Bug 1258641

Summary: Malformed JSON can cause API process crash
Product: OpenShift Container Platform Reporter: Jordan Liggitt <jliggitt>
Component: NodeAssignee: Jordan Liggitt <jliggitt>
Status: CLOSED ERRATA QA Contact: Ma xiaoqiang <xiama>
Severity: high Docs Contact:
Priority: high    
Version: 3.0.0CC: aos-bugs, bleanhar, jokerman, mmccomas, pruan, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openshift-3.0.1.0-1.git.529.dcab62c.el7ose Doc Type: Bug Fix
Doc Text:
Cause: Improper error handling in the API server. Consequence: Malformed JSON payloads could cause the process to crash. Fix: Properly handle failure cases. Result: Admins must update to the latest RPMs to received this fix. Technically only the master RPM needs to be updated.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-03 18:48:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1259867    

Description Jordan Liggitt 2015-08-31 21:18:28 UTC 
Description of problem:
https://github.com/openshift/origin/issues/4374

Applies to 3.0.1

Env
---
~~~
# openshift version
openshift v1.0.5-27-g2cc96dc
kubernetes v1.1.0-alpha.0-1605-g44c91b1

# go version
go version go1.4.2 linux/amd64
~~~

Issue:
---
- We can kill OpenShift process by sending request with invalid json file.
- Please see following steps.

Reproduce steps
---

step-1. Start openshift origin with standalone mode, and create route and docker-registry. (Followed with [here](https://github.com/nak3/openshift-local-setup))

step-2. Send invalid json file by my [origin-killer.json](https://gist.githubusercontent.com/nak3/23de3850fd3abf5ed038/raw/eba398a3e778459ca21ff8f60371e708566f7950/origin-killer.json
)
~~~
[root@localhost ~]# oc create -f https://gist.githubusercontent.com/nak3/23de3850fd3abf5ed038/raw/eba398a3e778459ca21ff8f60371e708566f7950/origin-killer.json
imagestream "sti-python" created
Unable to connect to the server: EOF
The connection to the server 192.168.122.27:8443 was refused - did you specify the right host or port?
The connection to the server 192.168.122.27:8443 was refused - did you specify the right host or port?
~~~

step-3. You can see go panic and stop the OpenShift process

The log is here: https://kenjiro.fedorapeople.org/misc/logs/origin.log (Too long, please check from the bottom.)






Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Jordan Liggitt 2015-08-31 21:18:51 UTC 
Fixed in origin in https://github.com/openshift/origin/pull/4416
Comment 2 Jordan Liggitt 2015-08-31 21:20:12 UTC 
This is a candidate for backporting to 3.0.1
Comment 7 Ma xiaoqiang 2015-09-02 01:59:05 UTC 
QE check on release version and latest puddle [2015-09-01.1]

scenario 1: check on release version
1. start openshift
#openshift start --loglevel=4 --hostname=openshift-123.lab.eng.nay.redhat.com
2. create app from invalid json
# oc create -f https://gist.githubusercontent.com/nak3/23de3850fd3abf5ed038/raw/eba398a3e778459ca21ff8f60371e708566f7950/origin-killer.json
imagestreams/sti-python
deploymentconfigs/sti-python
services/sti-python
The BuildConfig "sti-python" is invalid:
* triggers[2].type: invalid value 'ConfigChange': invalid trigger type
* spec.strategy.stiStrategy: required value

3. check the process
the openshift process is running


scenario 2: check on latest puddle [2015-09-01.1]
1, create app from invalid json
$  oc create -f https://gist.githubusercontent.com/nak3/23de3850fd3abf5ed038/raw/eba398a3e778459ca21ff8f60371e708566f7950/origin-killer.json
imagestreams/sti-python
deploymentconfigs/sti-python
services/sti-python
The BuildConfig "sti-python" is invalid:
* triggers[2].type: invalid value 'ConfigChange': invalid trigger type
* spec.strategy.stiStrategy: required value

2. create an app from template
 oc new-app nodejs-example

The service works fine. 
QE can not reproduced this issue on OSE.
Comment 9 errata-xmlrpc 2015-09-03 18:48:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1736