Re: [pfSense Support] ping_hosts.sh in infinite loop

Tue, 06 May 2008 13:48:32 -0700 

On Tue, May 6, 2008 at 12:09 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 5/6/08, David Rees <[EMAIL PROTECTED]> wrote:
>  >  If my theory is correct, I would suggest two fixes:
>  >
>  >  1. Make sure the config file is written atomically to the filesystem.
>  >  This means writing the file to a temporary file and then
>  >  moving/linking the temporary file over the real one.

I did some checking in the PHP code - it does look like there are
various locations where the /conf/config.xml or
{$g['conf_path']}/config.xml or /cf/conf/config.xml are written just
using a plain fopen, write, close. This does leave you open to the
race condition I mentioned earlier where it's possible that another
process ends up reading a halfway written config file.

I'll try to get the time to fix this properly - a generic "safe_write"
function which takes a filename as an argument, writes to a temporary
file in the same folder, then renames the temporary file over the
original filename should do the trick. Then it's just a matter of
finding all the places where the config file is written to and
replacing the those sections of code with the function call.

>  >  2. Check that the read in the inner loop is successful and abort the
>  >  inner loop if not.
>  >
>  >  while [ "$configline" != "</tunnel>" ];
>  >  do
>  >         read configline
>  >         # check for successful read here and abort if not successful
>  >         # inner loop code omitted for brevity
>  >  done

This sanity check is only a couple lines.

>  Excellent suggestions.   Can you  make these changes to your file and
>  test?  If all looks well submit a diff -rub patch and I'll get it
>  committed.

No problem, I just need to find the time to do the first patch which
is pretty involved. Find a patch to check that the read configline was
successful to avoid the infinite loop on a corrupt config file. Seems
to work on my system.

-Dave

--- ping_hosts.sh.orig	2007-11-23 17:17:54.000000000 -0800
+++ ping_hosts.sh	2008-05-06 13:45:33.000000000 -0700
@@ -25,6 +25,9 @@
 			VPNENABLED=1
 			while [ "$configline" != "</tunnel>" ];
 			do
+				if ! read configline ; then
+					break
+				fi
 				read configline
 				if [ "$configline" = "<disabled/>" ]; then
 					VPNENABLED=0

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to