Project

General

Profile

Bug #5681

Bug #5712: Defining long classes (about > 2064 char) in CFEngine causes segfault

Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generation

Added by Fabrice FLORE-THÉBAULT almost 5 years ago. Updated over 4 years ago.

Status:
Released
Priority:
2
Category:
-
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Using a Directive based on a "SSH keys distribution" 2.0 Technique.

I add 13 keys, that's a 13 lines, 5131 bytes file.

Option: flush the authorized keys file before updating : yes

Policy generation fails with following error:

⇨ cf-promise check fails for promises generated at '/var/rudder/share/3026aaf6-dd31-4d07-80b1-a810c8e250a4.new/rules/cfengine-community'
⇨ expand.c:287: ProgrammingError: ExpandAndMapIteratorsFromScalar called with invalid strlen

Related issues

Related to Rudder - Bug #5561: "sshKeyDistribution" Technique keeps adding the same keys for everReleased2014-09-20Actions

Associated revisions

Revision 57907a54 (diff)
Added by Nicolas CHARLES almost 5 years ago

Fixes #5681: change class definition in ssh_key_distribution to prevent segfault

Revision c6364042
Added by Jonathan CLARKE almost 5 years ago

Merge pull request #552 from ncharles/bug_5681/dev/change_class_condition

Fixes #5681: change class definition in ssh_key_distribution to prevent ...

History

#1

Updated by Fabrice FLORE-THÉBAULT almost 5 years ago

I have another issue with the same technique, maybe it is related so i add it here:

I have setup a directive with 2 keys for an user, with option: flush the authorized keys file before updating : yes

After a run i can onserve following :

  • The directive is "repaired".
  • In the .ssh/authorized_keys i observe:
  1. the first key is duplicated after each run, until i have 3 times te line with the first key;
  2. the second keys is prepended by spaces.
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
                ssh-rsa BBBBBB bbbbbb
#2

Updated by Fabrice FLORE-THÉBAULT almost 5 years ago

NB: With option "Do you want to flush the authorized keys file before updating: No", then the first key is duplicated ad nauseam.

#3

Updated by Fabrice FLORE-THÉBAULT almost 5 years ago

Maybe important: in this directive, i have 3 ssh keys, and the impacted key item is "SSH key #3". This makes situation similar to #5561.

#4

Updated by Fabrice FLORE-THÉBAULT almost 5 years ago

Update: the fact that key is "SSH key #3" is important. If i break the ssh-key directive into 3 different directives, then the duplication of the key disappears.

#5

Updated by Matthieu CERDA almost 5 years ago

  • Status changed from New to Discussion
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 2

Hello Fabrice.

The second issue looks indeed like a dupe of http://www.rudder-project.org/redmine/issues/5561, but it should not happen on CFE 3.5...

Do you have the latest 2.10 Techniques ?

#6

Updated by Nicolas CHARLES almost 5 years ago

I can definitively reproduce the issue
If the key is too long ( roughly around the 1K length, then the class definition segfault)
We need to update the technique to not use such long classes

#7

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/552
#8

Updated by Nicolas CHARLES almost 5 years ago

  • Project changed from Rudder to Techniques
  • Category deleted (Techniques)
#9

Updated by Nicolas CHARLES almost 5 years ago

  • Parent task set to #5712
#10

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset commit:57907a5427f621e6194fe0a6f278d637b5af1f39.

#11

Updated by Jonathan CLARKE almost 5 years ago

Applied in changeset commit:c636404292c6a974798778f7eb940939482bb07a.

#12

Updated by Vincent MEMBRÉ almost 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.7 and 2.11.4, which were released today.

Also available in: Atom PDF