New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dird: fix tls reload crash #1249
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pstorz
force-pushed
the
dev/pstorz/fix-tls-reload-crash
branch
3 times, most recently
from
September 7, 2022 09:27
ca26496
to
c209bd0
Compare
pstorz
force-pushed
the
dev/pstorz/fix-tls-reload-crash
branch
from
September 8, 2022 08:17
c209bd0
to
2a89cec
Compare
pstorz
requested review from
arogge
and removed request for
alaaeddineelamri
September 12, 2022 08:24
arogge
reviewed
Sep 12, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good, I just have some stylistic comments.
pstorz
force-pushed
the
dev/pstorz/fix-tls-reload-crash
branch
3 times, most recently
from
September 19, 2022 10:19
816ddfc
to
4cde69a
Compare
pstorz
force-pushed
the
dev/pstorz/fix-tls-reload-crash
branch
2 times, most recently
from
September 30, 2022 14:53
f51ca98
to
b45cd76
Compare
This avoids freeing the resource table while the tls psk callback still needs to access it.
previously my_config was destroyed before the backups of the resource table. As the dtor if the resource tables needs the configparser this lead to a use-after-free.
the recently added functions BackupResourceTable(), RestoreResourceTable() and GetResourceTable() turned out to be badly named as they handle a shared_ptr<ConfigResourcesContainer> and there already is a type named ResourceTable. This commit renames the functions to BackupResourcesContainer(), RestoreResourcesContainer() and GetResoucesContainer().
arogge
force-pushed
the
dev/pstorz/fix-tls-reload-crash
branch
from
October 7, 2022 08:59
b45cd76
to
e6a180c
Compare
arogge
approved these changes
Oct 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The director reload logic was not aware of the fact that the tls-psk mechanism's callback also accesses the configuration resources.
The tls_openssl_private objects now also have a shared_ptr to the configuration resources to make sure that these are not freed between the tls-psk callback is setup and the callback is really called.
The following patch can be used to trigger the problem when built with sanitizers:
kill -HUP $(pidof bareos_dir-reload)
Please check
If you have any questions or problems, please give a comment in the PR.
Helpful documentation and best practices
Checklist for the reviewer of the PR (will be processed by the Bareos team)
General
Source code quality
bareos-check-sources --since-merge
does not report any problemsgit status
should not report modifications in the source tree after building and testing