Ticket #1 (closed enhancement: fixed)

Opened 9 years ago

Last modified 9 years ago

Maintaining, security and debugging enhancement request for zoo kernel

Reported by: soeren Owned by:
Priority: major Milestone:
Component: zoo-kernel Version: 1.0
Keywords: security Cc: soeren

Description

I know that the current release is a proof of concept, so this request is related to the next release, but attached to the current.

While working on GIS GRASS ZOO integration, i faced several issues and obstacles using the zoo-kernel.

  • Parsing wrong commands from command line, or config files with incorrect content, as well as wrong python function bindings resulting in segfaults, which is a kind of frustrating finding errors while attaching new services.
  • There are inconsistencies between the command line interface and the cgi interface for Python services (different number of function arguments -> map, input and output vs. input, output)
  • Massive use of sprintf and strcmp instead of the more secure versions snprintf and strncmp
  • No check of correct memory allocation
  • Missing error messages in case something goes wrong with command line parsing, config file parsing and Python function bindings
  • Mixing C and C++ code (malloc and new operator used in one file)
  • The code need to be re-fractured to split huge functions into smaller parts to reduce redundancy and enhance the stability and maintainability
  • Better indention for better readability and maintainability
  • more issues will be added as new tickets

Hence i have modified several files in zoo-kernel because of security and stability reasons and added additionally debug output. The modification are made in the kernel and the python loader part.

  • Most of the memory allocation is now checked and warnings are printed if memory allocation fails
  • I have replaced sprintf with snprintf when possible
  • I have replaced strcmp with strncmp when possible
  • IMHO wrong memory allocation was fixed
  • Indention style for zoo_loader.c changed for better readability (using indent on Linux)

I may have implemented new bugs while trying to reduce them. :/ So intensive testing is needed.

Patch is attached.

Attachments (1)

ZooKernel.diff (47.7 KB) - added by soeren 9 years ago.

Download all attachments as: .zip

Change History

Changed 9 years ago by soeren

Changed 9 years ago by djay

  • status changed from new to closed
  • resolution set to fixed

Late answer, thanks for your feedbacks.

A modified version of your patch was applied long time ago. Thanks for providding such a welcome help.

I think that since long time, source tree is no more a proof a concept :)

Note: See TracTickets for help on using tickets.

Search

Context Navigation

ZOO Sponsors

http://www.zoo-project.org/trac/chrome/site/img/geolabs-logo.pnghttp://www.zoo-project.org/trac/chrome/site/img/neogeo-logo.png http://www.zoo-project.org/trac/chrome/site/img/apptech-logo.png http://www.zoo-project.org/trac/chrome/site/img/3liz-logo.png http://www.zoo-project.org/trac/chrome/site/img/gateway-logo.png

Become a sponsor !

Knowledge partners

http://www.zoo-project.org/trac/chrome/site/img/ocu-logo.png http://www.zoo-project.org/trac/chrome/site/img/gucas-logo.png http://www.zoo-project.org/trac/chrome/site/img/polimi-logo.png http://www.zoo-project.org/trac/chrome/site/img/fem-logo.png http://www.zoo-project.org/trac/chrome/site/img/supsi-logo.png http://www.zoo-project.org/trac/chrome/site/img/cumtb-logo.png

Become a knowledge partner

Related links

http://zoo-project.org/img/ogclogo.png http://zoo-project.org/img/osgeologo.png