Skip Menu |
 

This queue is for tickets about the Sys-Syslog CPAN distribution.

Report information
The Basics
Id: 56826
Status: resolved
Priority: 0/
Queue: Sys-Syslog

People
Owner: Nobody in particular
Requestors: jaekel [...] strato-rz.de
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: 0.28



Subject: memory patcher and core dumps when closelog() is called twice
Date: Thu, 22 Apr 2010 18:10:04 +0200
To: bug-Sys-Syslog [...] rt.cpan.org
From: Andreas Jaekel <jaekel [...] strato-rz.de>
Download (untitled) / with headers
text/plain 2.2k
Hello! I'd like to report a bug in Sys::Syslog, and submit a proposed fix. Module: Sys::Syslog Version: 0.27 Perl-Version: perl-5.10.1 OS: Sun Solaris 10, but that probably does not matter. The problem: When the used protocol is "native", closelog() has a C-part and a perl part. Neither protects against a memory corruption bug that triggers if closelog() is called twice. The C part (or XS part) reduces a ref count of an internal scalar value, but doesn't invalidate the pointer. If it's called again, it reduces the reference count of whatever happens to be where it's internal scalar used to live. As perl re-uses these structures, something is bound to be there, and perl's internal state will be corrupted. A demo perl source is attached to this mail to demonstrate the problem. The fix: This can be fixed in the perl source, or in the XS source. The patch attachted to this mail does both. In the perl source, disconnect_log() is patched so that closelog_xs() will only be called once, but the "native" protocol is pushed back into @fallbackMethods so that it is available for next time. In the XS source, the reference count it checked to see whether it'll drop to zero. If so, ident_svptr will be set to NULL. If closelog_xs() is called again, without an openlog_xs() in between, it'll see that ident_svptr is NULL and return without harming any innocent perl variables. I had all kinds and flavors of perl errors in my log files because of this. Variables suddenly became undefined, Hashes transformed to "UNKNOWN"s, modules miracolously "lost" functions, core files showed free()s on non-acclocated memory and so on. Quite a bit of fun :) I hope this was helpful and I'd appreciate feedback. If there's anything you need that's not included in this mail, please tell me. Regards, Andy -- --------------------------------------------- Telefon: +49 (30) 39 802 520 Telefax: +49 (30) 39 802 165 Mail: jaekel@strato-rz.de --------------------------------------------- Strato Rechenzentrum AG Pascalstraße 10 10587 Berlin --------------------------------------------- Vorsitzender des Aufsichtsrates: Axel Krieger Vorstand: Damian Schmidt (Vorsitz), Silvia Beßlich, Christoph Steffens, René Wienholtz Amtsgericht Berlin-Charlottenburg HRB 79450
Download closelog_demo.pl
text/x-perl 241b

Message body is not shown because sender requested not to inline it.

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #56826] memory patcher and core dumps when closelog() is called twice
Date: Sun, 17 Apr 2011 09:50:47 +0200
To: bug-Sys-Syslog [...] rt.cpan.org
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
Download (untitled) / with headers
text/plain 1.3k
Andreas Jaekel wrote via RT: Show quoted text
> Hello!
Hello Andreas, Sorry for the long delay. Show quoted text
> I'd like to report a bug in Sys::Syslog, and submit a proposed fix. > > [...] > > When the used protocol is "native", closelog() has a C-part > and a perl part. Neither protects against a memory > corruption bug that triggers if closelog() is called twice. > > [... very useful and detailed report ...] > > I had all kinds and flavors of perl errors in my log files > because of this. Variables suddenly became undefined, > Hashes transformed to "UNKNOWN"s, modules > miracolously "lost" functions, core files showed free()s > on non-acclocated memory and so on. Quite a > bit of fun :) > > I hope this was helpful and I'd appreciate feedback. > If there's anything you need that's not included in > this mail, please tell me.
Thank you very much for your detailed report, this is much appreciated. I guess you had to spend quite some time to find this issue, and I apologise again for being so long before answering. I transformed your example into a test script in order to avoid further regression. I saw that syslog() has to be called at least once for the bug to occur. Your patch has been applied, and is now released as of Sys::Syslog 0.28, sponsored by the Perl QA Hackathon 2011 in Amsterdam. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
Subject: Re: [rt.cpan.org #56826] memory patcher and core dumps when closelog() is called twice
Date: Mon, 18 Apr 2011 11:12:49 +0200
To: bug-Sys-Syslog [...] rt.cpan.org
From: Andreas Jaekel <jaekel [...] strato-rz.de>
Thanks for the feedback! And thanks for fixing this in the release branch. :) On 4/17/2011 9:50 AM, Sébastien Aperghis-Tramoni via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=56826> > > Andreas Jaekel wrote via RT: > >
>> Hello! >>
> Hello Andreas, > > Sorry for the long delay. > >
>> I'd like to report a bug in Sys::Syslog, and submit a proposed fix. >> >> [...] >> >> When the used protocol is "native", closelog() has a C-part >> and a perl part. Neither protects against a memory >> corruption bug that triggers if closelog() is called twice. >> >> [... very useful and detailed report ...] >> >> I had all kinds and flavors of perl errors in my log files >> because of this. Variables suddenly became undefined, >> Hashes transformed to "UNKNOWN"s, modules >> miracolously "lost" functions, core files showed free()s >> on non-acclocated memory and so on. Quite a >> bit of fun :) >> >> I hope this was helpful and I'd appreciate feedback. >> If there's anything you need that's not included in >> this mail, please tell me. >>
> Thank you very much for your detailed report, this is much > appreciated. I guess you had to spend quite some time to find this > issue, and I apologise again for being so long before answering. > > I transformed your example into a test script in order to avoid > further regression. I saw that syslog() has to be called at least > once for the bug to occur. > > Your patch has been applied, and is now released as of Sys::Syslog > 0.28, sponsored by the Perl QA Hackathon 2011 in Amsterdam. > > >
-- ----------------------------------------------- Telefon: + 49 (0)30 - 398 02 520 Telefax: + 49 (0)30 - 398 02 165 E-Mail: jaekel@strato-rz.de Website: http://www.strato.de ----------------------------------------------- Strato AG Pascalstraße 10 10587 Berlin ----------------------------------------------- Vorsitzender des Aufsichtsrates: Dirk Backofen Vorstand: Damian Schmidt (Vorsitz), Julien Ardisson, Christian Müller, Christoph Steffens, René Wienholtz Amtsgericht Berlin-Charlottenburg HRB 79450


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.