Bug 845821
| Summary: | -milterfdleaks patch causes endless, high frequent log storm | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Enrico Scholz <rh-bugzilla> | ||||||
| Component: | sendmail | Assignee: | Jaroslav Škarvada <jskarvad> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Alois Mahdal <amahdal> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 6.2 | CC: | amahdal, jskarvad, paul, psklenar, rvokal | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | sendmail-8.14.4-9.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
Under certain circumstances, sendmail previously recorded a very large number of log messages that reported failures to set the close-on-exec flag. The Milter implementation has been modified to perform socket validation before the fnctl() function attempts to set close-on-exec. As a result, fnctl() is no longer called on invalid sockets, and the described log messages no longer occur.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-07-22 06:24:14 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 602450 [details]
Proposed fix
The problem seems to be elsewhere, but we could fix it.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux. Created attachment 694372 [details]
Patch against 8.14.6 (Rawhide)
Proposed patch looks sane. Here's the patch I'm using in my local build for 8.14.6 (almost identical to the Rawhide package) on Fedora 18 for the last week or so. Haven't seen any problems with it.
Patch reviewed by QA and confirmed to fix issue on customer side. Sanity and regression suite ran on all archs. VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1299.html |
Description of problem: One of my systems created endless, high frequent log messages (up to 6000 messages per second) like | Aug 4 08:08:53 ... Unable to set close-on-exec on connfd (Bad file descriptor) | Aug 4 08:08:53 ... Unable to set close-on-exec on connfd (Bad file descriptor) This is caused by sendmail-8.14.3-milterfdleaks.patch which uses 'connfd' without validating it: | connfd = accept(listenfd, (struct sockaddr *) &cliaddr, | &clilen); | ... | + if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 || | + fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1) | + { | + smi_log(SMI_LOG_WARN, | + "%s: Unable to set close-on-exec on connfd (%s)", | + smfi->xxfi_name, sm_errstring(errno)); There is an (unknown) underlying problem which is unrelated to this patch. But the fcntl() operations should not be executed before validating 'connfd'. Handling of bad 'connfd' descriptor is done later in the milter code so that no further actions should be done in this case by the patch. Version-Release number of selected component (if applicable): sendmail-8.14.4-8.el6.x86_64