boulder
boulder copied to clipboard
Published
20 hours ago •
letsencrypt
letsencrypt
Model.go : type mismatch between db and model
I found multiple signed vs unsigned type mismatch (uint vs int) inside db keys and between db and model:
for example, but not limited to from table schema in test/db defines tinyint columns as signed and id is unsigned (as that's default),
CREATE TABLE `authz2` (
`id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
`identifierType` tinyint(4) NOT NULL,
`identifierValue` varchar(255) NOT NULL,
`registrationID` bigint(20) NOT NULL,
`status` tinyint(4) NOT NULL,
`expires` datetime NOT NULL,
`challenges` tinyint(4) NOT NULL,
`attempted` tinyint(4) DEFAULT NULL,
`attemptedAt` datetime DEFAULT NULL,
`token` binary(32) NOT NULL,
but authzModel in model.go have using int64 for signed and tinyint columns are using uint8
type authzModel struct {
ID int64 `db:"id"`
IdentifierType uint8 `db:"identifierType"`
IdentifierValue string `db:"identifierValue"`
RegistrationID int64 `db:"registrationID"`
Status uint8 `db:"status"`
Expires time.Time `db:"expires"`
Challenges uint8 `db:"challenges"`
Attempted *uint8 `db:"attempted"`
AttemptedAt *time.Time `db:"attemptedAt"`
Token []byte `db:"token"`
ValidationError []byte `db:"validationError"`
ValidationRecord []byte `db:"validationRecord"`
}
- while in db authz and order id is unsigned at its own table, but in most other tables that have orderID using signed bigint at that. while it's unlikely to those uid to overflow.
While I don't think those fields will overflow anytime soon, (like most near one would be authz having 128 states or >128 challenge types), I think I'd better to notify this.
Challenges field was actually bitmap, so it'll blow up at 8th challenge type actually. this currently have 3 types and 2 more if we start adding other types : onion-csr and dns-account-01 (think http-01 and tls-alpn for IP types are same enough)