Bug 841319 - In-band signalling in __pmGetPDU leads to pmcd memory leak
In-band signalling in __pmGetPDU leads to pmcd memory leak
Product: Fedora
Classification: Fedora
Component: pcp (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Ken McDonell
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks: 840765 CVE-2012-3420
  Show dependency treegraph
Reported: 2012-07-18 12:41 EDT by Florian Weimer
Modified: 2012-08-20 00:03 EDT (History)
4 users (show)

See Also:
Fixed In Version: pcp-3.6.5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-08-20 00:03:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch for pdu.c (666 bytes, patch)
2012-07-20 02:36 EDT, Ken McDonell
no flags Details | Diff

  None (edit)
Description Florian Weimer 2012-07-18 12:41:03 EDT
The return value of __pmGetPDU is both an error code and the value of the type field of the PDU.  A negative type value is treated as an error by HandleClientInput, and the PDU is never unpinned, even though it was pinned by __pmGetPDU because there was no error.  This leads to a memory leak and eventual pmcd crash.

I think one possible fix would be to reject negative type values in __pmGetPDU.
Comment 2 Mark Goodwin 2012-07-18 22:25:02 EDT
[this is a test] Ken tried to comment on this BZ but got an error
Comment 3 Ken McDonell 2012-07-19 00:35:43 EDT
I'll work on this one.  Florian's suggested fix seems correct and robust.
Comment 4 Ken McDonell 2012-07-19 04:58:00 EDT
Fix is in commit 49b9bd1e5d1df6f7115fec79bd09e2dc99df7fd9.
QA 511 added to verify bug and fix.
Comment 5 Ken McDonell 2012-07-20 02:36:40 EDT
Created attachment 599314 [details]
proposed patch for pdu.c

This is Florian's fix.  I've backed out the commit in my git tree as per the agreed process for handling these issues.
Comment 6 Huzaifa S. Sidhpurwala 2012-08-16 00:10:18 EDT
Upstream patch:


This issue has been addressed in pcp-3.6.5

Note You need to log in before you can comment on or make changes to this bug.