Skip to content

oauth: Fix race in OIDC token retrieval #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 31, 2022
Merged

oauth: Fix race in OIDC token retrieval #99

merged 3 commits into from
May 31, 2022

Conversation

tetsuo-cpp
Copy link
Contributor

Closes #96

@tetsuo-cpp
oauth: Fix race in OIDC token retrieval
881ccbb 
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
@tetsuo-cpp tetsuo-cpp requested a review from woodruffw May 31, 2022 14:39
@tetsuo-cpp
oauth: Fix lint
42384ac 
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
@tetsuo-cpp
Copy link
Contributor Author

tetsuo-cpp commented May 31, 2022
edited
Loading

The issue is that sometimes the browser requests /favicon.ico after we handle the auth response. That code path doesn't seem to mutate the auth response but it does modify other fields in the server object as the main thread is reading the auth response. It's not 100% clear to me why that causes the auth response to get corrupted since I would have thought that the GIL prevents a torn write.

woodruffw
woodruffw reviewed May 31, 2022
View reviewed changes
sigstore/_internal/oidc/oauth.py Outdated
# If the auth response has already been populated, the main thread will be stopping this
# thread and accessing the auth response shortly so we should stop servicing any requests.
if not server.active:
return
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return None here and below? I'm surprised our linting tools don't enforce this...

@woodruffw
Copy link
Member

Nice debugging! Yeah, that's an interesting error case. I believe the GIL unfortunately does not prevent write tearing -- it really only protects the integrity of the interpreter itself 😞

di
di previously approved these changes May 31, 2022
View reviewed changes
@woodruffw
oidc/oauth: return None
a39b2c7 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw merged commit 2666db1 into main May 31, 2022
@woodruffw woodruffw deleted the alex/oidc-race branch May 31, 2022 17:05
javanlacerda pushed a commit to javanlacerda/sigstore-python that referenced this pull request Feb 23, 2024
@steiza
Make it easier to run verification test locally (sigstore#100)
2a930eb 
* Make it easier to run verification test locally

For sigstore#99

If you're only testing verification use-cases locally, you don't need
the OIDC JWT.

Signed-off-by: Zach Steindler <steiza@github.com>

* Nicer error message for not providing arguments

```
sigstore-conformance$ pytest test --entrypoint /Users/steiza/code/steiza/sigstore-conformance/sigstore-python-conformance
Please specify one of '--github-token' or '--skip-signing'
sigstore-conformance$ echo $?
3
```

Signed-off-by: Zach Steindler <steiza@github.com>

---------

Signed-off-by: Zach Steindler <steiza@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

@di di di left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OAuth flow: intermittent 400 errors
3 participants
@tetsuo-cpp @woodruffw @di