Bug 1029208 - xinetd segfaults when connecting to tcpmux service
xinetd segfaults when connecting to tcpmux service
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xinetd (Show other bugs)
5.10
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jan Synacek
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-11 17:04 EST by thomas.swan
Modified: 2013-12-03 09:42 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-03 09:41:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch v1 - disable service (736 bytes, patch)
2013-11-21 08:49 EST, Jan Synacek
no flags Details | Diff
Patch v2 - shift args (823 bytes, patch)
2013-11-21 08:52 EST, Jan Synacek
no flags Details | Diff

  None (edit)
Description thomas.swan 2013-11-11 17:04:29 EST
Description of problem:
xinetd segfaults when connecting to tcpmux service

Version-Release number of selected component (if applicable):
xinetd-2.3.14-20

How reproducible:
always

Steps to Reproduce:
1. configure a simple tcmpux service
2. telnet localhost 1
3. type the name of the service
4. xinetd segfaults

Actual results:
xinetd segfaults

Expected results:
xinetd should launch service

Additional info:
Observed after last release of xinetd.  
Not seen in xinetd-2.3.14-13
Does not happen on RHEL6, only on RHEL5
Comment 1 Jan Synacek 2013-11-12 07:29:34 EST
Red Hat Enterprise Linux 5 has entered Production 2 phase. For more details see https://access.redhat.com/support/policy/updates/errata/.

I'm not sure, so I'm leaving this to PM to decide whether this bug is critical enough to be fixed in RHEL5.
Comment 2 thomas.swan 2013-11-12 13:02:32 EST
From /var/log/messages:
Nov 10 19:39:35 vgst132 xinetd[30156]: START: tcpmux-server pid=30164 from=127.0.0.1
Nov 10 19:39:37 vgst132 xinetd[30164]: 30164 {general_handler} (30164) Unexpected signal: 11 (Segmentation fault)
Nov 10 19:39:37 vgst132 last message repeated 9 times
Nov 10 19:39:37 vgst132 xinetd[30164]: 30164 {bad_signal} Received 10 signals in 1 seconds. Exiting...
Nov 10 19:39:37 vgst132 xinetd[30156]: EXIT: tcpmux-server status=1 pid=30164 duration=2(sec)
Comment 3 thomas.swan 2013-11-12 14:34:38 EST
strace for a service called dummy running as nobody:nobody:

-- cut --
30537      0.000012 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLIN}, {fd=3, events=POLLIN}], 3, -1 <unfinished ...>
30541      0.000063 rt_sigaction(SIGPIPE, {SIG_DFL, [PIPE], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {0x1, [], SA_RESTORER, 0x2ac2722202d0}, 8) = 0
30541      0.000022 rt_sigaction(SIGTSTP, {SIG_DFL, [TSTP], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {0x1, [], SA_RESTORER, 0x2ac2722202d0}, 8) = 0
30541      0.000018 rt_sigaction(SIGTTIN, {SIG_DFL, [TTIN], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {0x1, [], SA_RESTORER, 0x2ac2722202d0}, 8) = 0
30541      0.000018 rt_sigaction(SIGTTOU, {SIG_DFL, [TTOU], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {0x1, [], SA_RESTORER, 0x2ac2722202d0}, 8) = 0
30541      0.000020 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
30541      0.000015 close(3)            = 0
30541      0.000011 close(4)            = 0
30541      0.000009 close(0)            = 0
30541      0.000011 close(1)            = 0
30541      0.000009 close(2)            = 0
30541      0.000011 umask(02)           = 022
30541      0.000047 getpeername(8, {sa_family=AF_INET, sin_port=htons(42118), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
30541      0.000026 getsockname(8, {sa_family=AF_INET, sin_port=htons(1), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
30541      0.000035 open("/etc/hosts.allow", O_RDONLY) = 0
30541      0.000021 fstat(0, {st_mode=S_IFREG|0644, st_size=161, ...}) = 0
30541      0.000021 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac2712da000
30541      0.000015 read(0, "#\n# hosts.allow\tThis file descri"..., 4096) = 161
30541      0.000027 read(0, "", 4096)   = 0
30541      0.000013 close(0)            = 0
30541      0.000011 munmap(0x2ac2712da000, 4096) = 0
30541      0.000014 open("/etc/hosts.deny", O_RDONLY) = 0 30541      0.000016 fstat(0, {st_mode=S_IFREG|0644, st_size=165, ...}) = 0
30541      0.000038 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac2712da000
30541      0.000023 read(0, "#\n# hosts.deny\tThis file describ"..., 4096) = 165
30541      0.000025 read(0, "", 4096)   = 0
30541      0.000011 close(0)            = 0
30541      0.000011 munmap(0x2ac2712da000, 4096) = 0
30541      0.000030 socket(PF_FILE, SOCK_STREAM, 0) = 0
30541      0.000016 fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
30541      0.000011 connect(0, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory)
30541      0.000026 close(0)            = 0
30541      0.000012 socket(PF_FILE, SOCK_STREAM, 0) = 0
30541      0.000013 fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
30541      0.000011 connect(0, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory)
30541      0.000020 close(0)            = 0
30541      0.000030 open("/etc/resolv.conf", O_RDONLY) = 0
30541      0.000017 fstat(0, {st_mode=S_IFREG|0644, st_size=224, ...}) = 0
30541      0.000019 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac2712da000
30541      0.000014 read(0, "search  idev.fedex.com ecdev.fed"..., 4096) = 224
30541      0.000022 read(0, "", 4096)   = 0
30541      0.000011 close(0)            = 0
30541      0.000011 munmap(0x2ac2712da000, 4096) = 0
30541      0.000014 open("/etc/host.conf", O_RDONLY) = 0
30541      0.000015 fstat(0, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
30541      0.000019 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac2712da000
30541      0.000015 read(0, "", 4096)   = 0
30541      0.000012 close(0)            = 0
30541      0.000010 munmap(0x2ac2712da000, 4096) = 0
30541      0.000016 open("/etc/hosts", O_RDONLY) = 0
30541      0.000018 fcntl(0, F_GETFD)   = 0
30541      0.000011 fcntl(0, F_SETFD, FD_CLOEXEC) = 0
30541      0.000011 fstat(0, {st_mode=S_IFREG|0644, st_size=235, ...}) = 0
30541      0.000019 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac2712da000
30541      0.000013 read(0, "# Do not remove the following li"..., 4096) = 235
30541      0.000021 close(0)            = 0
30541      0.000012 munmap(0x2ac2712da000, 4096) = 0
30541      0.000019 close(5)            = 0
30541      0.000011 close(7)            = 0
30541      0.000011 read(8, "dummy\r\n", 1024) = 7
30541      2.021950 rt_sigaction(SIGPIPE, {SIG_DFL, [PIPE], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {SIG_DFL, [PIPE], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, 8) = 0
30541      0.000025 rt_sigaction(SIGTSTP, {SIG_DFL, [TSTP], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {SIG_DFL, [TSTP], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, 8) = 0
30541      0.000018 rt_sigaction(SIGTTIN, {SIG_DFL, [TTIN], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {SIG_DFL, [TTIN], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, 8) = 0
30541      0.000019 rt_sigaction(SIGTTOU, {SIG_DFL, [TTOU], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, {SIG_DFL, [TTOU], SA_RESTORER|SA_RESTART, 0x2ac2722202d0}, 8) = 0
30541      0.000018 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
30541      0.000013 close(0)            = -1 EBADF (Bad file descriptor)
30541      0.000015 close(1)            = -1 EBADF (Bad file descriptor)
30541      0.000010 close(2)            = -1 EBADF (Bad file descriptor)
30541      0.000019 setgid(99)          = 0
30541      0.000014 setgroups(0, [])    = 0
30541      0.000013 setuid(99)          = 0
30541      0.000034 umask(02)           = 02
30541      0.000012 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000037 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000051 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000030 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000022 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000038 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000105 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000012 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000025 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000023 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000027 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000024 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000026 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000012 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000024 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000038 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000016 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000010 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000024 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000024 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000019 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000011 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000022 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000066 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000025 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000022 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000035 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000018 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000011 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000024 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000033 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000022 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000024 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000016 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000010 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000023 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000039 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000022 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000024 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000044 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000014 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000024 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000032 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000024 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000015 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000011 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000022 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000015 rt_sigreturn(0x7fffb2a8c288) = 0
30541      0.000011 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
30541      0.000021 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
30541      0.000089 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000026 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000021 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 109, MSG_NOSIGNAL, NULL, 0) = 109
30541      0.000029 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000020 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=118, ...}) = 0
30541      0.000023 sendto(6, "<26>Nov 12 18:10:45 xinetd[30541"..., 98, MSG_NOSIGNAL, NULL, 0) = 98
30541      0.000130 exit_group(1)       = ?
30537      0.000233 <... poll resumed> ) = -1 EINTR (Interrupted system call)
30537      0.000009 --- SIGCHLD (Child exited) @ 0 (0) ---
30537      0.000013 write(4, "\21", 1)  = 1
30537      0.000016 rt_sigreturn(0x4)   = -1 EINTR (Interrupted system call)
-- cut ---
30537      0.000070 exit_group(0)       = ?
Comment 5 Jan Synacek 2013-11-19 03:39:47 EST
Hi Thomas,

