This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/11387] New: glibc core dump in getaddrs() while new interfaces being added

From: "xma at us dot ibm dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 16 Mar 2010 15:52:46 -0000
Subject: [Bug libc/11387] New: glibc core dump in getaddrs() while new interfaces being added
Reply-to: sourceware-bugzilla at sourceware dot org

In ifaddrs.c, there are two messages to get RTM_NEWLINK and RTM_NEWADDR. These
two new messages are not atomic operation. getifaddrs() assumed every interface
index being achieved from RTM_GETADDR should be part of RTM_GETLINK, otherwise,
it calls abort(). Here is the source code for map_newlink()

/* We know the number of RTM_NEWLINK entries, so we reserve the first
   # of entries for this type. All RTM_NEWADDR entries have an index
   pointer to the RTM_NEWLINK entry.  To find the entry, create
   a table to map kernel index entries to our index numbers.
   Since we get at first all RTM_NEWLINK entries, it can never happen
   that a RTM_NEWADDR index is not known to this map.  */
static int
internal_function
map_newlink (int index, struct ifaddrs_storage *ifas, int *map, int max)
{
  int i;

  for (i = 0; i < max; i++)
    {
      if (map[i] == -1)
        {
          map[i] = index;
          if (i > 0)
            ifas[i - 1].ifa.ifa_next = &ifas[i].ifa;
          return i;
        }
      else if (map[i] == index)
        return i;
    }
  /* This should never be reached. If this will be reached, we have
     a very big problem.  */
  abort ();
}

When a new interface is added (like vlan, bonding...) which happens between
RTM_GETLINK and RTM_GETADDR, then it will cause coredump.

The simple fix could return EAGAIN or EBUSY when this happens, let caller to try
again. The complicated fix could have kernel to support dump RTM_GETADDR &
RTM_GETLINK in one message.

This bug is found in glibc 2.4. It also exists in current git tree.

-- 
           Summary: glibc core dump in getaddrs() while new interfaces being
                    added
           Product: glibc
           Version: 2.4
            Status: NEW
          Severity: normal
          Priority: P1
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: xma at us dot ibm dot com
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=11387

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]