[ZOO-Discuss] [ZOO Project Trac] #1: Maintaining, security and debugging enhancement request for zoo kernel

ZOO Project Trac zoo-dev at cartography.st
Tue May 25 01:57:21 PDT 2010 

#1: Maintaining, security and debugging enhancement request for zoo kernel
------------------------+---------------------------------------------------
Reporter:  soeren       |       Owner:            
    Type:  enhancement  |      Status:  new       
Priority:  major        |   Component:  zoo-kernel
 Version:  1.0          |    Keywords:  security  
------------------------+---------------------------------------------------
 I know that the current release is a proof of concept, so this request is
 related to the next release, but attached to the current.

 While working on GIS GRASS ZOO integration, i faced several issues and
 obstacles using the zoo-kernel.
 * Parsing wrong commands from command line, or config files with incorrect
 content, as well as wrong python function bindings resulting in segfaults,
 which is a kind of frustrating finding errors while attaching new
 services.
 * There are inconsistencies between the command line interface and the cgi
 interface for Python services (different number of function arguments ->
 map, input and output vs. input, output)
 * Massive use of sprintf and strcmp instead of the more secure versions
 snprintf and strncmp
 * No check of correct memory allocation
 * Missing error messages in case something goes wrong with command line
 parsing, config file parsing and Python function bindings
 * Mixing C and C++ code (malloc and new operator used in one file)
 * The code need to be re-fractured to split huge functions into smaller
 parts to reduce redundancy and enhance the stability and maintainability
 * Better indention for better readability and maintainability
 * more issues will be added as new tickets

 Hence i have modified several files in zoo-kernel because of security and
 stability reasons and added additionally debug output. The modification
 are made in the kernel and the python loader part.
 * Most of the memory allocation is now checked and warnings are printed if
 memory allocation fails
 * I have replaced sprintf with snprintf when possible
 * I have replaced strcmp with strncmp when possible
 * IMHO wrong memory allocation was fixed
 * Indention style for zoo_loader.c changed for better readability (using
 indent on Linux)

 I may have implemented new bugs while trying to reduce them. :/ So
 intensive testing is needed.

 Patch is attached.

-- 
Ticket URL: <http://svn.zoo-project.org/trac/ticket/1>
ZOO Project Trac <http://svn.zoo-project.org/>
Open WPS Platform

More information about the Zoo-discuss mailing list