Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 13.06.2016 15:54, thierry bordaz wrote: The fix is good for me. ACK thanks thierry On 06/13/2016 10:04 AM, Ludwig Krispenz wrote: revised patch (v2) attached: changed log level fixed order of statements in freeing host list On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. yes, line 852 and 853 should be switched An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander Pushed to master: 0b11b36bf215a351050280ab0b329ceda7a9dccf -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
The fix is good for me. ACK thanks thierry On 06/13/2016 10:04 AM, Ludwig Krispenz wrote: revised patch (v2) attached: changed log level fixed order of statements in freeing host list On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. yes, line 852 and 853 should be switched An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
revised patch (v2) attached: changed log level fixed order of statements in freeing host list On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. yes, line 852 and 853 should be switched An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander >From ec4a8967fa978c7b13a46e6e762a9354319400be Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Mon, 13 Jun 2016 09:51:17 +0200 Subject: [PATCH] v2 - avoid crash in topology plugin when host list contains host with no hostname ticket #5928 prevent a crash when dereferncing a NULL hostnam, log an error to help debugging fix an incorrect order of statement when freeing a host list --- daemons/ipa-slapi-plugins/topology/topology_cfg.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/daemons/ipa-slapi-plugins/topology/topology_cfg.c b/daemons/ipa-slapi-plugins/topology/topology_cfg.c index 3ca61a8ea7c463c45f3dbf2e13a9790c5079e2d7..23b8eddfb5f6ef2d3167d7f10ebd6e5509b72a9c 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_cfg.c +++ b/daemons/ipa-slapi-plugins/topology/topology_cfg.c @@ -452,6 +452,15 @@ ipa_topo_cfg_host_find(TopoReplica *tconf, char *findhost, int lock) if (lock) slapi_lock_mutex(tconf->repl_lock); for (host=tconf->hosts;host;host=host->next) { +if (host->hostname == NULL) { +/* this check is done to avoid a crash, + * for which the root cause is not yet known. + * Avoid the crash and log an error + */ +slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM, +"ipa_topo_cfg_host_find: found a NULL hostname in host list\n"); +continue; +} if (!strcasecmp(host->hostname,findhost)) { break; } @@ -849,8 +858,8 @@ ipa_topo_cfg_replica_free(TopoReplica *tconf) while (host) { host_next = host->next; slapi_ch_free_string(&host->hostname); -host = host_next; slapi_ch_free((void **)&host); +host = host_next; } slapi_ch_free((void **)&tconf); } -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 06/10/2016 05:56 PM, Ludwig Krispenz wrote: On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. yes, line 852 and 853 should be switched An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | |You are definitely right there is no path that can lead to NULL hostname :-( If we are unable to get a reproducible test case, A crazy idea would be to do some internal rotating logging in a buffer on each events (add/del host, add/del segments...), when the incoherency is detected, then dump the buffer into the error logs so that we would have more data to find the RC. | || thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. yes, line 852 and 853 should be switched An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 06/10/2016 05:41 PM, thierry bordaz wrote: On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | |newhost= slapi_entry_attr_get_charptr(hostentry,"cn"); if (newhost== NULL) return; if there is no cn, it will not be added, if the cn is an empty value, the pointer is not NULL and it will not crash when dereferncing | || thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 06/10/2016 05:23 PM, Ludwig Krispenz wrote: On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. Yes you are right, it can not conduct to empty hostname into tconf. However I think it can leak because host will be set to 0 at the end of the first iteration. An other possibility is that in https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449| ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null but empty, so we may create an empty hostname. | thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
On 06/10/2016 04:44 PM, thierry bordaz wrote: Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. yes, of course that was my intention, copy paste :-) Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. but this frees the complete replica structure tconf and in the caller tconf is set to null, so should never be used again. thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host
Hi Ludwig, I agree with you there is no path to add a host with an empty hostname. You fix looks valid but I would prefer a log in FATAL rather in PLUGIN. Also I wonder if a reason of empty hostname could be a slapi_ch_free on it but with the host remaining in the list. Looking at https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852, I wonder if the two lines 852 and 853 could lead to this situation. thanks thierry On 06/10/2016 12:36 PM, Ludwig Krispenz wrote: Hi, the attached patch will prevent the crash reported in ticket #5928. So far I do not understand how this situation can occur, there is no reproducer yet. I do not really like this fix as it hides a probable corrupted data structure and would prefer to find the root cause. But please review it, so we can commit it if there is no progress on the root cause. Ludwig -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code