From 5f90bfd1ae2fb737d14532d74d93e3f1c1763f99 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 15 Dec 2019 11:19:33 +0100 Subject: [PATCH] nsscash: guard against unexpected 304 A 304 (status not modified) from the server was always considered a non-error even if we did not send a If-Modified-Since. This could hide errors for buggy servers. --- file.go | 5 +++++ main_test.go | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/file.go b/file.go index e06a9bc..5b8fffe 100644 --- a/file.go +++ b/file.go @@ -89,12 +89,17 @@ func fetchFile(file *File, state *State) error { t = zero // force download } + oldT := t status, body, err := fetchIfModified(file.Url, file.Username, file.Password, file.CA, &t) if err != nil { return err } if status == http.StatusNotModified { + if oldT.IsZero() { + return fmt.Errorf("status code 304 " + + "but did not send If-Modified-Since") + } log.Printf("%q -> %q: not modified", file.Url, file.Path) return nil } diff --git a/main_test.go b/main_test.go index 31c9e50..c4afa79 100644 --- a/main_test.go +++ b/main_test.go @@ -198,6 +198,7 @@ func TestMainFetch(t *testing.T) { // Perform most tests with passwd for simplicity fetchPasswdCacheFileDoesNotExist, fetchPasswd404, + fetchPasswdUnexpected304, fetchPasswdEmpty, fetchPasswdInvalid, fetchPasswdLimits, @@ -329,6 +330,24 @@ func fetchPasswd404(a args) { mustBeOld(a.t, passwdPath) } +func fetchPasswdUnexpected304(a args) { + t := a.t + mustWritePasswdConfig(t, a.url) + mustCreate(t, passwdPath) + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + // 304 + w.WriteHeader(http.StatusNotModified) + } + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "status code 304 but did not send If-Modified-Since") + + mustNotExist(t, statePath, plainPath, groupPath) + mustBeOld(a.t, passwdPath) +} + func fetchPasswdEmpty(a args) { t := a.t mustWritePasswdConfig(t, a.url) -- 2.45.2