fix: resolve all 55 identified bugs across the codebase
Comprehensive bug fix pass across all subsystems: - Critical: lexer infinite loop, WAL lock discipline, checkpoint safety, compaction verification, HMAC key truncation, healthCheck leak - High: MVCC lock safety, B-Tree delete rebalancing, Raft stale term handling, replication socket leaks and ack cleanup, sharding migration with old assignments, 2PC recovery, JWT/SCRAM auth fixes, wire protocol bounds checks - Medium: config error handling, MERGE parser completeness, IR/codegen correctness, UDF bounds checks, LIMIT cost accuracy, mmap safety - Low: timeout handling, float parsing edge cases, uint32 truncation, cache entry cleanup Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -76,7 +76,8 @@ proc hmacSha256(key, message: string): string =
|
||||
var ctx = initSha_256()
|
||||
ctx.update(k.toOpenArray(0, k.len-1))
|
||||
let hash = ctx.digest()
|
||||
k = $hash
|
||||
k = newString(32)
|
||||
for i in 0..<32: k[i] = char(hash[i])
|
||||
while k.len < 64:
|
||||
k &= "\x00"
|
||||
|
||||
@@ -166,17 +167,25 @@ proc verifyToken*(am: AuthManager, token: string): (bool, JWTClaims) =
|
||||
val &= payload[i]
|
||||
inc i
|
||||
# Assign to claims
|
||||
var parseOk = true
|
||||
case key
|
||||
of "sub": claims.sub = val
|
||||
of "role": claims.role = val
|
||||
of "database": claims.database = val
|
||||
of "iss": claims.iss = val
|
||||
of "aud": claims.aud = val
|
||||
of "exp": claims.exp = parseInt(val)
|
||||
of "iat": claims.iat = parseInt(val)
|
||||
of "nbf": claims.nbf = parseInt(val)
|
||||
of "exp":
|
||||
try: claims.exp = parseInt(val)
|
||||
except ValueError: parseOk = false
|
||||
of "iat":
|
||||
try: claims.iat = parseInt(val)
|
||||
except ValueError: parseOk = false
|
||||
of "nbf":
|
||||
try: claims.nbf = parseInt(val)
|
||||
except ValueError: parseOk = false
|
||||
of "jti": claims.jti = val
|
||||
else: discard
|
||||
if not parseOk: return (false, JWTClaims())
|
||||
if i < payload.len and payload[i] == ',':
|
||||
inc i
|
||||
inc i
|
||||
@@ -205,7 +214,7 @@ proc startScram*(am: AuthManager, clientFirstMessage: string): string =
|
||||
## Start SCRAM authentication. Returns server-first-message.
|
||||
let (_, username, clientNonce) = parseClientFirst(clientFirstMessage)
|
||||
if username notin am.scramUsers:
|
||||
raise newException(ValueError, "Unknown user: " & username)
|
||||
raise newException(ValueError, "Authentication failed")
|
||||
|
||||
let cred = am.scramUsers[username]
|
||||
let serverNonce = generateNonce()
|
||||
|
||||
Reference in New Issue
Block a user