|Summary:||Wrong resolv_status might cause crash when name resolution times out|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Dmitri Pal <dpal>|
|Component:||sssd||Assignee:||Stephen Gallagher <sgallagh>|
|Status:||CLOSED ERRATA||QA Contact:||IDM QE LIST <seceng-idm-qe-list>|
|Version:||6.3||CC:||grajaiya, jgalipea, jhrozek, kbanerje, prc|
|Fixed In Version:||sssd-1.8.0-20.el6||Doc Type:||Bug Fix|
No documentation needed.
|Last Closed:||2012-06-20 11:56:28 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Dmitri Pal 2012-03-22 12:58:19 UTC
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/1274 When name resolution times out, the errno return code is 110 (which is correct = ETIMEDOUT), but the resolv_status is 0. This is wrong. We should probably rely mostly on the errno return code and only treat the resolv_status, which is the original ares return code, as kind of extended information, also because in the future we might switch to a different resolver with different error codes.
Comment 1 Jenny Severance 2012-03-22 19:59:07 UTC
Please add steps to verify this issue
Comment 2 Jakub Hrozek 2012-03-27 21:49:52 UTC
(In reply to comment #1) > Please add steps to verify this issue I'm going to write a unit test that exercises this part of the resolver code. Other than that, setting up a DROP rule on a machine that runs the DNS server should trigger the timeout as well.
Comment 5 Jakub Hrozek 2012-04-03 18:50:22 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Comment 6 Kaushik Banerjee 2012-04-16 14:05:23 UTC
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.8.0 Vendor: Red Hat, Inc. Release : 22.el6 Build Date: Mon 09 Apr 2012 07:40:33 PM IST Install Date: Mon 16 Apr 2012 04:57:02 PM IST Build Host: x86-003.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.8.0-22.el6.src.rpm Size : 7870660 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Steps to verify: 1. Add a drop rule(drop on 53 udp port) on the DNS Server. 2. Lookup a user. With the patched version(1.8.0-22) I see the following in the logs: [resolv_gethostbyname_done] (0x0040): querying hosts database failed : Connection timed out [fo_resolve_service_done] (0x0020): Failed to resolve server 'server1.example.com': Timeout while contacting DNS servers [be_resolve_server_done] (0x0080): Couldn't resolve server (server1.example.com), resolver returned (110) With the unpatched version, the log shows: [resolv_gethostbyname_done] (0x0040): querying hosts database failed : Connection timed out [fo_resolve_service_done] (0x0020): Failed to resolve server 'server1.example.com': Successful completion [be_resolve_server_done] (0x1000): Saving the first resolved server [be_resolve_server_done] (0x0020): FATAL: No hostent available for server (server1.example.com) [be_resolve_server_done] (0x1000): Server resolution failed: 14
Comment 8 errata-xmlrpc 2012-06-20 11:56:28 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html