cfexecd segmentation faults

[Andrew Stribblehill]

Using 2.0.2 on Linux.

Symptom: cfexecd, called with no arguments, usually dies with a
segmentation fault. (lastcomm says so!)

To establish the problem, I ran 'cfexecd -gdv' and got output like
this:

============================================================
cfexecd Debug mode: running in foreground
: INFO: /var/lib/cfengine/inputs is a symbolic link, not a true directory!
Directory for /var/lib/cfengine/inputs/update.conf exists. Okay
: INFO: /var/lib/cfengine/bin is a symbolic link, not a true directory!
Directory for /var/lib/cfengine/bin/cfagent exists. Okay
Directory for /var/lib/cfengine/outputs/spooled_reports exists. Okay
GetNameInfo()
WildMatch(-,linux)
WildMatch(-,linux)
WildMatch(sunos,linux)
WildMatch(ultrix,linux)
WildMatch(hp-ux,linux)
WildMatch(hp-ux,linux)
WildMatch(aix,linux)
WildMatch(linux,linux)
WildMatch(*,i686)
WildMatch(*,2.4.18-4smp)
AddClassToHeap(linux)
Appending [linux]
AddClassToHeap(angel)
Appending [angel]
AddClassToHeap(angel)
AddClassToHeap()
AddClassToHeap(angel)
GNU Cfengine server daemon - 
2.0.2
Free Software Foundation 1994-2001
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway

------------------------------------------------------------------------

Host name is: angel
Operating System Type is linux
Operating System Release is 2.4.18-4smp
Architecture = i686


Using internal soft-class linux for host linux

The time is now Fri Jun  7 12:50:34 2002


------------------------------------------------------------------------

AddClassToHeap(32_bit)
Appending [32_bit]
Additional hard class defined as: 32_bit
AddClassToHeap(linux_2_4_18_4smp)
Appending [linux_2_4_18_4smp]
AddClassToHeap(i686)
Appending [i686]
Additional hard class defined as: linux_2_4_18_4smp
AddClassToHeap(linux_i686)
Appending [linux_i686]
Additional hard class defined as: linux_i686
AddClassToHeap(linux_i686_2_4_18_4smp)
Appending [linux_i686_2_4_18_4smp]
Additional hard class defined as: linux_i686_2_4_18_4smp
AddClassToHeap(linux_i686_2_4_18_4smp__1_SMP_Thu_May_2_18_32_34_EDT_2002)
Appending [linux_i686_2_4_18_4smp__1_SMP_Thu_May_2_18_32_34_EDT_2002]
Additional hard class defined as: 
linux_i686_2_4_18_4smp__1_SMP_Thu_May_2_18_32_34_EDT_2002
AddClassToHeap(compiled_on_linux_gnu)
Appending [compiled_on_linux_gnu]

GNU autoconf class from compile time: compiled_on_linux-gnu

Address given by nameserver: 129.234.4.145
GetLock(cfexecd,execd,time=1023450634), ExpireAfter=0, IfElapsed=0
GetLastLock()
CheckOldLock(lock..angel.cfexecd.execd)
Lock lock..angel.cfexecd.execd last ran at Thu Jun  6 16:10:53 2002

angel: Lock lock..angel.cfexecd.execd expired...(after 1239/0 minutes)
Trying to kill expired process, pid 24102
LockLog(Lock expired, process killed)
SetLock(lock..angel.cfexecd.execd)
PutLock(lock..angel.cfexecd.execd)
cfpopen(/var/lib/cfengine/bin/cfagent -z)
Got cfengine SMTP server as (localhost)
Got cfengine sysadm variable (address@hidden)
Got full qualified name (angel.dur.ac.uk)
Got IP (129.234.4.145)
Appending [Min00_05]
Appending [Min15_20]
Appending [Min30_35]
Appending [Min45_50]
cfpclose(pp)
cfpopen - Waiting for process 31890
Sleeping...
AddClassToHeap(Friday)
Appending [Friday]
AddClassToHeap(Hr12)
Appending [Hr12]
AddClassToHeap(Min52)
Appending [Min52]
AddClassToHeap(Min50_55)
Appending [Min50_55]
AddClassToHeap(Q4)
Appending [Q4]
AddClassToHeap(Hr12_Q4)
Appending [Hr12_Q4]
AddClassToHeap(Day7)
Appending [Day7]
AddClassToHeap(June)
Appending [June]
AddClassToHeap(Yr2002)
Appending [Yr2002]
Checking schedule Min00_05...
Checking schedule Min15_20...
Checking schedule Min30_35...
Checking schedule Min45_50...
GetNameInfo()
WildMatch(-,linux)
WildMatch(-,linux)
WildMatch(sunos,linux)
WildMatch(ultrix,linux)
WildMatch(hp-ux,linux)
WildMatch(hp-ux,linux)
WildMatch(aix,linux)
WildMatch(linux,linux)
WildMatch(*,i686)
WildMatch(*,2.4.18-4smp)
AddClassToHeap(linux)
Appending [linux]
AddClassToHeap(angel)
Segmentation fault
============================================================
The following patch fixes it, apparently:

============================================================
--- cfengine2-2.0.2.orig/src/cfexecd.c
+++ cfengine2-2.0.2/src/cfexecd.c
@@ -492,6 +492,7 @@
    }
 
 DeleteItemList(VHEAP);
+VHEAP = NULL; 
 GetNameInfo();
 return false;
 }
============================================================

However, whilst debugging this as a non-root user, I came across
another segmentation fault, caused by not being able to use the
lock-files. The following is my diff to locks.c:


============================================================
--- cfengine2-2.0.2.orig/src/locks.c
+++ cfengine2-2.0.2/src/locks.c
@@ -107,6 +107,7 @@
    {
    snprintf(OUTPUT,bufsize*2,"Couldn't open lock database %s\n",LOCKDB);
    CfLog(cferror,OUTPUT,"db_open");
+   IGNORELOCK = true;
    return;
    }
  
@@ -227,7 +228,7 @@
         kill(pid,SIGKILL);
         sleep(1);
 
-        if (kill(pid,SIGTERM) == ESRCH)
+        if ((kill(pid,SIGTERM) < 0) && (errno == ESRCH))
            {
            snprintf(OUTPUT,bufsize*2,"Unable to kill expired process %d, 
exiting this time..\n",pid);
            CfLog(cferror,OUTPUT,"");
@@ -429,6 +430,12 @@
 key.size = strlen(name)+1;
 
 InitializeLocks();
+
+if (IGNORELOCK)
+   {
+   return 0;
+   }
+       
  
 if ((errno = DBP->del(DBP,NULL,&key,0)) != 0)
    {
============================================================

The middle hunk is an obvious fix, based on the kill() specs.

The first hunk turns on IGNORELOCK if it can't get access to the lock
database, just as it already sets IGNORELOCK if it can't open the
database.. The third hunk was found to be necessary to protect
against calling DBP->del which gives a segmentation fault if
DBP->open hasn't succeeded. 

I have some more diffs that I hope to persuade you to take; if you're
interested, they are presently at:

http://compsoc.dur.ac.uk/proxy/ads/~ads/debian/cfengine2/cfengine2-2.0.2-2.diff.gz

The trailing -2 may increase at any time.

-- 
SOUTH FITZROY
NORTHWESTERLY 4 OR 5, OCCASIONALLY 6. SHOWERS. GOOD