Thx, sounds very reasonable, hope to be able to look at it in depth and merge tomorrow. If it's not merged by Monday, please ping me.
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of bodik > Sent: Wednesday, July 11, 2012 4:25 PM > To: rsyslog-users > Cc: Daniel Kouril > Subject: Re: [rsyslog] v5-stable (5.8.13) segfault > > On 06/21/12 11:27, bodik wrote: > > hi, > > > > while current v5-stable works fine on "client" side, on the > > central "server" side it segfaults after few minutes of run with > > hi, > > a digged a little deep into it and i think i found a cause. I think > that using > plugin pOnSessAccept callback to establish session inside tcp channel > can lead > to null pointer dereference at tcpsrv.c:699 > > this happens only using imgssapi on the server side in v5-stable, imho > it is the > only module using pOnSessAccept > > Run > SessAccept > imgssapi::pOnSessAccept > OnSessAcceptGSS fails > > when session creation fails. (eg ntp timeskew using KDC, network > disruptions, > using tcpkill...) tcpsrv.c:SessAccept jums to finalizer, does not add a > session > into live sessions (which is fine) and session is destructed (which is > maybe > also fine) but after return from Run.SessAccept, is pNewSess directly > dereferenced with > > 699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, > > This in not reproducible by any other plugin since imgssapi is the only > using > it. but I believe that that can be emulated by custom test plugin > within plugin > API testcase ... > > Could attached patch solve the issue ? (at least it works fine for me > ;) > > Thank you > bodik > > > ----------- > > tcpsrv.c:SessAccept > > 440 /* check if we need to call our callback */ > 441 if(pThis->pOnSessAccept != NULL) { > 442 CHKiRet(pThis->pOnSessAccept(pThis, pSess)); > 443 } > 444 > 445 *ppSess = pSess; > 446 if(!pThis->bUsingEPoll) > 447 pThis->pSessions[iSess] = pSess; > 448 pSess = NULL; /* this is now also handed over */ > 449 > 450 finalize_it: > 451 if(iRet != RS_RET_OK) { > 452 if(pSess != NULL) > 453 tcps_sess.Destruct(&pSess); > 454 if(pNewStrm != NULL) > 455 netstrm.Destruct(&pNewStrm); > 456 free(fromHostFQDN); > 457 free(fromHostIP); > 458 } > 459 > 460 RETiRet; > > > tcpsrv.c:Run > > 682 while(1) { > 683 localRet = nspoll.Wait(pPoll, -1, &i, &pUsr); > ... > 696 if(pUsr == pThis->ppLstn) { > 697 DBGPRINTF("New connect on NSD %p.\n", > 698 SessAccept(pThis, pThis->ppLstnPort[i], > &pNewSess, > 699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, > 700 DBGPRINTF("Failed to esablish a new > 701 } else { > 702 pNewSess = (tcps_sess_t*) pUsr; > 703 doReceive(pThis, &pNewSess, pPoll); > 704 } > 705 } > > > > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
