CDRIVER-695 crash destroying node after auth err

Avoid scenarios like:

1. Connect to 2-node replica set.

2. _cluster_reconnect_replica_set enters first loop, calls ismaster on primary
   and finds two peers.

3. nodes_len is set to 2 and the nodes list is realloc'ed, but the second node
   is uninitialized.

4. _mongoc_cluster_reconnect_replica_set enters second loop.

5. Auth fails, "goto CLEANUP".

6. Now nodes_len is 2 but the second node is still uninitialized.

7. Later, _mongoc_cluster_node_destroy iterates over both nodes.

8. Destroying second, uninitialized node calls stream->close, which is a random
   location, segfaults.

Author: ajdavis

CMakeLists.txt

@@ -212,6 +212,7 @@ set(test-libmongoc-sources
    ${SOURCE_DIR}/tests/mock-server.c
    ${SOURCE_DIR}/tests/test-bulk.c
    ${SOURCE_DIR}/tests/test-mongoc-client-pool.c
+   ${SOURCE_DIR}/tests/test-mongoc-cluster.c
    ${SOURCE_DIR}/tests/test-mongoc-collection.c
    ${SOURCE_DIR}/tests/test-mongoc-cursor.c
    ${SOURCE_DIR}/tests/test-mongoc-database.c

src/mongoc/mongoc-cluster.c

@@ -2202,13 +2202,14 @@ _mongoc_cluster_reconnect_replica_set (mongoc_cluster_t *cluster,
       }
    }
 
+   /* reinitialize nodes with same length as peer list. */
    for (liter = list, i = 0; liter; liter = liter->next, i++) {}
    cluster->nodes = bson_realloc (cluster->nodes, sizeof (*cluster->nodes) * i);
-   cluster->nodes_len = i;
 
-   /* guard against counter errors, see CDRIVER-695 */
-   for (i = 0; i < cluster->nodes_len; i++) {
-      cluster->nodes[i].valid = false;
+   for (j = 0; j < i; j++) {
+      _mongoc_cluster_node_init (&cluster->nodes[j]);
+      /* guard against counter errors, see CDRIVER-695 */
+      cluster->nodes[j].valid = false;
    }
 
    for (liter = list, i = 0; liter; liter = liter->next) {
@@ -2242,8 +2243,6 @@ _mongoc_cluster_reconnect_replica_set (mongoc_cluster_t *cluster,
          }
       }
 
-      _mongoc_cluster_node_init(&cluster->nodes[i]);
-
       cluster->nodes[i].host = host;
       cluster->nodes[i].index = i;
       cluster->nodes[i].stream = stream;
@@ -2285,10 +2284,9 @@ _mongoc_cluster_reconnect_replica_set (mongoc_cluster_t *cluster,
 
       cluster->nodes[i].valid = true;
       i++;
+      cluster->nodes_len = (uint32_t) i;
    }
 
-   cluster->nodes_len = i;
-
    _mongoc_list_foreach(list, (void(*)(void*,void*))bson_free, NULL);
    _mongoc_list_destroy(list);
 

tests/Makefile.am

@@ -79,6 +79,7 @@ test_libmongoc_SOURCES = \
 	tests/test-mongoc-buffer.c \
 	tests/test-mongoc-client.c \
 	tests/test-mongoc-client-pool.c \
+	tests/test-mongoc-cluster.c \
 	tests/test-mongoc-collection.c \
 	tests/test-mongoc-cursor.c \
 	tests/test-mongoc-database.c \

tests/test-libmongoc.c

@@ -30,6 +30,7 @@ extern void test_buffer_install            (TestSuite *suite);
 extern void test_bulk_install              (TestSuite *suite);
 extern void test_client_install            (TestSuite *suite);
 extern void test_client_pool_install       (TestSuite *suite);
+extern void test_cluster_install           (TestSuite *suite);
 extern void test_collection_install        (TestSuite *suite);
 extern void test_cursor_install            (TestSuite *suite);
 extern void test_database_install          (TestSuite *suite);
@@ -495,6 +496,7 @@ main (int   argc,
    test_buffer_install (&suite);
    test_client_install (&suite);
    test_client_pool_install (&suite);
+   test_cluster_install (&suite);
    test_write_command_install (&suite);
    test_bulk_install (&suite);
    test_collection_install (&suite);

