client sessions themselves which handle and send messages
which now implement the simple MessageHandlerInterface.
Some helpful renaming too:
s/SocketHandlerInterface/ProtocolHandlerInterface/
Change-Id: I58092b5e0b5792fda47498fb2c875851eada461d
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90138
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Allows comparing tokens with C strings without a heap allocation. Do the
same when comparing two tokens from two different StringVectors.
And use it at all places where operator ==() has an argument, which is a
StringVector::operator []() result.
Change-Id: Id36eff96767ab99b235ecbd12fb14446a3efa869
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90201
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Sometimes it is very useful to have one "lokit" process,
to focus on a 100% reproducible bug, and not worry
that server pre-spawn several processes.
Change-Id: I414a8145b53a0601a282cba9c245833f5d07f404
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89999
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Henry Castro <hcastro@collabora.com>
Probably these were just not adapted by accident in commit
f70e627795 (WebSocket - simplify
handleMessage for now., 2020-03-05).
Change-Id: I578d95d938c0c466e9547dcda3d2b297dc347a34
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90076
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
WebSocketHandler handles this complexity for us now, and for the
forseeable future. Simplify to prepare for larger re-factor.
Change-Id: I73b919885adc358cb6502a13492cdac85c34459c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90059
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
All the code that is using them is compiled out on Android anyway.
Change-Id: Ica349135202211ecdcb095bb82aa677f2dee19ba
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89714
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
This is meant to reduce lots of small allocations and instead have
pointers into the single string for the various tokens instead.
This has a few requirements, though:
1) It's no longer OK to modify the tokens, changing their length would
invalidate the start/length of other tokens. Rework
DocumentBroker::load() to avoid such mutation.
2) The iterators no longer expose zero-terminated strings, so
Poco::cat() doesn't work anymore: add an own cat() instead and use that
in e.g. ChildSession. The own cat() has the benefit that it won't read
past the end of the array if the begin index is out of bounds to add
more safety.
(This nicely works towards killing Poco usage in general.)
3) If zero-terminated strings for all individual tokens is needed, a
copy has to be made, as done in spawnProcess().
(For all of these requirements, the build fails if there are problems.)
Change-Id: Iea40e4400e630b2d669f5c72aea85cb40edf9a2c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89711
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.
The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.
This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)
Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.
Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
==15956==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007cd2f7 bp 0x7ffe96c7cd70 sp 0x7ffe96c7c4e8 T0)
...
#7 0x11a9d31 in ClientSession::filterMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const wsd/ClientSession.cpp:977:27
#8 0x11925d6 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:741:14
#9 0x19395d0 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13
This seems to be a recurring pattern, I'll consider reworking
LOOLProtocol::tokenize() in a follow-up commit to have a return value
that is safer than std::vector<std::string>.
Change-Id: I0e71214a55af2e71e4787cb0dba0ddf7825bf9d9
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89637
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Instead of using the data of rolling average, using original data would
reflect the real network traffic.
Change-Id: I3f5a277b6ee8e7d760f5623eb4aae9f6c999e10f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89494
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Termination flag is a very harsh way of exiting.
It works in most cases, but not when we have a
modified document. What happens is the following:
Unit-test flags for termination.
During session cleanup we have to save the modified doc.
Because save is in progress we don't 'disconnect' the view.
This leaves the view in loaded state until saving is done.
But because of the termination flag we don't wait for saving.
DocBroker sends 'exit' to child to forcefully exit.
This causes at least one assertion due to active LOKWindows (Sidebar).
Instead of the above, we flag for graceful shutdown from unittests,
and after we wait to cleanup all DocBrokers, we flag for termination.
This way, we get clean shutdown and all assertions/validations
pass, while we guarantee never to deadlock the unittests,
in case we end up waiting forever for shutdown to complete.
Change-Id: I7fc34137ea373e329795b1ed0090261c085e955a
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89308
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
on a fresh openSUSE Leap 15.1 I got errors without this:
wsd/AdminModel.hpp:346:10: error: ‘list’ in namespace ‘std’ does not name a template type
std::list<unsigned> _memStats;
^~~~
etc.
