From 5c7fc4dc655b384fcf2e3cc801946e233bdf7d94 Mon Sep 17 00:00:00 2001 From: Simon Thelen Date: Thu, 15 Aug 2024 11:23:48 +0200 Subject: [PATCH] Fix potential race condition leading to nil dereference Split ApproveOrDeny*Limit public functions into a public part which takes a msgCounter and resolves it to a Message using the pendingLimits as before and a private part which takes a *Message and can be called directly from the internal WriteApprovalCallbacks. This removes the need to call FeatureLocalInterface.ApproveOrDenyWrite with an "empty" message when a message is not found in the pendingLimits for ApprovalRequests that don't match the current use case. Fixes #104 --- usecases/cs/lpc/public.go | 21 ++------------------- usecases/cs/lpc/usecase.go | 16 +++++++++++++++- usecases/cs/lpp/public.go | 21 ++------------------- usecases/cs/lpp/usecase.go | 16 +++++++++++++++- 4 files changed, 34 insertions(+), 40 deletions(-) diff --git a/usecases/cs/lpc/public.go b/usecases/cs/lpc/public.go index 156cfeb2..4c6148ae 100644 --- a/usecases/cs/lpc/public.go +++ b/usecases/cs/lpc/public.go @@ -7,7 +7,6 @@ import ( "github.com/enbility/eebus-go/api" "github.com/enbility/eebus-go/features/server" ucapi "github.com/enbility/eebus-go/usecases/api" - spineapi "github.com/enbility/spine-go/api" "github.com/enbility/spine-go/model" "github.com/enbility/spine-go/util" ) @@ -134,29 +133,13 @@ func (e *LPC) ApproveOrDenyConsumptionLimit(msgCounter model.MsgCounterType, app e.pendingMux.Lock() defer e.pendingMux.Unlock() - f := e.LocalEntity.FeatureOfTypeAndRole(model.FeatureTypeTypeLoadControl, model.RoleTypeServer) - - result := model.ErrorType{ - ErrorNumber: model.ErrorNumberType(0), - } - msg, ok := e.pendingLimits[msgCounter] if !ok { - // it is not a limit of this usecase, so approve it - newMsg := &spineapi.Message{ - RequestHeader: &model.HeaderType{ - MsgCounter: &msgCounter, - }, - } - f.ApproveOrDenyWrite(newMsg, result) + // no pending limit for this msgCounter, this is a caller error return } - if !approve { - result.ErrorNumber = model.ErrorNumberType(7) - result.Description = util.Ptr(model.DescriptionType(reason)) - } - f.ApproveOrDenyWrite(msg, result) + e.approveOrDenyConsumptionLimit(msg, approve, reason) delete(e.pendingLimits, msgCounter) } diff --git a/usecases/cs/lpc/usecase.go b/usecases/cs/lpc/usecase.go index 167d75ad..f974a335 100644 --- a/usecases/cs/lpc/usecase.go +++ b/usecases/cs/lpc/usecase.go @@ -103,6 +103,20 @@ func (e *LPC) loadControlServerAndLimitId() (lc *server.LoadControl, limitid mod return lc, *description.LimitId, nil } +func (e *LPC) approveOrDenyConsumptionLimit(msg *spineapi.Message, approve bool, reason string) { + f := e.LocalEntity.FeatureOfTypeAndRole(model.FeatureTypeTypeLoadControl, model.RoleTypeServer) + + result := model.ErrorType{ + ErrorNumber: model.ErrorNumberType(0), + } + + if !approve { + result.ErrorNumber = model.ErrorNumberType(7) + result.Description = util.Ptr(model.DescriptionType(reason)) + } + f.ApproveOrDenyWrite(msg, result) +} + // callback invoked on incoming write messages to this // loadcontrol server feature. // the implementation only considers write messages for this use case and @@ -145,7 +159,7 @@ func (e *LPC) loadControlWriteCB(msg *spineapi.Message) { e.pendingMux.Unlock() // approve, because this is no request for this usecase - go e.ApproveOrDenyConsumptionLimit(*msg.RequestHeader.MsgCounter, true, "") + go e.approveOrDenyConsumptionLimit(msg, true, "") } func (e *LPC) AddFeatures() { diff --git a/usecases/cs/lpp/public.go b/usecases/cs/lpp/public.go index 29bb175a..15d47df2 100644 --- a/usecases/cs/lpp/public.go +++ b/usecases/cs/lpp/public.go @@ -7,7 +7,6 @@ import ( "github.com/enbility/eebus-go/api" "github.com/enbility/eebus-go/features/server" ucapi "github.com/enbility/eebus-go/usecases/api" - spineapi "github.com/enbility/spine-go/api" "github.com/enbility/spine-go/model" "github.com/enbility/spine-go/util" ) @@ -134,29 +133,13 @@ func (e *LPP) ApproveOrDenyProductionLimit(msgCounter model.MsgCounterType, appr e.pendingMux.Lock() defer e.pendingMux.Unlock() - f := e.LocalEntity.FeatureOfTypeAndRole(model.FeatureTypeTypeLoadControl, model.RoleTypeServer) - - result := model.ErrorType{ - ErrorNumber: model.ErrorNumberType(0), - } - msg, ok := e.pendingLimits[msgCounter] if !ok { - // it is not a limit of this usecase, so approve it - newMsg := &spineapi.Message{ - RequestHeader: &model.HeaderType{ - MsgCounter: &msgCounter, - }, - } - f.ApproveOrDenyWrite(newMsg, result) + // no pending limit for this msgCounter, this is a caller error return } - if !approve { - result.ErrorNumber = model.ErrorNumberType(7) - result.Description = util.Ptr(model.DescriptionType(reason)) - } - f.ApproveOrDenyWrite(msg, result) + e.approveOrDenyProductionLimit(msg, approve, reason) delete(e.pendingLimits, msgCounter) } diff --git a/usecases/cs/lpp/usecase.go b/usecases/cs/lpp/usecase.go index 1f916a05..9d8a6d64 100644 --- a/usecases/cs/lpp/usecase.go +++ b/usecases/cs/lpp/usecase.go @@ -102,6 +102,20 @@ func (e *LPP) loadControlServerAndLimitId() (lc *server.LoadControl, limitid mod return lc, *description.LimitId, nil } +func (e *LPP) approveOrDenyProductionLimit(msg *spineapi.Message, approve bool, reason string) { + f := e.LocalEntity.FeatureOfTypeAndRole(model.FeatureTypeTypeLoadControl, model.RoleTypeServer) + + result := model.ErrorType{ + ErrorNumber: model.ErrorNumberType(0), + } + + if !approve { + result.ErrorNumber = model.ErrorNumberType(7) + result.Description = util.Ptr(model.DescriptionType(reason)) + } + f.ApproveOrDenyWrite(msg, result) +} + // callback invoked on incoming write messages to this // loadcontrol server feature. // the implementation only considers write messages for this use case and @@ -145,7 +159,7 @@ func (e *LPP) loadControlWriteCB(msg *spineapi.Message) { e.pendingMux.Unlock() // approve, because this is no request for this usecase - go e.ApproveOrDenyProductionLimit(*msg.RequestHeader.MsgCounter, true, "") + go e.approveOrDenyProductionLimit(msg, true, "") } func (e *LPP) AddFeatures() {