From: Remi Gacogne Date: Mon, 31 Mar 2025 09:10:34 +0000 (+0200) Subject: dnsdist: Fix a TOCTOU in the Async regression tests X-Git-Tag: dnsdist-2.0.0-alpha2~103^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c313b04cd2bbd5c9ed189c4a26260cbb056bb48;p=thirdparty%2Fpdns.git dnsdist: Fix a TOCTOU in the Async regression tests The existing code was catching all exceptions based on `OSError` raised by a call to `os.unlink()` , and re-throwing if the file actually existed, in an attempt to only ignore the case where the file did not exist and still fail if the process did not have enough rights to remove it, for example. Unfortunately this construct introduced a TOCTOU issue, where the initial exception might have been raised because the file did not exist at the time of the call, resulting in a `FileNotFoundError` exception being raised, but had been created before the existence check, resulting in a puzzling message: ``` ready: 8/8 workersException in thread Asynchronous Responder: Traceback (most recent call last): File "/usr/lib/python3.13/threading.py", line 992, in run self._target(*self._args, **self._kwargs) ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/pdns/regression-tests.dnsdist/test_Async.py", line 17, in AsyncResponder os.unlink(listenPath) ~~~~~~~~~^^^^^^^^^^^^ 8 workers [816 items] ``` The new code only catches `FileNotFoundError` instead, so that other errors are still causing a failure without needing a second check. --- diff --git a/regression-tests.dnsdist/test_Async.py b/regression-tests.dnsdist/test_Async.py index 474340bdf4..342ec680e6 100644 --- a/regression-tests.dnsdist/test_Async.py +++ b/regression-tests.dnsdist/test_Async.py @@ -15,9 +15,8 @@ def AsyncResponder(listenPath, responsePath): # Make sure the socket does not already exist try: os.unlink(listenPath) - except OSError: - if os.path.exists(listenPath): - raise + except FileNotFoundError: + pass sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) try: