On Tue, May 6, 2008 at 12:09 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 5/6/08, David Rees <[EMAIL PROTECTED]> wrote:
> > If my theory is correct, I would suggest two fixes:
> >
> > 1. Make sure the config file is written atomically to the filesystem.
> > This means writing the file to a temporary file and then
> > moving/linking the temporary file over the real one.
I did some checking in the PHP code - it does look like there are
various locations where the /conf/config.xml or
{$g['conf_path']}/config.xml or /cf/conf/config.xml are written just
using a plain fopen, write, close. This does leave you open to the
race condition I mentioned earlier where it's possible that another
process ends up reading a halfway written config file.
I'll try to get the time to fix this properly - a generic "safe_write"
function which takes a filename as an argument, writes to a temporary
file in the same folder, then renames the temporary file over the
original filename should do the trick. Then it's just a matter of
finding all the places where the config file is written to and
replacing the those sections of code with the function call.
> > 2. Check that the read in the inner loop is successful and abort the
> > inner loop if not.
> >
> > while [ "$configline" != "</tunnel>" ];
> > do
> > read configline
> > # check for successful read here and abort if not successful
> > # inner loop code omitted for brevity
> > done
This sanity check is only a couple lines.
> Excellent suggestions. Can you make these changes to your file and
> test? If all looks well submit a diff -rub patch and I'll get it
> committed.
No problem, I just need to find the time to do the first patch which
is pretty involved. Find a patch to check that the read configline was
successful to avoid the infinite loop on a corrupt config file. Seems
to work on my system.
-Dave
--- ping_hosts.sh.orig 2007-11-23 17:17:54.000000000 -0800
+++ ping_hosts.sh 2008-05-06 13:45:33.000000000 -0700
@@ -25,6 +25,9 @@
VPNENABLED=1
while [ "$configline" != "</tunnel>" ];
do
+ if ! read configline ; then
+ break
+ fi
read configline
if [ "$configline" = "<disabled/>" ]; then
VPNENABLED=0
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]