Bug 731350

Summary: tcp_wrapper related daemons eat 100% CPU when a line of hosts.allow is exceeds 2048byte
Product: Red Hat Enterprise Linux 6 Reporter: Jan F. Chadima <jchadima>
Component: tcp_wrappersAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: high    
Version: 6.2CC: antihong, plautrba, psklenar, pvrabec, rvokal
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tcp_wrappers-7.6-58.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 727445 Environment:
Last Closed: 2016-05-10 20:35:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 727445, 1995483    
Bug Blocks: 836160    

Description Jan F. Chadima 2011-08-17 12:16:56 UTC 
+++ This bug was initially created as a clone of Bug #727445 +++

Created attachment 516268 [details]
"ps" result that sshd goes infine loop..

Description of problem:
If I set lots of IP lists(over 2048byte) at a line of /etc/hosts.allow, 
some programs that call the tcp_wrapper() such as ssh, snmpd,ldap, vsftpd, etc. eats 100% CPU when there was any request from outside. 
in case of ssh, can't connect even the IP was allowed from /etc/hosts.allow. 

Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-40.7.el5

How reproducible:
very simple. just adding the lots if IP lists(around 160?) at a line.
you can check the size of the IP lists using Ctrl+G at the end of lists in vi mode.  


Steps to Reproduce:
1. add the lots of ip lists(over 2048 byte, aorund 160 ip lists?) at a line such as like below, for example, snmpd. 

/etc/hosts.allow 
snmpd: 1.1.1.1, 2.2.2.2, 3.3.3.3............
sshd : 5.6.7.8

2. add the deny all connections. 
/etc/hosts.deny 
sshd : All 

3. try to connect the ssh to this server from 3.3.3.3 that is allowed at hosts.allow. 
  
Actual results:
sshd process eats 100% CPU and client can't connect. 
this is "ps aux" result. 
--------------------------------------------------------------------------
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     27528 91.6  0.0   64824  2740 ?        Rs   16:33   0:05 sshd:
[accepted]
----------------------------------------------------------------------------

Expected results:


Additional info:
the sequence is important.
the exceeded line(snmpd for example) should be above than the actual service(sshd).

it's because of "xgets()" related issue and this causes infine loop.

--- Additional comment from antihong on 2011-08-02 03:48:25 EDT ---

correction.

3. try to connect the ssh to this server from 3.3.3.3 that is allowed at
hosts.allow
==>  
3. try to connect the ssh to this server from 5.6.7.8 that is allowed at
hosts.allow

--- Additional comment from jchadima on 2011-08-11 15:48:46 EDT ---

can you please contact RH support?

--- Additional comment from antihong on 2011-08-11 19:05:30 EDT ---

Do you mean this is not bug?

thanks.

--- Additional comment from jchadima on 2011-08-15 02:48:43 EDT ---

(In reply to comment #3)
> Do you mean this is not bug?
> 
> thanks.

this is the bug, of course, but connect the support please.

--- Additional comment from antihong on 2011-08-15 05:27:48 EDT ---

but I don't know how to do it.
Could you do it instead of me?

thanks.

--- Additional comment from jchadima on 2011-08-17 07:55:07 EDT ---

I cannot to do it, Only I can do to repair the bug in fedora (now it is repaired in rawhide).
Comment 2 RHEL Program Management 2011-08-17 13:11:09 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 3 RHEL Program Management 2011-10-07 16:07:32 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 8 Suzanne Logcher 2012-02-14 23:13:45 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 9 RHEL Program Management 2012-07-10 07:15:45 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 10 RHEL Program Management 2012-07-11 01:52:04 UTC 
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 11 RHEL Program Management 2012-09-07 05:24:18 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 13 RHEL Program Management 2013-10-14 01:01:35 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 14 RHEL Program Management 2013-12-04 18:39:29 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 23 errata-xmlrpc 2016-05-10 20:35:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0796.html