tests/test-mongoc-cluster.c

@@ -0,0 +1,239 @@
+#include <mongoc-cluster-private.h>
+#include "mongoc-cluster-private.h"
+#include "mongoc-client-private.h"
+
+#include "TestSuite.h"
+#include "test-libmongoc.h"
+
+
+#undef MONGOC_LOG_DOMAIN
+#define MONGOC_LOG_DOMAIN "cluster-test"
+
+
+void
+call_ismaster (bson_t *reply)
+{
+   bson_t ismaster = BSON_INITIALIZER;
+   mongoc_client_t *client;
+   bool r;
+
+   BSON_APPEND_INT32 (&ismaster, "isMaster", 1);
+   client = test_framework_client_new (NULL);
+   r = mongoc_client_command_simple (client, "admin", &ismaster,
+                                     NULL, reply, NULL);
+
+   assert (r);
+}
+
+
+char *
+set_name (bson_t *ismaster_response)
+{
+   bson_iter_t iter;
+
+   if (bson_iter_init_find (&iter, ismaster_response, "setName")) {
+      return bson_strdup (bson_iter_utf8 (&iter, NULL));
+   } else {
+      return NULL;
+   }
+}
+
+
+int
+get_n_members (bson_t *ismaster_response)
+{
+   bson_iter_t iter;
+   bson_iter_t hosts_iter;
+   char *name;
+   int n;
+
+   if ((name = set_name (ismaster_response))) {
+      bson_free (name);
+      assert (bson_iter_init_find (&iter, ismaster_response, "hosts"));
+      bson_iter_recurse (&iter, &hosts_iter);
+      n = 0;
+      while (bson_iter_next (&hosts_iter)) n++;
+      return n;
+   } else {
+      return 1;
+   }
+}
+
+
+#define BAD_HOST "mongodb.com:12345"
+
+
+/* a uri with one bogus host */
+mongoc_uri_t *
+uri_from_ismaster_plus_one (bson_t *ismaster_response)
+{
+   /* start with one bad host and a comma */
+   bson_string_t *uri_str = bson_string_new ("mongodb://" BAD_HOST ",");
+   char *name;
+   bson_iter_t iter;
+   bson_iter_t hosts_iter;
+
+   if ((name = set_name (ismaster_response))) {
+      bson_iter_init_find (&iter, ismaster_response, "hosts");
+      bson_iter_recurse (&iter, &hosts_iter);
+      while (bson_iter_next (&hosts_iter)) {
+         assert (BSON_ITER_HOLDS_UTF8 (&hosts_iter));
+         bson_string_append (uri_str, bson_iter_utf8 (&hosts_iter, NULL));
+         while (bson_iter_next (&hosts_iter)) {
+            bson_string_append (uri_str, ",");
+            bson_string_append (uri_str, bson_iter_utf8 (&hosts_iter, NULL));
+         }
+
+         bson_string_append_printf (
+            uri_str, "/?replicaSet=%s&connecttimeoutms=1000", name);
+      }
+
+      bson_free (name);
+   } else {
+      char *host = test_framework_get_host ();
+
+      bson_string_append (uri_str, host);
+      bson_string_append (uri_str, "/?connecttimeoutms=1000");
+
+      bson_free (host);
+   }
+
+   return mongoc_uri_new (bson_string_free (uri_str, false));
+}
+
+
+bool
+cluster_has_host (const mongoc_cluster_t *cluster,
+                  const char *host_and_port)
+{
+   int i;
+
+   for (i = 0; i < cluster->nodes_len; i++) {
+      if (!strcmp(cluster->nodes[i].host.host_and_port, host_and_port)) {
+         return true;
+      }
+   }
+
+   return false;
+}
+
+
+int
+hosts_len (const mongoc_host_list_t *hl)
+{
+   int n = 0;
+
+   if (!hl) {
