Merge lp:~abentley/launchpad/duplicate-msgid into lp:launchpad
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 13139 | ||||
Proposed branch: | lp:~abentley/launchpad/duplicate-msgid | ||||
Merge into: | lp:launchpad | ||||
Diff against target: | 0 lines | ||||
To merge this branch: | bzr merge lp:~abentley/launchpad/duplicate-msgid | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Collins (community) | Needs Fixing | ||
Abel Deuring (community) | code | Approve | |
Review via email: mp+62697@code.launchpad.net |
Commit message
Skip duplicate incoming messages.
Description of the change
= Summary =
Fix bug #595166: IntegrityError raised filing a bug using the email interface
== Proposed fix ==
Skip all incoming messages whose message-ids duplicate messages already in the database.
== Pre-implementation notes ==
Discussed with sinzui
== Implementation details ==
The IntegrityError comes from trying to link the same message to two different bugs. This can happen if a message with identical contents is received twice. While there may be times we want to permit duplicate message-ids, but not when processing incoming commands.
== Tests ==
bin/test -t duplicate_
== Demo and Q/A ==
Send an email to launchpad to create a bug. Then re-send that message with the same message-id. The second message should be ignored.
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
lib/lp/
lib/lp/
lib/lp/
Unfortunately this has to be rolled back - it has a security hole and a functional hole. The functional hole will prevent the security hole being an issue - but fixing the functional hole would expose the security hole - both need to be addressed.
The security hole is this: using a crafted or predicted msgid an attacker can cause Launchpad to generate a link to a mail that was sent to a private bug or mailing list when they have no such permission. We *must* check that the body of the mail is identical before treating an existing row as the same thing.
The functional hole is that a new message with an existing id will not have its mail handler called, which means that a mail sent to two bugs, or to two mailing lists, or any such pair of objects will only be added to one of the objects.
Lastly MessageSet. fromEmail will take care of deduping legitimate duplicate message ids - it checks for identical content and so forth.
What is causing the OOPS is that fromEmail *is* handling the duplicate id and returning the original message primary key. That then fails when linking to a bug because bugmessage has a (bug,message) unique constraints (as does bugnotification). So basically this needs to be handled in each incoming mail handler, not systematically, because we don't have an introspectable model for how things are linked to messages (which would let handle_one_mail call fromEmail and then check for (target, message) not existing.
The message links I see are:
TABLE "bountymessage" CONSTRAINT "bountymessage_ message_ fk" FOREIGN KEY (message) REFERENCES message(id) message_ fk" FOREIGN KEY (message) REFERENCES message(id) message_ fk" FOREIGN KEY (message) REFERENCES message(id) n_message_ fkey" FOREIGN KEY (message) REFERENCES message(id) narchive" CONSTRAINT "bugnotificatio narchive_ _message_ _fk" FOREIGN KEY (message) REFERENCES message(id) nattachment" CONSTRAINT "bugnotificatio nattachment_ message_ fkey" FOREIGN KEY (message) REFERENCES message(id) age_message_ fkey" FOREIGN KEY (message) REFERENCES message(id) fferencemessage " CONSTRAINT "distroseriesdi fferencemessage __message_ _fk" FOREIGN KEY (message) REFERENCES message(id) l_message_ fkey" FOREIGN KEY (message) REFERENCES message(id) e__message_ _fk" FOREIGN KEY (message) REFERENCES message(id) essage" CONSTRAINT "specificationm essage_ _message_ _fk" FOREIGN KEY (message) REFERENCES message(id)
TABLE "bugattachment" CONSTRAINT "bugattachment_
TABLE "bugmessage" CONSTRAINT "bugmessage_
TABLE "bugnotification" CONSTRAINT "bugnotificatio
TABLE "bugnotificatio
TABLE "bugnotificatio
TABLE "codereviewmessage" CONSTRAINT "codereviewmess
TABLE "distroseriesdi
TABLE "messageapproval" CONSTRAINT "messageapprova
TABLE "questionmessage" CONSTRAINT "questionmessag
TABLE "specificationm