Bug 841391 - segfault on multiline quoted shell variable; e.g. IPV6ADDR_SECONDARIES="
segfault on multiline quoted shell variable; e.g. IPV6ADDR_SECONDARIES="
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
16
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-18 16:45 EDT by Wendell Baker
Modified: 2013-02-13 21:51 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-13 21:51:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ifcfg-em1 sample that causes a segfault (1.27 KB, text/plain)
2012-07-18 16:45 EDT, Wendell Baker
no flags Details
ifcfg-em1 sample that causes a segfault; fixed to not cause the segfault (1.26 KB, text/plain)
2012-07-18 16:46 EDT, Wendell Baker
no flags Details

  None (edit)
Description Wendell Baker 2012-07-18 16:45:45 EDT
Created attachment 598995 [details]
ifcfg-em1 sample that causes a segfault

Description of problem:

NetworkNanager segfaults if a shell variable in /etc/sysconfig/network-scripts/ifcfg-$iface is multi-line.   /bin/sh (bash) accepts this, ifcfg-rh accepts this, maybe, but NetworkManager crashes and the system becomes NIC-unmanaged.  Upon boot, all interfaces are down; this is very bad for headless in-the-cloud  usage.

Version-Release number of selected component (if applicable):

$ uname -a
Linux mybox 3.4.4-4.fc16.i686 #1 SMP Thu Jul 5 20:58:10 UTC 2012 i686 i686 i386 GNU/Linux
$ rpm -q -f /usr/sbin/NetworkManager
NetworkManager-0.9.4-6.git20120521.fc16.i686

How reproducible:

100%

Steps to Reproduce:
1a. use ifcfg-em1.sample
1b. see the segfault

2a. use ifcfg.fixed
2b. see NetworkManager function
  
Actual results:

NetworkManager[20046]: segfault at 9b12000 ip 46fbbd93 sp bfa02738 error 4 in libc-2.14.90.so[46f3b000+1a7000]
Expected results:

NetworkManager manages interfaces


Additional info:

for attachments included nearby.

$ diff ifcfg-em1.{segfault,fixed}
37,40c37
< IPV6ADDR_SECONDARIES="
<     2001:0123:4567:89ab:0123:45ff:fe67:89ab/64
<     2001:4567:89ab:cdef:0123:45ff:fe67:89ab/64
< "
---
> IPV6ADDR_SECONDARIES=" 2001:0123:4567:89ab:0123:45ff:fe67:89ab/64 2001:4567:89ab:cdef:0123:45ff:fe67:89ab/64 "







$ sudo gdb /usr/sbin/NetworkManager /var/spool/abrt/ccpp-2012-07-18-13:13:04-20046/coredump
GNU gdb (GDB) Fedora (7.3.50.20110722-13.fc16)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/NetworkManager...Reading symbols from /usr/lib/debug/usr/sbin/NetworkManager.debug...done.
done.
[New LWP 20046]
[New LWP 20047]
[New LWP 20048]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/sbin/NetworkManager --no-daemon'.
Program terminated with signal 11, Segmentation fault.
#0  __memmove_ia32 () at ../sysdeps/i386/i686/memmove.S:77
77	2:	rep
Missing separate debuginfos, use: debuginfo-install libffi-3.0.10-1.fc16.i686 libgcc-4.6.3-2.fc16.i686 libselinux-2.1.6-6.fc16.i686 nss-softokn-3.13.4-1.fc16.i686 nss-softokn-freebl-3.13.4-1.fc16.i686 sqlite-3.7.7.1-1.fc16.i686 zlib-1.2.5-6.fc16.i686
(gdb) where
#0  __memmove_ia32 () at ../sysdeps/i386/i686/memmove.S:77
#1  0xb64d0aeb in svUnescape (s=0x9afe8c0 "") at /usr/include/bits/string3.h:58
#2  0xb64d0e78 in svGetValue (s=0x9adb848, key=0xb64e6e03 "IPV6ADDR_SECONDARIES", verbatim=0)
    at shvar.c:209
#3  0xb64d9536 in make_ip6_setting (error=0xbfa02868, iscsiadm_path=0xb64e6bf3 "/sbin/iscsiadm", 
    network_file=0xb64e58e5 "/etc/sysconfig/network", ifcfg=0x9adb848) at reader.c:1570
#4  connection_from_file (filename=0x9add3a8 "/etc/sysconfig/network-scripts/ifcfg-em1", 
    network_file=0xb64e58e5 "/etc/sysconfig/network", test_type=0x0, 
    iscsiadm_path=0xb64e6bf3 "/sbin/iscsiadm", unmanaged=0xbfa02910, keyfile=0xbfa02914, 
    routefile=0xbfa02918, route6file=0xbfa0291c, out_error=0xbfa02978, ignore_error=0xbfa0297c)
    at reader.c:4085
#5  0xb64d0708 in nm_ifcfg_connection_new (
    full_path=0x9add3a8 "/etc/sysconfig/network-scripts/ifcfg-em1", source=0x0, error=0xbfa02978, 
    ignore_error=0xbfa0297c) at nm-ifcfg-connection.c:119
#6  0xb64ce9f4 in _internal_new_connection (self=0x9ad6c90, 
    path=0x9add3a8 "/etc/sysconfig/network-scripts/ifcfg-em1", source=0x0, error=0x0)
    at plugin.c:128
#7  0xb64cf0be in read_connections (plugin=0x9ad6c90) at plugin.c:182
#8  0xb64cf2d6 in get_unmanaged_specs (config=0x9ad6c90) at plugin.c:442
#9  0x080e4790 in nm_system_config_interface_get_unmanaged_specs (config=0x9ad6c90)
    at nm-system-config-interface.c:146
#10 0x080e05d0 in unmanaged_specs_changed (config=0x0, user_data=0x9abad18) at nm-settings.c:491
#11 0x080e3ae0 in nm_settings_new (
---Type <return> to continue, or q <return> to quit---
    config_file=0x9abbe98 "/etc/NetworkManager/NetworkManager.conf", plugins=0x9abbedc, 
    error=0xbfa02de0) at nm-settings.c:1760
#12 0x08063417 in main (argc=1, argv=0xbfa02eb4) at main.c:578
(gdb) 


