Bug 2256665

Summary: conserver buffer overflow
Product: [Fedora] Fedora Reporter: Jeff Moyer <jmoyer>
Component: conserverAssignee: Lukáš Zaoral <lzaoral>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: cz172638, jiri, lzaoral
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: conserver-8.2.7-6.fc40 conserver-8.2.7-5.el9 conserver-8.2.7-6.fc39 conserver-8.2.7-5.fc38 conserver-8.2.1-5.el7 conserver-8.2.2-6.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-01-16 16:51:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix a buffer overflow none

Description Jeff Moyer 2024-01-03 17:10:25 UTC 
We experienced conserver crashes that were always preceded by the server receiving SIGHUP.  See https://github.com/bstansell/conserver/issues/93 for more details, and the corresponding upstream pull request here: https://github.com/bstansell/conserver/pull/95.

The basic issue is that FileUnopen is returning -1, and that value is used to index into an fd_set.  The fix linked above modifies FileUnopen to return a valid fd.  A more conservative fix would modify the caller to check for -1, and avoid the FD_CLR.  I will attach a patch that does the latter to this bug, as that is what we deployed internally.

Reproducible: Didn't try

Steps to Reproduce:
I believe that you would have to have active SSL connections when SIGHUP is received by the conserver process.
Actual Results:  
conserver crashes, and the logs show:

[Wed Sep 20 08:57:32 2023] conserver (46864): [ibm-hs22-5.swcert.cee.pnq.redhat.com] exit(2)
[Wed Sep 20 08:57:32 2023] conserver (46864): [ibm-hs22-5.swcert.cee.pnq.redhat.com] automatic reinitialization
*** buffer overflow detected ***: /usr/sbin/conserver terminated
[Wed Sep 20 08:57:32 2023] conserver (56606): [dell-per320-03.khw2.lab.eng.bos.redhat.com] exit(1)
[Wed Sep 20 08:57:32 2023] conserver (56606): [dell-per320-03.khw2.lab.eng.bos.redhat.com] automatic reinitialization
[Wed Sep 20 08:57:32 2023] conserver (47817): [dev203.mw.lab.eng.bos.redhat.com] exit(1)
[Wed Sep 20 08:57:32 2023] conserver (47817): [dev203.mw.lab.eng.bos.redhat.com] automatic reinitialization
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7facde1987a7]
/lib64/libc.so.6(+0x116922)[0x7facde196922]
/lib64/libc.so.6(+0x118707)[0x7facde198707]
/usr/sbin/conserver(+0x158d2)[0x558ddb5468d2]
/usr/sbin/conserver(+0x2581a)[0x558ddb55681a]
/usr/sbin/conserver(+0x1944f)[0x558ddb54a44f]
/usr/sbin/conserver(+0x78f8)[0x558ddb5388f8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7facde0a2555]
/usr/sbin/conserver(+0x7c79)[0x558ddb538c79]
...


Expected Results:  
conserver continues to run
Comment 1 Jeff Moyer 2024-01-03 17:11:38 UTC 
Created attachment 2007046 [details]
Fix a buffer overflow
Comment 2 Fedora Update System 2024-01-16 16:50:32 UTC 
FEDORA-2024-b42c9e53be has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-b42c9e53be
Comment 3 Fedora Update System 2024-01-16 16:51:29 UTC 
FEDORA-2024-b42c9e53be has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 4 Fedora Update System 2024-01-16 16:55:55 UTC 
FEDORA-EPEL-2024-485ca40cbd has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-485ca40cbd
Comment 5 Fedora Update System 2024-01-16 16:55:55 UTC 
FEDORA-EPEL-2024-698eea42eb has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-698eea42eb
Comment 6 Fedora Update System 2024-01-16 16:55:56 UTC 
FEDORA-2024-329d379065 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-329d379065
Comment 7 Fedora Update System 2024-01-16 16:55:56 UTC 
FEDORA-2024-b643778254 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-b643778254
Comment 8 Fedora Update System 2024-01-17 00:44:46 UTC 
FEDORA-EPEL-2024-a8c18697dc has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a8c18697dc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2024-01-17 01:12:59 UTC 
FEDORA-EPEL-2024-698eea42eb has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-698eea42eb

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2024-01-17 01:19:17 UTC 
FEDORA-EPEL-2024-485ca40cbd has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-485ca40cbd

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Fedora Update System 2024-01-17 01:44:03 UTC 
FEDORA-2024-b643778254 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-b643778254`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-b643778254

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2024-01-17 18:07:00 UTC 
FEDORA-2024-329d379065 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-329d379065`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-329d379065

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 13 Fedora Update System 2024-01-25 00:37:43 UTC 
FEDORA-EPEL-2024-a8c18697dc has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 14 Fedora Update System 2024-01-25 00:40:46 UTC 
FEDORA-2024-329d379065 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 Fedora Update System 2024-01-25 00:47:28 UTC 
FEDORA-2024-b643778254 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 16 Fedora Update System 2024-01-25 00:57:06 UTC 
FEDORA-EPEL-2024-485ca40cbd has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 17 Fedora Update System 2024-01-25 00:58:11 UTC 
FEDORA-EPEL-2024-698eea42eb has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.