Bug 805918 - Wrong resolv_status might cause crash when name resolution times out
Wrong resolv_status might cause crash when name resolution times out
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Stephen Gallagher
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-22 08:58 EDT by Dmitri Pal
Modified: 2012-06-20 07:56 EDT (History)
5 users (show)

See Also:
Fixed In Version: sssd-1.8.0-20.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 07:56:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-03-22 08:58:19 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1274

When name resolution times out, the errno return code is 110 (which is correct = ETIMEDOUT), but the resolv_status is 0. This is wrong.

We should probably rely mostly on the errno return code and only treat the resolv_status, which is the original ares return code, as kind of extended information, also because in the future we might switch to a different resolver with different error codes.
Comment 1 Jenny Galipeau 2012-03-22 15:59:07 EDT
Please add steps to verify this issue
Comment 2 Jakub Hrozek 2012-03-27 17:49:52 EDT
(In reply to comment #1)
> Please add steps to verify this issue

I'm going to write a unit test that exercises this part of the resolver code. Other than that, setting up a DROP rule on a machine that runs the DNS server should trigger the timeout as well.
Comment 5 Jakub Hrozek 2012-04-03 14:50:22 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 6 Kaushik Banerjee 2012-04-16 10:05:23 EDT
Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.8.0                             Vendor: Red Hat, Inc.
Release     : 22.el6                        Build Date: Mon 09 Apr 2012 07:40:33 PM IST
Install Date: Mon 16 Apr 2012 04:57:02 PM IST      Build Host: x86-003.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.8.0-22.el6.src.rpm
Size        : 7870660                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon


Steps to verify:

1. Add a drop rule(drop on 53 udp port) on the DNS Server.
2. Lookup a user.

With the patched version(1.8.0-22) I see the following in the logs:

[resolv_gethostbyname_done] (0x0040): querying hosts database failed [110]: Connection timed out
[fo_resolve_service_done] (0x0020): Failed to resolve server 'server1.example.com': Timeout while contacting DNS servers
[be_resolve_server_done] (0x0080): Couldn't resolve server (server1.example.com), resolver returned (110)


With the unpatched version, the log shows:

[resolv_gethostbyname_done] (0x0040): querying hosts database failed [110]: Connection timed out
[fo_resolve_service_done] (0x0020): Failed to resolve server 'server1.example.com': Successful completion
[be_resolve_server_done] (0x1000): Saving the first resolved server
[be_resolve_server_done] (0x0020): FATAL: No hostent available for server (server1.example.com)
[be_resolve_server_done] (0x1000): Server resolution failed: 14
Comment 8 errata-xmlrpc 2012-06-20 07:56:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html

Note You need to log in before you can comment on or make changes to this bug.