<aside>
<different bug report>
The larger issue here is that the ifcfg-* system is parsed by many systems, not all of which obey the same conventions.  We know of at least:
bash via /etc/sysconfig/network-scripts/* scripting
NetworkManager via /usr/lib/NetworkManager/libnm-settings-plugin-ifcfg-rh.so

This shows up often in the different syntax required for route-$iface and route6-$iface
</different bug report>
</aside>


The segfault is indicated in /var/log/messages as:


Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> NetworkManager (version 0.9.4-6.git20120521.fc16) is starting...
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> Read config file /etc/NetworkManager/NetworkManager.conf
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> WEXT support is enabled
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> VPN: loaded org.freedesktop.NetworkManager.openvpn
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> VPN: loaded org.freedesktop.NetworkManager.pptp
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> VPN: loaded org.freedesktop.NetworkManager.vpnc
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> VPN: loaded org.freedesktop.NetworkManager.openconnect
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh: Acquired D-Bus service com.redhat.ifcfgrh1
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> Loaded plugin ifcfg-rh: (c) 2007 - 2010 Red Hat, Inc.  To report bugs please use the NetworkManager mailing list.
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <info> Loaded plugin keyfile: (c) 2007 - 2010 Red Hat, Inc.  To report bugs please use the NetworkManager mailing list.
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh: parsing /etc/sysconfig/network-scripts/ifcfg-wlan0 ... 
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <warn> failed to allocate link cache: (-12) Netlink Error (errno = Operation not supported)
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh:     read connection 'System 'acedia' (wlan0)'
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh: parsing /etc/sysconfig/network-scripts/ifcfg-sit1 ... 
Jul 18 13:13:04 mybox.local NetworkManager[20046]: <warn> failed to allocate link cache: (-12) Netlink Error (errno = Operation not supported)
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh:     read connection 'System sit1'
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh: Ignoring connection 'System sit1' and its device due to NM_CONTROLLED/BRIDGE/VLAN.
Jul 18 13:13:04 mybox.local NetworkManager[20046]:    ifcfg-rh: parsing /etc/sysconfig/network-scripts/ifcfg-em1 ... 
Jul 18 13:13:04 mybox.local kernel: [103967.305467] NetworkManager[20046]: segfault at 9b12000 ip 46fbbd93 sp bfa02738 error 4 in libc-2.14.90.so[46f3b000+1a7000]
Comment 1 Wendell Baker 2012-07-18 16:46:48 EDT
Created attachment 598996 [details]
ifcfg-em1 sample that causes a segfault; fixed to not cause the segfault
Comment 2 Jirka Klimes 2012-07-19 08:42:26 EDT
Thanks for reporting the issue!

The crash has been fixed upstream:
974c39fe3e8f0262961a6326577bd87bcd50fb28

However, note that NM's ifcfg-rh plugin doesn't support variables that span across multiple lines. Legacy 'network' service inherently accept them as it is a bunch of bash scripts (and bash support multi-line variables).

Later, we may consider adding support for multi-line variables into ifcfg-rh plugin too.
Comment 3 Fedora End Of Life 2013-01-16 20:39:42 EST
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Fedora End Of Life 2013-02-13 21:51:28 EST
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.