Project

General

Profile

Bug #6304

Updated by Tom Clegg over 5 years ago

Node.dns_server_update() in source:services/api/app/models/node.rb is currently vulnerable to the following race (fixable by using a tempfile library): 
 * Request handler A writes hostname.conf.tmp. 
 * Request handler B opens hostname.conf.tmp for writing. 
 * Request handler A issues the move command. 

 Catch only the expected exceptions on the various write and update operations (IOError and SystemCallError?), not unexpected ones. 

 A "dns update with dir configured, but no command configured" test should assert that the command file was not written after calling dns_server_update 

Back