Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
+++ This bug was initially created as a clone of Bug #1033528 +++
Description of problem:
xinetd segfaults when connecting to tcpmux service.
Version-Release number of selected component (if applicable):
2:xinetd-2.3.15-8.fc19.x86_64
Steps to Reproduce:
1. enable tcpmux service
2. create a sample tcpmux-activated service
service test
{
id = tcpmux-test
disable = no
socket_type = stream
wait = no
user = root
type = TCPMUXPLUS UNLISTED
server = /bin/uname
server_args = uname -s -r -v
flags = NAMEINARGS
}
The order of server_args and flags is important.
3. run xinetd
4. telnet <host> 1
5. type 'test' and enter
Actual results:
Segfault.
Expected results:
Service is run as expected.
Additional info:
(gdb) bt
#0 0x00007f8f5cbcc9a0 in __strrchr_sse42 () from /lib64/libc.so.6
#1 0x00007f8f5dc025ae in access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880, check_mask=check_mask@entry=0x0) at access.c:236
#2 0x00007f8f5dc12453 in svc_child_access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880) at service.c:913
#3 0x00007f8f5dc05065 in child_process (serp=0x7f8f5f0fd300) at child.c:347
#4 0x00007f8f5dc03ff6 in tcpmux_handler (serp=0x7f8f5f109920) at builtins.c:650
#5 0x00007f8f5dc052f2 in child_process (serp=serp@entry=0x7f8f5f109920) at child.c:434
#6 0x00007f8f5dc10981 in server_start (serp=serp@entry=0x7f8f5f109920) at server.c:222
#7 0x00007f8f5dc10a98 in server_run (sp=sp@entry=0x7f8f5f0f30f0, cp=cp@entry=0x7f8f5f109880) at server.c:173
#8 0x00007f8f5dc122c1 in svc_generic_handler (sp=sp@entry=0x7f8f5f0f30f0, cp=cp@entry=0x7f8f5f109880) at service.c:684
#9 0x00007f8f5dc12309 in svc_request (sp=0x7f8f5f0f30f0) at service.c:652
#10 0x00007f8f5dc02165 in main_loop () at main.c:229
#11 main (argc=<optimized out>, argv=<optimized out>) at main.c:107
(gdb) up
#1 0x00007f8f5dc025ae in access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880, check_mask=check_mask@entry=0x0) at access.c:236
236 server = strrchr( SC_SERVER_ARGV(scp)[0], '/' );
(gdb) p *scp->sc_server_argv@3
$1 = {0x0, 0x7f8f5f107a20 "uname", 0x0}
Apparently, the server arg is there, but it's offset by 1.
This looks like the NAMEINARGS argument never worked correctly. If it's specified, the first argument of server_args in the config is supposed to be argv[0] (the name of the server).
Xinetd parses and applies its configuration line by line. If a user wants to specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.
Just swapping 'server_args' and 'flags' lines in our example is enough...
The only reasonable fix that comes into my mind is to exit if NAMEINARGS is used *after* server_args is set. And, of course, make this fact cleanly visible in the documentation.
The 'proper' fix would be to make the config parsing aware of every other option set. This would probably have to be done in two passes and IMHO is just not worth it.
--- Additional comment from Jan Synacek on 2013-11-22 11:24:25 CET ---
Disable service if NAMEINARGS is present in flags and is specified after server_args.
--- Additional comment from Jan Synacek on 2013-11-22 11:24:49 CET ---
Shift server arguments if NAMEINARGS flag is specified after server_args.
--- Additional comment from Jan Synacek on 2013-11-22 11:25:05 CET ---
I consider patch v1 somewhat cleaner solution to the problem.
--- Additional comment from Fedora Update System on 2013-12-03 11:23:58 CET ---
xinetd-2.3.15-10.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/xinetd-2.3.15-10.fc20
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.