Bug 2075807

Summary: crash when using "cmx" command with no additional parameter
Product: Red Hat Enterprise Linux 8 Reporter: Renaud Métrich <rmetrich>
Component: sblim-wbemcliAssignee: Vitezslav Crhonek <vcrhonek>
Status: CLOSED ERRATA QA Contact: Evgeny Fedin <efedin>
Severity: medium Docs Contact: Šárka Jana <sjanderk>
Priority: medium    
Version: 8.5CC: efedin, sjanderk, vcrhonek
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sblim-wbemcli-1.6.3-16.el8 Doc Type: Bug Fix
Doc Text:
.The `cmx` operation with no parameter no longer crashes the CIM Client The `cmx` operation calls a method and returns XML, a parameter specifies the name of the called method. Previously, the command line `sblim-wbemcli` Common Information Model (CIM) Client crashed when running the `cmx` operation without an additional parameter. With this update, the `cmx` operation requires the parameter that defines the name of the called method. Invoking the `cmx` operation without this parameter results in an error message, and the CIM Client no longer crashes.
Story Points: ---
Clone Of:
: 2083577 (view as bug list) Environment:
Last Closed: 2022-11-08 09:47:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Métrich 2022-04-15 12:45:29 UTC
Description of problem:

When executing "cmx" command with no additional parameter, the command crashes, e.g.:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# /usr/bin/wbemcli cmx 'http://localhost/root/cimv2:Linux_zChannelMetric'
Segmentation fault (core dumped)
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This is due to not verifying "xtraStr" value before parsing it:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# gdb $(which wbemcli) core
[...]
Core was generated by `/usr/bin/wbemcli cmx http://localhost/root/cimv2:Linux_zChannelMetric'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  strchr () at ../sysdeps/s390/strchr-vx.S:45
45		vlbb	%v16,0(%r2),6	/* Load s until next 4k-byte boundary.  */
(gdb) bt
#0  strchr () at ../sysdeps/s390/strchr-vx.S:45
#1  0x000002aa03a85d4c in strchr (__c=46, __s=0x0) at /usr/include/string.h:214
#2  main (argc=<optimized out>, argv=<optimized out>) at main.cpp:590
(gdb) f 2
#2  main (argc=<optimized out>, argv=<optimized out>) at main.cpp:590
590	         if ((params = strchr(xtraStr, '.')))
(gdb) p xtraStr
$1 = 0x0
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

"xtraStr" is initialized with this:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
119 int main (int argc, char *argv[]) {
120    int pos, retval = 0;
121    char *cmd, *params, *endptr, *opStr=NULL,*urlStr=NULL,*xtraStr=NULL;
 :
217             if (n==0) opStr=*argv;
218             else if (n==1) urlStr=strdup(*argv);
219             else if (n==2) xtraStr=*argv;
 :
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Here above, we don't iterate "n" initially through setting "opStr" (line 217), then "urlStr" (line 218) but we never set "xtraStr" because there is no more argument.


Version-Release number of selected component (if applicable):

sblim-wbemcli-1.6.3-15.el8


How reproducible:

Always

Steps to Reproduce:
1. Execute the command

  # /usr/bin/wbemcli cmx 'http://localhost/root/cimv2:CIM_Service'

Actual results:

Core dump

Expected results:

No core dump

Comment 1 Vitezslav Crhonek 2022-05-02 08:01:26 UTC
Thanks, reproduced.

Comment 14 errata-xmlrpc 2022-11-08 09:47:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sblim-wbemcli bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7596