)]}'
{
  "commit": "d6a88022d0c8ffdd2b938f161b8825148762b099",
  "tree": "a5a0e0c0b1e6970c1aef8a38e2b45978c00b8592",
  "parents": [
    "42ef7c742ab128b25478833a52af25ba0be5bf15"
  ],
  "author": {
    "name": "Jan Schär",
    "email": "jan@jschaer.ch",
    "time": "Mon Mar 18 17:03:37 2024 +0100"
  },
  "committer": {
    "name": "Jan Schär",
    "email": "jan@jschaer.ch",
    "time": "Mon Mar 18 17:24:36 2024 +0000"
  },
  "message": "m/node: fix appending to read-only slices\n\n`append` modifies its first argument if there is sufficient capacity \ninstead of allocating a new slice. If the slice to be appended to is \nsupposed to be read-only, this can lead to unexpected aliasing.\n\nAn example of what can go wrong, here with the consensus client:\n\n    l :\u003d NewLocal(nil)\n    sub1, _ :\u003d l.Sub(\"I\")\n    sub2, _ :\u003d sub1.Sub(\"am\")\n    sub3, _ :\u003d sub2.Sub(\"a\")\n    dog, _ :\u003d sub3.Sub(\"dog\")\n    _, _ \u003d sub3.Sub(\"cat\")\n    fmt.Print(dog.(*local).path)\n\nResult before this change: \"I am a cat\"\nResult after this change: \"I am a dog\"\n\nAfter creating a subnamespace of length 3, the capacity of the `path` is \n4, so any subnamespace will share the same slice. The fix is to always \nensure a new slice is allocated.\n\nImpact\n------\n\nFor the consensus client, Sub is currently never called multiple times \non the same namespace, so there is no impact there. In case of the dhcp \nclient and rpc resolver, the slices that are appended to are slice \nliterals in all cases, which don\u0027t have extra capacity.\n\nBut for the curator `etcdPrefix`, `p.parts` has capacity 1 larger than \nthe length, due to the slicing in `newEtcdPrefix`. That means that \nconcurrent calls to `Key` can overwrite each other\u0027s `path`. It looks \nlike `Key` can in fact be called concurrently, which means there is \npotential for data corruption to occur before this change.\n\nChange-Id: I28e7dc797365c2beea97023ed31a20eea599e678\nReviewed-on: https://review.monogon.dev/c/monogon/+/2873\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "821919b7d94d9a98935d763c40f808b2926574ac",
      "old_mode": 33188,
      "old_path": "metropolis/node/core/consensus/client/client.go",
      "new_id": "70e27aa0e19647c23705e1717a4fecbfc09486a6",
      "new_mode": 33188,
      "new_path": "metropolis/node/core/consensus/client/client.go"
    },
    {
      "type": "modify",
      "old_id": "c1969d43b27ad5d29fb2c4debba79522bb00d73f",
      "old_mode": 33188,
      "old_path": "metropolis/node/core/curator/state.go",
      "new_id": "39837a7696d0000a980d89e0a4f551c54c33707e",
      "new_mode": 33188,
      "new_path": "metropolis/node/core/curator/state.go"
    },
    {
      "type": "modify",
      "old_id": "9bb70dd30cb1dae91a6056e48226160fe26bbef3",
      "old_mode": 33188,
      "old_path": "metropolis/node/core/network/dhcp4c/dhcpc.go",
      "new_id": "bfb26769f8914b50dfafc78d209898a8386f46dc",
      "new_mode": 33188,
      "new_path": "metropolis/node/core/network/dhcp4c/dhcpc.go"
    },
    {
      "type": "modify",
      "old_id": "5b89f7340fa841a0d3c862819f3369b6fbd15979",
      "old_mode": 33188,
      "old_path": "metropolis/node/core/rpc/resolver/resolver.go",
      "new_id": "2e1fc996e67afff9fe6cfe939237ac022f9f8cbf",
      "new_mode": 33188,
      "new_path": "metropolis/node/core/rpc/resolver/resolver.go"
    }
  ]
}