Bug #5712: Defining long classes (about > 2064 char) in CFEngine causes segfault
Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generation
Using a Directive based on a "SSH keys distribution" 2.0 Technique.
I add 13 keys, that's a 13 lines, 5131 bytes file.
Option: flush the authorized keys file before updating : yes
Policy generation fails with following error:
⇨ cf-promise check fails for promises generated at '/var/rudder/share/3026aaf6-dd31-4d07-80b1-a810c8e250a4.new/rules/cfengine-community' ⇨ expand.c:287: ProgrammingError: ExpandAndMapIteratorsFromScalar called with invalid strlen
Fixes #5681: change class definition in ssh_key_distribution to prevent segfault
Updated by Fabrice FLORE-THÉBAULT over 4 years ago
I have another issue with the same technique, maybe it is related so i add it here:
I have setup a directive with 2 keys for an user, with option: flush the authorized keys file before updating : yes
After a run i can onserve following :
- The directive is "repaired".
- In the .ssh/authorized_keys i observe:
- the first key is duplicated after each run, until i have 3 times te line with the first key;
- the second keys is prepended by spaces.
ssh-rsa AAAAAA aaaaaa ssh-rsa AAAAAA aaaaaa ssh-rsa AAAAAA aaaaaa ssh-rsa BBBBBB bbbbbb
Updated by Matthieu CERDA over 4 years ago
- Status changed from New to Discussion
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 2
The second issue looks indeed like a dupe of http://www.rudder-project.org/redmine/issues/5561, but it should not happen on CFE 3.5...
Do you have the latest 2.10 Techniques ?
Updated by Nicolas CHARLES over 4 years ago
- Status changed from Discussion to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/552
Updated by Vincent MEMBRÉ over 4 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.7 and 2.11.4, which were released today.
- Announcement 2.10 2.11 * Changelog 2.10 2.11 * Download information: https://www.rudder-project.org/site/get-rudder/downloads/