Bug #5681
closed
Bug #5712: Defining long classes (about > 2064 char) in CFEngine causes segfault
Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generation
Added by Fabrice FLORE-THÉBAULT about 10 years ago.
Updated over 9 years ago.
Description
Using a Directive based on a "SSH keys distribution" 2.0 Technique.
I add 13 keys, that's a 13 lines, 5131 bytes file.
Option: flush the authorized keys file before updating : yes
Policy generation fails with following error:
⇨ cf-promise check fails for promises generated at '/var/rudder/share/3026aaf6-dd31-4d07-80b1-a810c8e250a4.new/rules/cfengine-community'
⇨ expand.c:287: ProgrammingError: ExpandAndMapIteratorsFromScalar called with invalid strlen
I have another issue with the same technique, maybe it is related so i add it here:
I have setup a directive with 2 keys for an user, with option: flush the authorized keys file before updating : yes
After a run i can onserve following :
- The directive is "repaired".
- In the .ssh/authorized_keys i observe:
- the first key is duplicated after each run, until i have 3 times te line with the first key;
- the second keys is prepended by spaces.
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
ssh-rsa AAAAAA aaaaaa
ssh-rsa BBBBBB bbbbbb
NB: With option "Do you want to flush the authorized keys file before updating: No", then the first key is duplicated ad nauseam.
Maybe important: in this directive, i have 3 ssh keys, and the impacted key item is "SSH key #3". This makes situation similar to #5561.
Update: the fact that key is "SSH key #3" is important. If i break the ssh-key directive into 3 different directives, then the duplication of the key disappears.
- Status changed from New to Discussion
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 2
I can definitively reproduce the issue
If the key is too long ( roughly around the 1K length, then the class definition segfault)
We need to update the technique to not use such long classes
- Status changed from Discussion to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/552
- Project changed from Rudder to 24
- Category deleted (
Techniques)
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset commit:57907a5427f621e6194fe0a6f278d637b5af1f39.
Applied in changeset commit:c636404292c6a974798778f7eb940939482bb07a.
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.7 and 2.11.4, which were released today.
Also available in: Atom
PDF
Updated by 
Updated by Matthieu CERDA 
Updated by 
Updated by Jonathan CLARKE 
Updated by