Dear OpenSLP Team,
We tried using the 64bit Windows v2.0.0 released version and we are experiencing an slpd server crash during registration.
*** Where did we get the OpenSLP v2.0.0?
http://sourceforge.net/projects/openslp/files/2.0.0/2.0.0%20Release/openslp_2.0.0_0_x64.msi/download
*** How to reproduce?
After downloading, change to the installation directory and run the slpd process:
C:\Program Files\OpenSLP>slpd -debug
Debugging Service Location Protocol.
Then run the slptool register command two or three times, as shown below, and you will get the following error (-19):
C:\Minidump\OpenSLP>slptool.exe register service:wbem:http://10.26.103.24:5988 "(template-type=wbem),(template-version=1.0),(template-description=This templatedescribes the attributes used for advertising WBEM Servers),(template-url-syntax=http://10.26.103.24:5988),(service-hi-name=EMC CIM Server),(service-hi-description=EMC CIM Server Version 9.9.0.0.0.0D-Bronze),(service-id=EMC:10.26.103.24),(CommunicationMechanism=cim-xml),(InteropSchemaNamespace=interop),(ProtocolVersion=1.0),(FunctionalProfilesSupported=Basic Read,Basic Write,Instance Manipulation,Association Traversal,Query Execution,Indications,Pulled Read,Pulled Read Count,Pulled Query Execution),(FunctionalProfileDescriptions=\"Basic Read\",\"Basic Write\",\"Instance Manipulation\",\"Association Traversal\",\"Query Execution\",\"Indications\",\"Pulled Read\",\"Pulled Read Count\",\"Pulled Query Execution\"),(MultipleOperationsSupported=true),(AuthenticationMechanismsSupported=Basic),(AuthenticationMechanismDescriptions=\"Basic\"),(Namespace=root/emc,root/qe5,root/emc/navisphere,root/emc/ecom,root/emc/vmware,interop),(RegisteredProfilesSupported=SNIA:Server)"
C:\Minidump\OpenSLP>slptool.exe register service:wbem:http://10.26.103.24:5988 "(template-type=wbem),(template-version=1.0),(template-description=This templatedescribes the attributes used for advertising WBEM Servers),(template-url-syntax=http://10.26.103.24:5988),(service-hi-name=EMC CIM Server),(service-hi-description=EMC CIM Server Version 9.9.0.0.0.0D-Bronze),(service-id=EMC:10.26.103.24),(CommunicationMechanism=cim-xml),(InteropSchemaNamespace=interop),(ProtocolVersion=1.0),(FunctionalProfilesSupported=Basic Read,Basic Write,Instance Manipulation,Association Traversal,Query Execution,Indications,Pulled Read,Pulled Read Count,Pulled Query Execution),(FunctionalProfileDescriptions=\"Basic Read\",\"Basic Write\",\"Instance Manipulation\",\"Association Traversal\",\"Query Execution\",\"Indications\",\"Pulled Read\",\"Pulled Read Count\",\"Pulled Query Execution\"),(MultipleOperationsSupported=true),(AuthenticationMechanismsSupported=Basic),(AuthenticationMechanismDescriptions=\"Basic\"),(Namespace=root/emc,root/qe5,root/emc/navisphere,root/emc/ecom,root/emc/vmware,interop),(RegisteredProfilesSupported=SNIA:Server)"
errorcode: -19
After we get the above error, if we wait a few seconds and go back to the window that is running the slpd process, we find that the process is no longer running because it has crashed.
*** What is our hypothesis?
We debugged the OpenSLP code, and the crash seems to be related to a memory alignment code located on file "openslp-2.0.0\libslpattr\libslpattr.c", which is causing a buffer overflow. There is a piece of code that allocates a chunk of memory that will be used to store aligned attribute data and will be populated some lines further down the code:
/***** Allocate space for the values. *****/
block_size = (val_count * sizeof(value_t)) /* Size of each value */
+ unescaped_len /* The size of the unescaped data. */
#if 1 /* Jim Meyer's byte allignment code */
+ val_count * (sizeof(long) - 1); /* Padding */
#endif
mem_block = (char *) malloc(block_size);
At some point down on that same file, the code starts to store attribute data on this chunk of memory, and it uses the following routine to calculate the position that next attribute should be put respecting the alignment:
#if 1 /* Jim Meyer's byte allignment code */
/******************************************************************************
*
* Fix memory alignment
*
*****************************************************************************/
static char * fix_memory_alignment(char * p)
{
intptr_t address = (intptr_t)p;
address = (address + sizeof(intptr_t) - 1) & ~(sizeof(intptr_t) - 1);
return (char *)address;
}
#endif
The problem is that this routine calculates the alignment based on type "intptr_t", which has a size of 8 bytes when building for 64 bits. However, the code that allocates the memory uses "long" (above), which has a size of 4 bytes, to calculate the number of bytes used for padding, and so the buffer overflow occurs and the process crashes. We did attempt to fix this by changing sizeof(long)to sizeof(intptr_t) on the above code. By making this change the crash is gone, but registration still doesn't work. Are there are more issues to be fixed in OpenSLP release 2.0.0 regarding 64bits?
Note: for 32bits everything works fine.
Please let us know if you need anything further. We appreciate any assistance you can provide.
Sincerely,
--Tony.
|
