Bug 731350 - tcp_wrapper related daemons eat 100% CPU when a line of hosts.allow is exceeds 2048byte
Summary: tcp_wrapper related daemons eat 100% CPU when a line of hosts.allow is exceed...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: tcp_wrappers
Version: 6.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On: 727445
Blocks: 836160
TreeView+ depends on / blocked
 
Reported: 2011-08-17 12:16 UTC by Jan F. Chadima
Modified: 2019-09-12 07:40 UTC (History)
5 users (show)

Fixed In Version: tcp_wrappers-7.6-58.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 727445
Environment:
Last Closed: 2016-05-10 20:35:18 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0796 normal SHIPPED_LIVE tcp_wrappers bug fix update 2016-05-10 22:37:25 UTC

Description Jan F. Chadima 2011-08-17 12:16:56 UTC
+++ This bug was initially created as a clone of Bug #727445 +++

Created attachment 516268 [details]
"ps" result that sshd goes infine loop..

Description of problem:
If I set lots of IP lists(over 2048byte) at a line of /etc/hosts.allow, 
some programs that call the tcp_wrapper() such as ssh, snmpd,ldap, vsftpd, etc. eats 100% CPU when there was any request from outside. 
in case of ssh, can't connect even the IP was allowed from /etc/hosts.allow. 

Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-40.7.el5

How reproducible:
very simple. just adding the lots if IP lists(around 160?) at a line.
you can check the size of the IP lists using Ctrl+G at the end of lists in vi mode.  


Steps to Reproduce:
1. add the lots of ip lists(over 2048 byte, aorund 160 ip lists?) at a line such as like below, for example, snmpd. 

/etc/hosts.allow 
snmpd: 1.1.1.1, 2.2.2.2, 3.3.3.3............
sshd : 5.6.7.8

2. add the deny all connections. 
/etc/hosts.deny 
sshd : All 

3. try to connect the ssh to this server from 3.3.3.3 that is allowed at hosts.allow. 
  
Actual results:
sshd process eats 100% CPU and client can't connect. 
this is "ps aux" result. 
--------------------------------------------------------------------------
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     27528 91.6  0.0   64824  2740 ?        Rs   16:33   0:05 sshd:
[accepted]
----------------------------------------------------------------------------

Expected results:


Additional info:
the sequence is important.
the exceeded line(snmpd for example) should be above than the actual service(sshd).

it's because of "xgets()" related issue and this causes infine loop.

--- Additional comment from antihong@gmail.com on 2011-08-02 03:48:25 EDT ---

correction.

3. try to connect the ssh to this server from 3.3.3.3 that is allowed at
hosts.allow
==>  
3. try to connect the ssh to this server from 5.6.7.8 that is allowed at
hosts.allow

--- Additional comment from jchadima@redhat.com on 2011-08-11 15:48:46 EDT ---

can you please contact RH support?

--- Additional comment from antihong@gmail.com on 2011-08-11 19:05:30 EDT ---

Do you mean this is not bug?

thanks.

--- Additional comment from jchadima@redhat.com on 2011-08-15 02:48:43 EDT ---

(In reply to comment #3)
> Do you mean this is not bug?
> 
> thanks.

this is the bug, of course, but connect the support please.

--- Additional comment from antihong@gmail.com on 2011-08-15 05:27:48 EDT ---

but I don't know how to do it.
Could you do it instead of me?

thanks.

--- Additional comment from jchadima@redhat.com on 2011-08-17 07:55:07 EDT ---

I cannot to do it, Only I can do to repair the bug in fedora (now it is repaired in rawhide).

Comment 2 RHEL Product and Program Management 2011-08-17 13:11:09 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 3 RHEL Product and Program Management 2011-10-07 16:07:32 UTC
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 8 Suzanne Yeghiayan 2012-02-14 23:13:45 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 9 RHEL Product and Program Management 2012-07-10 07:15:45 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 10 RHEL Product and Program Management 2012-07-11 01:52:04 UTC
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.

Comment 11 RHEL Product and Program Management 2012-09-07 05:24:18 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 13 RHEL Product and Program Management 2013-10-14 01:01:35 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 14 RHEL Product and Program Management 2013-12-04 18:39:29 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 23 errata-xmlrpc 2016-05-10 20:35:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0796.html


Note You need to log in before you can comment on or make changes to this bug.