would you mind sharing your setup? I don't see any segfaults here.

Here's what I'm using:
# cat /etc/xinetd.d/test
service test
{
   id = tcpmux-test
   disable = no
   socket_type = stream
   user = root
   type = TCPMUXPLUS UNLISTED
   server = /usr/bin/uptime
   wait = no
}

# rpm -q xinetd
xinetd-2.3.14-20.el5_10

# telnet localhost 1
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
test
+Go
 09:36:54 up 27 min,  2 users,  load average: 0.09, 0.03, 0.01
Connection closed by foreign host.
Comment 6 thomas.swan 2013-11-20 15:39:41 EST
service dummy
{
        disable         = no
        id              = tcpmux-dummy
        type            = TCPMUX UNLISTED
        wait            = no
        socket_type     = stream
        protocol        =  tcp
        user            = nobody
        group           = nobody
        server          = /bin/uname
        server_args     = uname
        flags           = NAMEINARGS
        instances       = UNLIMITED
        per_source      = UNLIMITED
}
Comment 7 thomas.swan 2013-11-20 15:48:17 EST
It looks like it's NAMEINARGS flag which might be causing the issue.  

# Succeeds
service dummy
{
        disable         = no
        id              = tcpmux-dummy
        type            = TCPMUX UNLISTED
        wait            = no
        socket_type     = stream
        user            = root
        server          = /bin/uname
}

# Fails
service dummy
{
        disable         = no
        id              = tcpmux-dummy
        type            = TCPMUX UNLISTED
        wait            = no
        socket_type     = stream
        user            = nobody
        server          = /bin/uname
        server_args     = uname
        flags           = NAMEINARGS
}
Comment 8 Jan Synacek 2013-11-21 04:27:50 EST
I managed to get a backtrace exactly *once*, after that, no luck...

(gdb) bt
#0  0x00002aaaaba5f760 in strchr () from /lib64/libc.so.6
#1  0x00002aaaaba6025e in strrchr () from /lib64/libc.so.6
#2  0x00002aaaaaab092e in access_control (sp=0x2aaaaad03570, cp=0x2aaaaad059b0, check_mask=<value optimized out>) at access.c:232
#3  0x00002aaaaaabf4ef in svc_child_access_control (sp=0x0, cp=0x2f) at service.c:907
#4  0x00002aaaaaab375b in child_process (serp=0x2aaaaacf9300) at child.c:347
#5  0x00002aaaaaab2685 in tcpmux_handler (serp=0x2aaaaacfda50) at builtins.c:618
#6  0x00002aaaaaab39c3 in child_process (serp=0x2aaaaacfda50) at child.c:434
#7  0x00002aaaaaabebaf in server_start (serp=0x2aaaaacfda50) at server.c:222
#8  0x00002aaaaaabef2c in server_run (sp=0x2aaaaacf9070, cp=0x2aaaaad059b0) at server.c:173
#9  0x00002aaaaaabf815 in svc_request (sp=0x2aaaaacf9070) at service.c:646
#10 0x00002aaaaaab91e1 in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:229
#11 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:107

Notice the 'sp=0x0' in the frame #3. I can't reproduce this anymore, so I'm not sure about the fix. I'll try again later.

