importing assertions in snapd: no errors reported
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Incomplete
|
Undecided
|
Paweł Stołowski | ||
Bug Description
Importing assertion with wrong information in snapd using the /run/snapd.socket interface, no errors are reported, the reply is always "OK" and the assertion is ignored.
Wrong assertions can be done, for example, using `make-system-user` but failing to sign the assertion, using wrong ID, putting wrong information in the command line,... an empty string is considered "OK" as well.
```
curl -sS --unix-socket /run/snapd.socket http://
{"type"
```
Sometimes (for example using wrong -b ID), snapd complains in the system log, but still not in the request.
Only with data in wrong format, i.e. 'HELLO', it complains with "cannot decode request body into assertions: unexpected EOF".
My expectation is that the request should fail with errors and complains about wrong information.
| Paweł Stołowski (stolowski) wrote | #1 |
| Changed in snapd: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in snapd: | |
| assignee: | nobody → Paweł Stołowski (stolowski) |
| Paweł Stołowski (stolowski) wrote | #2 |
| Changed in snapd: | |
| importance: | High → Undecided |
| status: | Triaged → Incomplete |
Indeed, something seems off, we do have error handling (and returning to the client) in the code, but it's not catching some problems.
For example, using the curl reproducer that you provided I can see we're hitting 'if err == io.EOF ...' early in AddStream(r io.Reader) in assertions code and simply end the processing with no errors; we should probably check for valid non-empty body.
Thanks for reporting.