revised patch (v2) attached:
changed log level
fixed order of statements in freeing host list

On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:

On 06/10/2016 05:41 PM, thierry bordaz wrote:


On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:

On 06/10/2016 04:44 PM, thierry bordaz wrote:
Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.
yes, of course that was my intention, copy paste :-)

Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,
I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again.

Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end of the first iteration.
yes, line 852 and 853 should be switched

An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname.
|

thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:
Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause.

But please review it, so we can commit it if there is no progress on the root cause.

Ludwig





--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander


--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander



--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

>From ec4a8967fa978c7b13a46e6e762a9354319400be Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz <lkris...@redhat.com>
Date: Mon, 13 Jun 2016 09:51:17 +0200
Subject: [PATCH] v2 - avoid crash in topology plugin when host list contains
 host with no hostname

ticket #5928

prevent a crash when dereferncing a NULL hostnam, log an error to help debugging
fix an incorrect order of statement when freeing a host list
---
 daemons/ipa-slapi-plugins/topology/topology_cfg.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/topology/topology_cfg.c b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
index 3ca61a8ea7c463c45f3dbf2e13a9790c5079e2d7..23b8eddfb5f6ef2d3167d7f10ebd6e5509b72a9c 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_cfg.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
@@ -452,6 +452,15 @@ ipa_topo_cfg_host_find(TopoReplica *tconf, char *findhost, int lock)
 
     if (lock) slapi_lock_mutex(tconf->repl_lock);
     for (host=tconf->hosts;host;host=host->next) {
+        if (host->hostname == NULL) {
+            /* this check is done to avoid a crash,
+             * for which the root cause is not yet known.
+             * Avoid the crash and log an error
+             */
+            slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
+                            "ipa_topo_cfg_host_find: found a NULL hostname in host list\n");
+            continue;
+        }
         if (!strcasecmp(host->hostname,findhost)) {
            break;
         }
@@ -849,8 +858,8 @@ ipa_topo_cfg_replica_free(TopoReplica *tconf)
         while (host) {
             host_next = host->next;
             slapi_ch_free_string(&host->hostname);
-            host = host_next;
             slapi_ch_free((void **)&host);
+            host = host_next;
         }
         slapi_ch_free((void **)&tconf);
     }
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to