RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1031384 - anacron segfaults with certain config data
Summary: anacron segfaults with certain config data
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cronie
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Marcela Mašláňová
QA Contact: Jakub Prokes
URL:
Whiteboard:
: 1055549 1062132 1062666 (view as bug list)
Depends On: 1031383
Blocks: 744225
TreeView+ depends on / blocked
 
Reported: 2013-11-17 14:06 UTC by Martin Poole
Modified: 2019-04-08 16:25 UTC (History)
6 users (show)

Fixed In Version: cronie-1.4.11-11.el7
Doc Type: Bug Fix
Doc Text:
Cause: Anacron didn't check configuration file well. Consequence: Anacron segfaulted with incorrect configuration like START_HOURS_RANGE=0 Fix: Configuration is now checked properly. Result: No segfaults by anacron configuration.
Clone Of: 1031383
Environment:
Last Closed: 2014-06-13 11:50:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch to correctly check match_rx return codes (1.59 KB, patch)
2013-11-17 14:06 UTC, Martin Poole 		no flags Details | Diff
dmesg trace logs (16.43 KB, text/plain)
2014-02-06 09:56 UTC, IBM Bug Proxy 		no flags Details
View All

Description Martin Poole 2013-11-17 14:06:46 UTC 
Created attachment 825148 [details]
patch to correctly check match_rx return codes

+++ This bug was initially created as a clone of Bug #1031383 +++

Description of problem:

anacron does not correctly check configuration parameters for validity and can segfault on certain data types

The return code from the match_rx calls in readtab.c are not being checked correctly, 

Version-Release number of selected component (if applicable):

cronie-1.4.4-10.el6

How reproducible:

Always

Steps to Reproduce:
1. Set  START_HOURS_RANGE=0

Actual results:

Segmentation fault


Additional info:

There is also a possible divide-by-zero segfault if RANDOM_DELAY=0.
Comment 2 Karel Srot 2014-01-20 13:31:37 UTC 
Switching back to ASSIGNED. I believe the patch introduced a regression.

# rpm -qa | grep cron
cronie-anacron-1.4.11-7.el7.x86_64
cronie-1.4.11-7.el7.x86_64

with 
RANDOM_DELAY=45
in /etc/anacrontab I am getting:

# anacron -f -d 
Anacron started on 2014-01-20
anacron: Regex error reading /etc/anacrontab
anacron: Aborted

It worked with cronie-1.4.11-6.el7
Comment 3 Marcela Mašláňová 2014-01-20 17:12:37 UTC 
It was already opened as rhbz#1031384. Which one do you want to close?
Comment 4 Karel Srot 2014-01-21 07:19:10 UTC 
(In reply to Marcela Mašláňová from comment #3)
> It was already opened as rhbz#1031384. Which one do you want to close?

Hi Marcela, seems like a wrong bug reference (or wrong bug for this comment).
Comment 5 Marcela Mašláňová 2014-01-21 08:01:12 UTC 
*** Bug 1055549 has been marked as a duplicate of this bug. ***
Comment 6 Marcela Mašláňová 2014-01-22 14:15:41 UTC 
Coverity found another problem in checking values. Fixed in new build.
Comment 9 Marcela Mašláňová 2014-02-06 09:49:56 UTC 
*** Bug 1062132 has been marked as a duplicate of this bug. ***
Comment 10 IBM Bug Proxy 2014-02-06 09:56:10 UTC 
Created attachment 860082 [details]
dmesg trace logs

default comment by bridge
Comment 11 Marcela Mašláňová 2014-02-09 08:24:17 UTC 
*** Bug 1062666 has been marked as a duplicate of this bug. ***
Comment 12 IBM Bug Proxy 2014-02-21 09:01:45 UTC 
------- Comment From mgrf.com 2014-02-21 08:55 EDT-------
This is verified included in snap 7 - closing on IBM site (for System z only as this is a DUP on Red Hat site)
Comment 15 Ludek Smid 2014-06-13 11:50:53 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Comment 17 IBM Bug Proxy 2019-04-08 16:25:06 UTC 
------- Comment From hannsj_uhl.com 2019-04-08 10:13 EDT-------
.
Note You need to log in before you can comment on or make changes to this bug.