Change-Id: I19c42bd48bbcc0787a3398d1882c974ebf5bdf81
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89298
Tested-by: Andras Timar <andras.timar@collabora.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
- target ClientSession::_handleInput(), since crashing there would bring
down the whole loolwsd (not just a kit process), and it deals with
input from untrusted users (browsers)
- add a --enable-fuzzers configure switch to build with
-fsanitize=fuzzer (compared to normal sanitizers build, this is the only
special flag needed)
- configuring other sanitizers is not done automatically, either use
--with-sanitizer=... or the environment variables from LODE's sanitizer
config
- run the actual fuzzer like this:
./clientsession_fuzzer -max_len=16384 fuzzer/data/
- note that at least openSUSE Leap 15.1 sadly ships with a clang with
libfuzzer static libs removed from the package, so you need a
self-built clang to run the fuzzer (either manual build or one from
LODE)
- <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed>
suggests that "You should aim for at least 1,000 exec/s from your fuzz
target locally" (i.e. one run should not take more than 1 ms), so try
this minimal approach first. The alternative would be to start from the
existing loolwsd_fuzzer binary, then step by step cut it down to not
fork(), not do any network traffic, etc -- till it's fast enough that
the fuzzer can find interesting input
- the various configurations start to be really complex (the matrix is
just very large), so try to use Util::isFuzzing() for fuzzer-specific
changes (this is what core.git does as well), and only resort to ifdefs
for the Util::isFuzzing() itself
Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
For better performance, many comment boxes reduce performance in
browser.
Change-Id: If041c3d147ee7512d90f41a4a1bfe7a1ff8646a9
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89065
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
It seems that Poco returns 3-byte public exponent (0x010001) as
3-element vector, and MS CAPI blob must include 4-byte exponent
In Poco code (Crypto/src/RSAKeyImpl.cpp), its convertToByteVec
uses OpenSSL's BN_bn2bin, which returns big-endian byte order
(see OpenSSL's crypto/bn/bn_lib.c). That is returned from Poco's
RSAKey::modulus() and RSAKey::*Exponent() unchanged, so treat
them accordingly.
Change-Id: I37f5fb9a310d42c7f346429c39611b25dd5bba2f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88989
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Also access token is already passes decoded to GetProofHeaders,
so don't decode it second time.
Change-Id: I7c4404462a9dd9f53e4e82684b1fcae1aeecee73
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88736
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
I need this to better control the byte order of values in the proof
Change-Id: I8a21c20af4cc3157c893d870f73cc2afa7910ff4
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88076
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Effectively both approaches were doing the same thing, let's unify to
the iOS way to minimize the platform-specific code.
Change-Id: I11290410a536c26db054ffcb87e3b64cc2a11c07
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/84589
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Cookies may be passed from the client to the storage,
in which case each user may have its own unique set
of cookies. These cookies are now preserved in the
ClientSession, which is per connection, and are then
passed to the storage to use when communicating with
the WOPI-like backend.
(cherry picked from commit 6022faf3cc9b622b490c3f8ca91efbff8e542414)
Change-Id: Ic2e13fa541a5ee01b7383939bbbf7d46ea75684b
This is not needed, the commandline to run the test is printed on
failure.
Change-Id: Ia4da4344ede4ad8c1627a5560f1bc1264f4203c7
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87288
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Don't just rename the variable, also make sure we get the FD before we
reset our local reference to it.
Change-Id: I676f148874831eaf9f37bdcde1216c58f89229e5
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87244
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Particularly printing it on the console, and passing it to the kit.
Change-Id: I158f97b7b219c44c885939d71af2e5e8283be4c2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87227
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
When trying to open a link normally from help->Online help
nothing happens but the popup is closed.
When trying to open a like forcefully in new tab
from help->online help it crashes the server.
Change-Id: I7e0944ebe521002625a84e155e379ed7e25d2309
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/85466
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
The problem is that both the DocBrokers map and the instance returned by
Admin::instance() are static, so there it's not safe to assume that by
the time the DocumentBroker dtor runs, the static Admin instance is
still alive. Still, the DocumentBroker dtor calls Admin::instance().
Fix this by clearing the DocBrokers map in LOOLWSD::cleanup(), which is
used exactly to destroy statics in a controlled order.
Sanitizers output was:
wsd/DocumentBroker.cpp:497:23: runtime error: member call on address 0x0000024a5ba0 which does not point to an object of type 'Admin'
0x0000024a5ba0: note: object is of type 'SocketPoll'
00 00 00 00 50 21 45 01 00 00 00 00 b8 5b 4a 02 00 00 00 00 05 00 00 00 00 00 00 00 61 64 6d 69
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'SocketPoll'
#0 0xa10af3 in DocumentBroker::~DocumentBroker() wsd/DocumentBroker.cpp:497:23
...
#17 0x7fa27622ddc9 in exit (/lib64/libc.so.6+0x38dc9)
#18 0x7fa276215f90 in __libc_start_main (/lib64/libc.so.6+0x20f90)
#19 0x670189 in _start /home/abuild/rpmbuild/BUILD/glibc-2.26/csu/../sysdeps/x86_64/start.S:120
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior wsd/DocumentBroker.cpp:497:23 in
(Seen during make check CPPUNIT_TEST_NAME="unit-each-view".)
Change-Id: I02ad44deb9de06d9973216428c640248ea2512ce
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87174
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>