Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd-236: systemd-networkd segfaults on some iproute2 rules #7704

Closed
lierdakil opened this issue Dec 19, 2017 · 2 comments
Closed

systemd-236: systemd-networkd segfaults on some iproute2 rules #7704

lierdakil opened this issue Dec 19, 2017 · 2 comments
Labels
network regression ⚠️ A bug in something that used to work correctly and broke through some recent commit

Comments

@lierdakil
Copy link

lierdakil commented Dec 19, 2017
edited

Submission type

  • Bug report

systemd version the issue has been seen with

236

Used distribution

Gentoo

In case of bug report: Expected behaviour you didn't see

systemd-networkd doesn't segfault

In case of bug report: Unexpected behaviour you saw

it segfaults

In case of bug report: Steps to reproduce the problem

run ip rule add from 192.0.2.0/24 table main
(note: 192.0.2.0/24 is chosen to be an RFC example network for the sake of being an example, precise value doesn't matter)

Backtrace:

Core was generated by `/lib/systemd/systemd-networkd'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007ff1375c6df6 in ?? () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ff1375c6df6 in ?? () from /lib64/libc.so.6
#1  0x0000560be355624b in routing_policy_rule_hash_func (b=0x560be3b4f4e0, 
    state=0x7fffef930f50) at ../systemd-236/src/network/networkd-routing-policy-rule.c:96
#2  0x00007ff137ba8467 in base_bucket_hash (h=h@entry=0x560be3b43490, 
    p=p@entry=0x560be3b4f4e0) at ../systemd-236/src/basic/hashmap.c:346
#3  0x00007ff137ba9fe8 in set_put (s=0x560be3b43490, key=key@entry=0x560be3b4f4e0)
    at ../systemd-236/src/basic/hashmap.c:1247
#4  0x0000560be35564fc in routing_policy_rule_add_internal (rules=rules@entry=0x560be3b41cb0, 
    family=2, from=from@entry=0x7fffef9310d0, from_prefixlen=<optimized out>, 
    to=to@entry=0x7fffef9310c0, to_prefixlen=<optimized out>, tos=0 '\000', fwmark=0, 
    table=101, iif=0xc8 <error: Cannot access memory at address 0xc8>, 
    oif=0x7fffef931140 "\240\375\266\343\vV", ret=0x7fffef9310a8)
    at ../systemd-236/src/network/networkd-routing-policy-rule.c:276
#5  0x0000560be355695c in routing_policy_rule_add_foreign (m=m@entry=0x560be3b41b80, 
    family=<optimized out>, from=from@entry=0x7fffef9310d0, from_prefixlen=<optimized out>, 
    to=to@entry=0x7fffef9310c0, to_prefixlen=<optimized out>, tos=<optimized out>, fwmark=0, 
    table=101, iif=0xc8 <error: Cannot access memory at address 0xc8>, 
    oif=0x7fffef931140 "\240\375\266\343\vV", ret=0x7fffef9310a8)
    at ../systemd-236/src/network/networkd-routing-policy-rule.c:316
#6  0x0000560be354bad2 in manager_rtnl_process_rule (rtnl=<optimized out>, 
    message=message@entry=0x560be3b793b0, userdata=userdata@entry=0x560be3b41b80)
    at ../systemd-236/src/network/networkd-manager.c:821
#7  0x0000560be354db32 in manager_rtnl_enumerate_rules (m=0x560be3b41b80)
    at ../systemd-236/src/network/networkd-manager.c:1450
#8  0x0000560be3549646 in main (argc=<optimized out>, argv=<optimized out>)
    at ../systemd-236/src/network/networkd.c:136

UPD:
Probably related: #7223. Although I notice that iif and oif which are supposed to be char* are basically garbage (oif at least points somewhere, but it doesn't look like an interface name by any stretch) -- so the problem is probably deeper.

UPD2:
Nope, was wrong about OpenVPN being responsible. Something to do with iproute2.

UPD3:
Okay, so it's actually iproute2 rules like this: ip rule add from 192.0.2.0/24 table main that crash networkd. I'll update OP and title.

UPD4:
Now that I think about it, I believe the problem is sd_netlink_message_read_string can fail, so both iif and oif can be uninitialized. I hope I don't need to explain why that is not good. Initializing those with NULL and handling null pointer down the line might be a solution.
@lierdakil lierdakil changed the title systemd-236: systemd-networkd segfaults when it sees openvpn interfaces systemd-236: systemd-networkd segfaults on some iproute2 rules Dec 19, 2017
@yuwata yuwata added the network label Dec 19, 2017
yuwata added a commit to yuwata/systemd that referenced this issue Dec 19, 2017
@yuwata
netowkrd: initialize variables
735b557 
Before this, in manager_rtnl_process_rule(), iif and oif are not
initialized. However, message may not contain FRA_IIFNAME or
FRA_IIFNAME. Thus, uninitialized values are set to RoutingPolicyRule
and causes segfault.
This makes iif and oif be initialized as NULL.

Fixes systemd#7704.
@yuwata yuwata mentioned this issue Dec 19, 2017
Closed
@yuwata yuwata added has-pr regression ⚠️ A bug in something that used to work correctly and broke through some recent commit labels Dec 19, 2017
@yuwata
Copy link
Member

yuwata commented Dec 19, 2017

I've created PR #7706. Please take a look.

@lierdakil lierdakil mentioned this issue Dec 19, 2017
Closed
ssahani pushed a commit to ssahani/systemd that referenced this issue Dec 20, 2017
Fix systemd#7704 and systemd#7708.
f641d54 
Init rule valiable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
ssahani pushed a commit to ssahani/systemd that referenced this issue Dec 20, 2017
Fix systemd#7704 and systemd#7708.
d88bc78 
Init rule valiable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
ssahani pushed a commit to ssahani/systemd that referenced this issue Dec 20, 2017
Fix systemd#7704 and systemd#7708.
a727e1f 
Init rule variable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
ssahani pushed a commit to ssahani/systemd that referenced this issue Dec 20, 2017
Fix systemd#7704 and systemd#7708.
15a22bd 
Init rule variable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
@yuwata
Copy link
Member

yuwata commented Dec 21, 2017

Fix is waiting in #7712.

ssahani pushed a commit to ssahani/systemd that referenced this issue Dec 21, 2017
Fix systemd#7704 and systemd#7708.
6b5598b 
Init rule variable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
@yuwata yuwata closed this as completed in 36e6e28 Dec 21, 2017
floppym pushed a commit to gentoo/systemd that referenced this issue Dec 28, 2017
@ssahani @floppym
Fix systemd#7704 and systemd#7708. (systemd#7712)
8cb9af7 
Init rule variable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.
@yuwata yuwata mentioned this issue Dec 30, 2017
Closed
floppym pushed a commit to gentoo/systemd that referenced this issue Jan 13, 2018
@ssahani @keszybz
Fix systemd#7704 and systemd#7708. (systemd#7712)
85baa08 
Init rule variable iif oif and to, from

While foreign rules are added the network part is not attached.
attach manager to rules and use it in routing_policy_rule_free.

(cherry picked from commit 36e6e28)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
network regression ⚠️ A bug in something that used to work correctly and broke through some recent commit
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lierdakil @yuwata