On 06/21/12 11:27, bodik wrote:
> hi,
>
> while current v5-stable works fine on "client" side, on the
> central "server" side it segfaults after few minutes of run with
hi,
a digged a little deep into it and i think i found a cause. I think that using
plugin pOnSessAccept callback to establish session inside tcp channel can lead
to null pointer dereference at tcpsrv.c:699
this happens only using imgssapi on the server side in v5-stable, imho it is the
only module using pOnSessAccept
Run > SessAccept > imgssapi::pOnSessAccept > OnSessAcceptGSS fails
when session creation fails. (eg ntp timeskew using KDC, network disruptions,
using tcpkill...) tcpsrv.c:SessAccept jums to finalizer, does not add a session
into live sessions (which is fine) and session is destructed (which is maybe
also fine) but after return from Run.SessAccept, is pNewSess directly
dereferenced with
699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm,
This in not reproducible by any other plugin since imgssapi is the only using
it. but I believe that that can be emulated by custom test plugin within plugin
API testcase ...
Could attached patch solve the issue ? (at least it works fine for me ;)
Thank you
bodik
-----------
tcpsrv.c:SessAccept
440 /* check if we need to call our callback */
441 if(pThis->pOnSessAccept != NULL) {
442 CHKiRet(pThis->pOnSessAccept(pThis, pSess));
443 }
444
445 *ppSess = pSess;
446 if(!pThis->bUsingEPoll)
447 pThis->pSessions[iSess] = pSess;
448 pSess = NULL; /* this is now also handed over */
449
450 finalize_it:
451 if(iRet != RS_RET_OK) {
452 if(pSess != NULL)
453 tcps_sess.Destruct(&pSess);
454 if(pNewStrm != NULL)
455 netstrm.Destruct(&pNewStrm);
456 free(fromHostFQDN);
457 free(fromHostIP);
458 }
459
460 RETiRet;
tcpsrv.c:Run
682 while(1) {
683 localRet = nspoll.Wait(pPoll, -1, &i, &pUsr);
...
696 if(pUsr == pThis->ppLstn) {
697 DBGPRINTF("New connect on NSD %p.\n",
698 SessAccept(pThis, pThis->ppLstnPort[i], &pNewSess,
699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm,
700 DBGPRINTF("Failed to esablish a new
701 } else {
702 pNewSess = (tcps_sess_t*) pUsr;
703 doReceive(pThis, &pNewSess, pPoll);
704 }
705 }
diff -rua a/tcpsrv.c b/tcpsrv.c
--- a/tcpsrv.c 2012-07-11 16:21:26.872221692 +0200
+++ b/tcpsrv.c 2012-07-11 16:21:39.684221968 +0200
@@ -696,8 +696,12 @@
if(pUsr == pThis->ppLstn) {
DBGPRINTF("New connect on NSD %p.\n", pThis->ppLstn[i]);
SessAccept(pThis, pThis->ppLstnPort[i], &pNewSess, pThis->ppLstn[i]);
- CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, 0, pNewSess, NSDPOLL_IN, NSDPOLL_ADD));
- DBGPRINTF("New session created with NSD %p.\n", pNewSess);
+ if( pNewSess != NULL) {
+ CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, 0, pNewSess, NSDPOLL_IN, NSDPOLL_ADD));
+ DBGPRINTF("New session created with NSD %p.\n", pNewSess);
+ } else {
+ DBGPRINTF("Failed to establish a new session with NSD %p.\n", pNewSess);
+ }
} else {
pNewSess = (tcps_sess_t*) pUsr;
doReceive(pThis, &pNewSess, pPoll);
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