+      return 0;
+   }
+
+   do { n++; } while ((hl = hl->next));
+
+   return n;
+}
+
+
+void
+assert_hosts_equal (const mongoc_host_list_t *hl,
+                    const mongoc_cluster_t *cluster)
+{
+   ASSERT_CMPINT (hosts_len (hl), ==, cluster->nodes_len);
+
+   while (hl) {
+      if (!cluster_has_host (cluster, hl->host_and_port) &&
+          strcmp (BAD_HOST, hl->host_and_port)) {
+         printf ("cluster has no host %s\n", hl->host_and_port);
+         abort ();
+      }
+
+      hl = hl->next;
+   }
+}
+
+
+/* not very exhaustive, but ensure that cluster reflects whatever server
+ * we're connected to */
+static void
+test_mongoc_cluster_basic (void)
+{
+   mongoc_client_t *client;
+   bson_t reply;
+   mongoc_uri_t *uri;
+   const mongoc_host_list_t *hosts;
+   bson_error_t error;
+   int n_members;
+   char *replica_set_name;
+   int i;
+   int n;
+
+   call_ismaster (&reply);
+   n_members = get_n_members (&reply);
+   replica_set_name = set_name (&reply);
+   uri = uri_from_ismaster_plus_one (&reply);
+
+   /* get hosts list from uri */
+   hosts = mongoc_uri_get_hosts (uri);
+   assert (hosts);
+   ASSERT_CMPSTR (BAD_HOST, hosts->host_and_port);
+
+   if (replica_set_name) {
+      /* remove bad host we prepended, because the cluster will remove it
+       * once it finds the primary */
+      hosts = hosts->next;
+      assert (hosts);
+   }
+
+   client = mongoc_client_new_from_uri (uri);
+
+   ASSERT_CMPINT (n_members, ==, client->cluster.nodes_len - 1);
+   if (replica_set_name) {
+      ASSERT_CMPINT (MONGOC_CLUSTER_REPLICA_SET, ==, client->cluster.mode);
+   } else {
+      /* sharded mode, since we gave 2 seeds */
+      ASSERT_CMPINT (MONGOC_CLUSTER_SHARDED_CLUSTER, ==, client->cluster.mode);
+   }
+
+   /* connect twice and assert cluster nodes are as expected */
+   for (i = 0; i < 2; i++) {
+      /* warnings about failing to connect to mongodb.com:12345 */
+      suppress_one_message ();
+      suppress_one_message ();
+      suppress_one_message ();
+
+      _mongoc_cluster_reconnect (&client->cluster, &error);
+
+      assert_hosts_equal (hosts, &client->cluster);
+
+      for (n = 0; n < client->cluster.nodes_len; n++) {
+         const mongoc_cluster_node_t *node = &client->cluster.nodes[n];
+         bool valid_host;
+
+         assert (node->valid);
+
+         valid_host = (strlen (node->host.host_and_port) &&
+                       strcmp (node->host.host_and_port, BAD_HOST));
+
+         if (valid_host) {
+            assert (node->stream);
+         } else {
+            assert (!node->stream);
+         }
+
+         ASSERT_CMPINT (n, ==, node->index);
+         ASSERT_CMPINT (0, ==, node->stamp);
+         ASSERT_CMPSTR (replica_set_name, node->replSet);
+      }
+   }
+
+   bson_free (replica_set_name);
+   mongoc_uri_destroy (uri);
+   bson_destroy (&reply);
+   mongoc_client_destroy (client);
+}
+
+
+void
+test_cluster_install (TestSuite *suite)
+{
+   TestSuite_Add (suite, "/Cluster/basic", test_mongoc_cluster_basic);
+}