search

go-fed / activity

ActivityStreams & ActivityPub in golang, oh my!
BSD 3-Clause "New" or "Revised" License
702 stars 111 forks source link

sha256 panic when go-fed requests one of its own pages #114

Closed BenLubar closed 5 years ago

BenLubar commented 5 years ago

Pretty sure this is a bug in the Go standard library, but I'll post it here first just in case:

panic: d.nx != 0

goroutine 307 [running]:
crypto/sha256.(*digest).checkSum(0xc00056fac8, 0x0, 0x0, 0x0, 0x0)
       /usr/local/go/src/crypto/sha256/sha256.go:253 +0x1ef
crypto/sha256.(*digest).Sum(0xc0001e3600, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00053a1e0)
       /usr/local/go/src/crypto/sha256/sha256.go:229 +0x69
github.com/go-fed/httpsig.(*rsaAlgorithm).Sign(0xc0002f8580, 0x1e70940, 0xc000096480, 0x13a4020, 0xc0001073e0, 0xc00053a1e0, 0x92, 0xa0, 0x0, 0x0, ...)
       /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/algorithms.go:194 +0x183
github.com/go-fed/httpsig.(*asymmSigner).signSignature(0xc0001628c0, 0x13a4020, 0xc0001073e0, 0xc00053a140, 0x92, 0x0, 0x0, 0x0, 0xc000f34080)
       /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:132 +0xae
github.com/go-fed/httpsig.(*asymmSigner).SignRequest(0xc0001628c0, 0x13a4020, 0xc0001073e0, 0xc000acf900, 0x24, 0xc0001ee000, 0x0, 0x1)
       /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:110 +0x9f
github.com/go-fed/activity/pub.HttpSigTransport.Deliver(0x1e70dc0, 0x2cde840, 0x14aa657, 0x2b, 0xc000c7c380, 0x18, 0x1e70c60, 0x2cfbcf0, 0x1e75000, 0xc000162870, ...)
       /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:152 +0x7af
github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver.func1(0xc0003f21b0, 0x1e70dc0, 0x2cde840, 0x14aa657, 0x2b, 0xc000c7c380, 0x18, 0x1e70c60, 0x2cfbcf0, 0x1e75000, ...)
       /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:176 +0xdf
created by github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver
       /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:174 +0x16b

It seems like this always happens immediately after a request to the followers collection.

cjslep commented 5 years ago

This is a bug in go-fed.

I did some digging and I believe the nx in the digest represents the remainder of the bytes processed over chunk size

From Line 103:

func (d *digest) UnmarshalBinary(b []byte) error {
  // ...
  d.nx = int(d.len % chunk)
  return nil
}

It should be fine except, I bet, in the case of concurrent usage. Which I believe is what is causing the problem here: the default HttpSigTransport isn't following my own guidance on not being safe for concurrent usage.

BenLubar commented 5 years ago

here's a piece of the race output

==================
WARNING: DATA RACE
Read at 0x00c003abf898 by goroutine 85:
  crypto/sha256.(*digest).Sum()
      /usr/local/go/src/crypto/sha256/sha256.go:228 +0x5b
  github.com/go-fed/httpsig.(*rsaAlgorithm).Sign()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/algorithms.go:194 +0x1f6
  github.com/go-fed/httpsig.(*asymmSigner).signSignature()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:132 +0x142
  github.com/go-fed/httpsig.(*asymmSigner).SignRequest()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:110 +0xaf
  github.com/go-fed/activity/pub.HttpSigTransport.Deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:152 +0xe20
  github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver.func1()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:176 +0xef

Previous write at 0x00c003abf898 by goroutine 64:
  crypto/sha256.(*digest).Reset()
      /usr/local/go/src/crypto/sha256/sha256.go:160 +0x1f5
  github.com/go-fed/httpsig.(*rsaAlgorithm).Sign()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/algorithms.go:194 +0x2c2
  github.com/go-fed/httpsig.(*asymmSigner).signSignature()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:132 +0x142
  github.com/go-fed/httpsig.(*asymmSigner).SignRequest()
      /go/pkg/mod/github.com/go-fed/httpsig@v0.1.1-0.20190311210019-34143e88f29c/signing.go:110 +0xaf
  github.com/go-fed/activity/pub.HttpSigTransport.Deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:152 +0xe20
  github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver.func1()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:176 +0xef

Goroutine 85 (running) created at:
  github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:174 +0x1e4
  github.com/go-fed/activity/pub.(*HttpSigTransport).BatchDeliver()
      <autogenerated>:1 +0x140
  github.com/go-fed/activity/pub.(*sideEffectActor).deliverToRecipients()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/side_effect_actor.go:423 +0x289
  github.com/go-fed/activity/pub.(*sideEffectActor).Deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/side_effect_actor.go:388 +0x13b
  github.com/go-fed/activity/pub.(*baseActor).deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/base_actor.go:450 +0x42d
  github.com/go-fed/activity/pub.(*baseActorFederating).Send()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/base_actor.go:459 +0x91
  main.distributeLogEntry()
      /src/logactivity.go:439 +0x343

Goroutine 64 (running) created at:
  github.com/go-fed/activity/pub.HttpSigTransport.BatchDeliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/transport.go:174 +0x1e4
  github.com/go-fed/activity/pub.(*HttpSigTransport).BatchDeliver()
      <autogenerated>:1 +0x140
  github.com/go-fed/activity/pub.(*sideEffectActor).deliverToRecipients()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/side_effect_actor.go:423 +0x289
  github.com/go-fed/activity/pub.(*sideEffectActor).Deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/side_effect_actor.go:388 +0x13b
  github.com/go-fed/activity/pub.(*baseActor).deliver()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/base_actor.go:450 +0x42d
  github.com/go-fed/activity/pub.(*baseActorFederating).Send()
      /go/pkg/mod/github.com/go-fed/activity@v0.4.1-0.20190504080235-28ffa4c8ad29/pub/base_actor.go:459 +0x91
  main.distributeLogEntry()
      /src/logactivity.go:439 +0x343
==================
cjslep commented 5 years ago

Should be fixed by f339304ce4373cbd7c5203e05f7ec22a0593bb1b

Please re-open the issue if it doesn't.