Bug 141110
| Summary: | bug in table_match leads to segfault of process executing hosts_ctl | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nikita Shulga <malfet> | ||||
| Component: | tcp_wrappers | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3 | CC: | md | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-05-06 13:29:28 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 107553 [details]
should fix this issue
After studying .spec file I'd like to add few more comments:
1) This bug was introduced by tcp_wrappers-7.6-sig.patch
2) Another misbehaviour was added by that patch in host_access function.
Originally it's tail was:
if (table_match(hosts_allow_table, request))
return (YES);
if (table_match(hosts_deny_table, request))
return (NO);
return (YES);
After tcp_wrappers-7.6-sig.patch it turned to:
if (table_match(hosts_allow_table, request))
return (YES);
if (table_match(hosts_deny_table, request) == NO)
return (YES);
return (NO);
But it should be:
if (table_match(hosts_allow_table, request) == YES)
return (YES);
if (table_match(hosts_deny_table, request) == NO)
return (YES);
return (NO);
Patch to tcp_wrappers-7.6-37.2 which will fix both issue is attached to this
comment
Fixed in rawhide in rpm tcp_wrappers-7.6-39 or newer. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Description of problem: It first occured with slapd deamon when I tried to run stress test on ldap-server. If one opens too may connection to slapd process, slapd will receive SEG_FAULT eventually Last message submitted to the log before the crash is: slapd[xxxx]: warning: cannot open /etc/hosts.allow: Too many open files When I started to investigate that, I find out, that crash happens du to the following bug in table_match function in tcp_wrappers: int table_match(...) { /*sh_cmd variable is declared but not initialized here*/ match=NO; ... if ((fp=open())!=0) { .... /*Initialize sh_cmd here*/ .... } else if (errno != ENOENT) { tcpd_warn() match = ERR; } if (match) { /*Use sh_cmd here*/ } .... } So, it was assumed by developer, that match variable should be equal to YES in later if, but it tests it as non-zero. The following patch fixes this problem: --- tcp_wrappers_7.6/hosts_access.c.orig 2004-11-29 15:16:26.532074984 +0300 +++ tcp_wrappers_7.6/hosts_access.c 2004-11-29 15:15:47.500008760 +0300 @@ -177,7 +177,7 @@ tcpd_warn("cannot open %s: %m", table); match = ERR; } - if (match) { + if (match == YES) { if (hosts_access_verbose > 1) syslog(LOG_DEBUG, "matched: %s line %d", tcpd_context.file, tcpd_context.line); Version-Release number of selected component (if applicable): tcp_wrappers-7.6-37.2 How reproducible: Always Steps to Reproduce: 1.Make sure that you have hosts.allow and hosts.deny 2.Run slapd with DB large enough 3.Load it heavily, with something like this while /bin/true; do ldapsearch -x "objectClass=*" done Actual Results: slapd crashes Additional info: