Project

General

Profile

Actions

Bug #5681

closed

Bug #5712: Defining long classes (about > 2064 char) in CFEngine causes segfault

Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generation

Added by Fabrice FLORE-THÉBAULT about 10 years ago. Updated over 9 years ago.

Status:
Released
Priority:
2
Assignee:
Jonathan CLARKE
Category:
-
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Using a Directive based on a "SSH keys distribution" 2.0 Technique.

I add 13 keys, that's a 13 lines, 5131 bytes file.

Option: flush the authorized keys file before updating : yes

Policy generation fails with following error:

⇨ cf-promise check fails for promises generated at '/var/rudder/share/3026aaf6-dd31-4d07-80b1-a810c8e250a4.new/rules/cfengine-community'
⇨ expand.c:287: ProgrammingError: ExpandAndMapIteratorsFromScalar called with invalid strlen

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #5561: "sshKeyDistribution" Technique keeps adding the same keys for everReleasedJonathan CLARKE2014-09-20Actions
Actions #1

Updated by Fabrice FLORE-THÉBAULT about 10 years ago

I have another issue with the same technique, maybe it is related so i add it here:

I have setup a directive with 2 keys for an user, with option: flush the authorized keys file before updating : yes

After a run i can onserve following :

  • The directive is "repaired".
  • In the .ssh/authorized_keys i observe:
  1. the first key is duplicated after each run, until i have 3 times te line with the first key;
  2. the second keys is prepended by spaces.
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
                ssh-rsa BBBBBB bbbbbb
Actions #2

Updated by Fabrice FLORE-THÉBAULT about 10 years ago

NB: With option "Do you want to flush the authorized keys file before updating: No", then the first key is duplicated ad nauseam.

Actions #3

Updated by Fabrice FLORE-THÉBAULT about 10 years ago

Maybe important: in this directive, i have 3 ssh keys, and the impacted key item is "SSH key #3". This makes situation similar to #5561.

Actions #4

Updated by Fabrice FLORE-THÉBAULT about 10 years ago

Update: the fact that key is "SSH key #3" is important. If i break the ssh-key directive into 3 different directives, then the duplication of the key disappears.

Actions #5

Updated by Matthieu CERDA about 10 years ago

  • Status changed from New to Discussion
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 2

Hello Fabrice.

The second issue looks indeed like a dupe of http://www.rudder-project.org/redmine/issues/5561, but it should not happen on CFE 3.5...

Do you have the latest 2.10 Techniques ?

Actions #6

Updated by Nicolas CHARLES about 10 years ago

I can definitively reproduce the issue
If the key is too long ( roughly around the 1K length, then the class definition segfault)
We need to update the technique to not use such long classes

Actions #7

Updated by Nicolas CHARLES about 10 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/552
Actions #8

Updated by Nicolas CHARLES about 10 years ago

  • Project changed from Rudder to 24
  • Category deleted (Techniques)
Actions #9

Updated by Nicolas CHARLES about 10 years ago

  • Parent task set to #5712
Actions #10

Updated by Nicolas CHARLES about 10 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset commit:57907a5427f621e6194fe0a6f278d637b5af1f39.

Actions #11

Updated by Jonathan CLARKE about 10 years ago

Applied in changeset commit:c636404292c6a974798778f7eb940939482bb07a.

Actions #12

Updated by Vincent MEMBRÉ about 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.7 and 2.11.4, which were released today.

Actions

Also available in: Atom PDF