From: SourceForge.net <no...@so...> - 2008-09-26 18:22:08
|
Bugs item #2093743, was opened at 2008-09-04 16:11 Message generated for change (Settings changed) made by buccella You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=712784&aid=2093743&group_id=128809 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 7 Private: No Submitted By: Nicholas Bofferding (bofferdn) >Assigned to: Sean Swehla (smswehla) Summary: Data pointed to by cimomConfig pointers becomes invalid Initial Comment: I have SFCB/SFCC compiled and running as follows: sfcc v2.0.3 + * Tracker 1946188 sfcb v1.2.5 + * Tracker 1945374 * Tracker 1983569 * Tracker 1998030 * Tracker 2015639 * Tracker 2023638 * Tracker 2039216 * Tracker 2093273 * Tracker 1945390 * Tracker 1893302 * Tracker 1983569 * Tracker 1914551 * Tracker 1891702 * Tracker 1946202 sfcb configuration options: --enable-slp --enable-ssl --enable-slp-hostname-lib running with following export (to enable localconnect interface for SLP registration: export SFCC_CLIENT=SfcbLocal In the following function (slpAgent), the code creates a "cimomConfig" structure, calls "setupControl" to populate config file parameters/values in memory, the copies pointers to various parameters into the "cimomConfig" structure. At this point, the pointers point to valid data. // cimslp.c int slpAgent() { ... cimomConfig cfgHttp, cfgHttps; ... setupControl(configfile); setUpDefaults(&cfgHttp); setUpDefaults(&cfgHttps); ... if(enableHttp) forkSLPAgent(cfgHttp, slpLifeTime, sleepTime); if(enableHttps) forkSLPAgent(cfgHttps, slpLifeTime, sleepTime); _SFCB_RETURN(0); } Now, later in the code, two different locations call "sunsetControl" that I have found (after also calling setupControl again). When these two routines call "sunsetControl" (marked with @TAG), the previously allocated config file data gets reclaimed, and thus the cimomConfig structure pointers point to invalid memory (and the code definitely reuses those parameters later on). It should be noted that this instance of SFCB was running with the --enable-slp-hostname-lib options which compiles in the offending code in cimslpCMPI.c. SFCB is also running with SLP registration thread using the localconnect interface. This also adds a call to sunsetControl in cimcClientSfcbLocal.c (normally, both of these paths are turned off). // cimslpCMPI.c cimSLPService getSLPData(cimomConfig cfg) { CMCIClient *cc; CMPIInstance **ci; CMPIStatus status; CMPIConstClass *ccls; cimSLPService rs; //service which is going to be returned to the calling function char *sn; if(cfg.keyFile != NULL) { printf("111 cfg.keyFile: %s\n",cfg.keyFile); } #ifdef SLP_HOSTNAME_LIB static void *hostnameLib=NULL; static getSlpHostname gethostname=NULL; //@NEBC set to NULL char *ln = NULL; //@NEBC set to NULL char dlName[512] = {0}; //@NEBC int err = 0; //@NEBC set to 0 err = 1; setupControl(configfile); if (getControlChars("slpHostnamelib", &ln) == 0) { printf("SLP hostname lib = %s\n",ln); libraryName(NULL,ln,dlName); if ((hostnameLib = dlopen(dlName, RTLD_LAZY))) { gethostname = dlsym(hostnameLib, "_sfcGetSlpHostname"); if (gethostname) err = 0; } } sunsetControl(); //@TAG ... } // cimcClientSfcbLocal.c 1521 int localConnect(ClientEnv* ce, CMPIStatus *st) 1522 { 1523 static struct sockaddr_un serverAddr; 1524 int sock,rc,sfcbSocket; 1525 void *idData; 1526 unsigned long int l; 1527 char *user; 1528 static char *socketName=NULL; 1529 1530 1531 struct _msg { 1532 unsigned int size; 1533 char oper; 1534 pid_t pid; 1535 char id[64]; 1536 } msg; 1537 1538 if ((sock=socket(PF_UNIX, SOCK_STREAM, 0))<0) { 1539 return -1; 1540 if (st) { 1541 st->rc=CMPI_RC_ERR_FAILED; 1542 st->msg=ce->ft->newString(ce,strerror(errno),NULL); 1543 } 1544 return -1; 1545 } 1546 1547 if (socketName==NULL) { 1548 setupControl(NULL); 1549 rc=getControlChars("localSocketPath", &socketName); 1550 sunsetControl(); //@TAG 1551 if (rc) { 1552 fprintf(stderr,"--- Failed to open sfcb local socket (%d)\n",rc); 1553 return -2; 1554 } 1555 } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=712784&aid=2093743&group_id=128809 |