Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Race condition in agent/snmpd.c #157

Closed
Xitsa opened this issue Aug 7, 2020 · 3 comments
Closed

Race condition in agent/snmpd.c #157

Xitsa opened this issue Aug 7, 2020 · 3 comments

Comments

@Xitsa
Copy link

Xitsa commented Aug 7, 2020

When snmpd is creating a pid file, code uses a sequence open()/fdopen()/fclose()/close(), but close() is unnecessary when fclose() was successful : fdopen: .... The file descriptor is not dup'ed, and will be closed when the stream created by fdopen() is closed.
And if one has an active thread, that tries to open socket/file, it could obtain after call to fclose() the same fd, that will be closed by close().

Main thread:                                                               ZeroMQ I/O thread:
fd = open(pid_file, O_CREAT | O_EXCL | O_WRONLY, 0600); //fd == 2
PID = fdopen(fd, "w");
fclose(PID);
                                                                           fd_ = socket(...); //fd_ == 22
close(fd);
                                                                           int rc = epoll_ctl (_epoll_fd, EPOLL_CTL_ADD, fd_, &pe->ev); //rc = -1
                                                                           if (rc == -1) abort();

In my case I/O thread of zeromq called abort() when had encountered this situation.
@bvanassche
Copy link
Contributor

Thank you for having reported this. A candidate fix has been posted on the net-snmp-coders mailing list and also has been attached to this comment. Please help testing and/or upvoting this patch.
patch.zip

@Xitsa
Copy link
Author

Xitsa commented Aug 10, 2020

The fix amends the problem.

bvanassche added a commit that referenced this issue Aug 14, 2020
@bvanassche
snmpd: Call fclose() after fdopen() but not close()
26c1d4f 
From https://pubs.opengroup.org/onlinepubs/9699919799/functions/fclose.html:
"The fclose() function shall perform the equivalent of a close() on the file
descriptor that is associated with the stream pointed to by stream."

Hence call fclose() but not close() if fdopen() succeeded.

See also #157 .

Fixes: fd9a42d ("- (pass-persist.c pass-persist.h): moved to pass_persist.[ch].")
Fixes: a36188e ("Patch #760417 from Bob Rowlands/Sun for fixing Bug #751920")
@bvanassche
Copy link
Contributor

A fix has been applied on the v5.9 and master branches. See also commit 26c1d4f.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bvanassche @Xitsa