Also, when I recompile xinetd with '-fPIC', I don't see any segfaults.
Comment 9 Jan Synacek 2013-11-21 04:46:22 EST
From a different backtrace:

(gdb) f
#1  0x000055555555976f in access_control (sp=0x555555796b10, cp=0x5555557988b0, check_mask=0x0) at access.c:232
232	            server = strrchr( SC_SERVER_ARGV(scp)[0], '/' );

(gdb) p *scp->sc_server_argv 
$7 = 0x0
Comment 10 Jan Synacek 2013-11-21 06:24:44 EST
So, I managed to reproduce this on the xinetd package from Fedora 19... The problem is the same:

(gdb) bt
#0  0x00007f8f5cbcc9a0 in __strrchr_sse42 () from /lib64/libc.so.6
#1  0x00007f8f5dc025ae in access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880, check_mask=check_mask@entry=0x0) at access.c:236
#2  0x00007f8f5dc12453 in svc_child_access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880) at service.c:913
#3  0x00007f8f5dc05065 in child_process (serp=0x7f8f5f0fd300) at child.c:347
#4  0x00007f8f5dc03ff6 in tcpmux_handler (serp=0x7f8f5f109920) at builtins.c:650
#5  0x00007f8f5dc052f2 in child_process (serp=serp@entry=0x7f8f5f109920) at child.c:434
#6  0x00007f8f5dc10981 in server_start (serp=serp@entry=0x7f8f5f109920) at server.c:222
#7  0x00007f8f5dc10a98 in server_run (sp=sp@entry=0x7f8f5f0f30f0, cp=cp@entry=0x7f8f5f109880) at server.c:173
#8  0x00007f8f5dc122c1 in svc_generic_handler (sp=sp@entry=0x7f8f5f0f30f0, cp=cp@entry=0x7f8f5f109880) at service.c:684
#9  0x00007f8f5dc12309 in svc_request (sp=0x7f8f5f0f30f0) at service.c:652
#10 0x00007f8f5dc02165 in main_loop () at main.c:229
#11 main (argc=<optimized out>, argv=<optimized out>) at main.c:107

(gdb) up
#1  0x00007f8f5dc025ae in access_control (sp=sp@entry=0x7f8f5f0f31a0, cp=cp@entry=0x7f8f5f109880, check_mask=check_mask@entry=0x0) at access.c:236
236	            server = strrchr( SC_SERVER_ARGV(scp)[0], '/' );

(gdb) p *scp->sc_server_argv@3
$1 = {0x0, 0x7f8f5f107a20 "uname", 0x0}

Apparently, the server arg is there, but it's offset by 1.

This looks like the NAMEINARGS argument never worked correctly. If it's specified, the first argument of server_args in the config is supposed to be argv[0] (the name of the server).
Comment 11 Jan Synacek 2013-11-21 07:43:01 EST
Xinetd parses and applies its configuration line by line. If a user wants to specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.

Just swapping 'server_args' and 'flags' lines in our example is enough...

The only reasonable fix that comes into my mind is to exit if NAMEINARGS is used *after* server_args is set. And, of course, make this fact cleanly visible in the documentation.

The 'proper' fix would be to make the config parsing aware of every other option set. This would probably have to be done in two passes and IMHO is just not worth it.
Comment 12 Jan Synacek 2013-11-21 08:49:37 EST
Created attachment 827185 [details]
Patch v1 - disable service

Disable service if NAMEINARGS is present in flags and is specified after server_args.
Comment 13 Jan Synacek 2013-11-21 08:52:07 EST
Created attachment 827207 [details]
Patch v2 - shift args

Shift server arguments if NAMEINARGS flag is specified after server_args.
Comment 14 Jan Synacek 2013-11-21 08:55:46 EST
I consider patch v1 somewhat cleaner solution to the problem.

Thomas, what do you think?
Comment 15 thomas.swan 2013-11-21 13:22:22 EST
Assuming that order is important in the current version, I'm inclined to go with v1 as well. A useful error message rather than a segfault is a definite win.  I agree a redo on the parser would be the proper fix, but not necessary.  

I might add that a comment in the empty.conf and/or sample.conf that says that the order of the options shuod/must be followed might also prevent future confusion.
Comment 16 thomas.swan 2013-11-21 13:41:11 EST
You may also want to move the "Networking options" section above the "External services" section unless that would break parsing.  The original failing config was constructed using the order specified in the /usr/share/doc/xinetd*/empty.conf file.
Comment 17 Jan Synacek 2013-12-03 09:41:39 EST
This Bugzilla has been reviewed by Red Hat and is not planned on being addressed in Red Hat Enterprise Linux 5, and therefore will be closed. If this bug is critical to production systems, please contact your Red Hat support representative and provide sufficient business justification. Issue is already fixed in RHEL-7.

Note You need to log in before you can comment on or make changes to this bug.