Project

General

Profile

Actions

Bug #8794

closed

The agent fails writing fields in lines longer than 4k

Added by Jonathan CLARKE over 4 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Agent
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Due to a (since corrected) bug in Rudder development version, I have a technique that keeps extending the password field in /etc/shadow:

# grep jclarke /etc/shadow
jclarke:linux-shadow-sha512:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:$6$kgfZaS8b$Mjq.4lZswCaCsWTaCOPC0C7cLBnOS8ZUojsr8kdCiLQwLG107bJ9w3zyEhVb41JFruALVfgMVIzGHVU.004sT0:17011:0:99999:7:::

As a result of this, I assume, too big a field, now when I run "rudder agent run", I see this error:

[root@server vagrant]# rudder agent run
Rudder agent 3.1.12.rc1.git201607290630 (CFEngine Core 3.6.5)
Node uuid: root
Start execution with config [-1586989543]

Result   Technique                 Component                 Key                Message
success  Common                    Security parameters                          The internal environment security is acceptable
success  Common                    Red Button                                   Red Button is not in effect, continuing as normal...
success  Common                    Process checking                             There is an acceptable number of CFEngine processes running on the machine
success  Common                    Log system for reports                       Logging system for report centralization is already correctly configured
success  Common                    CRON Daemon                                  Cron daemon status was correct
success  Common                    Binaries update                              The CFengine binaries in /var/rudder/cfengine-community/bin are up to date
success  server-roles              Check logrotate configur|                    The logrotate configuration is correct
success  server-roles              Check LDAP in rudder-web|                    The Rudder Webapp configuration files are OK (checked LDAP password)
success  server-roles              Check LDAP credentials                       The OpenLDAP configuration file is OK (checked rootdn password)
success  server-roles              Check SQL in rudder-weba|                    The Rudder Webapp configuration files are OK (checked SQL password)
success  server-roles              Check SQL credentials                        The Rudder PostgreSQL user account's password is correct and works
success  server-roles              Check rudder-passwords.c|                    The Rudder passwords file is present and secure
success  server-roles              Check allowed networks c|                    The Rudder allowed networks configuration is OK
success  server-roles              Check WebDAV credentials                     The Rudder WebDAV user and password are OK
success  server-roles              Check apache process                         The apache process is already running
success  server-roles              Check apache boot script                     Check apache boot starting parameters was correct
success  server-roles              Check jetty process                          The jetty process is already running
success  server-roles              Check configuration-repo|                    The /var/rudder/configuration-repository directory is present
success  server-roles              Check configuration-repo|                    The /var/rudder/configuration-repository GIT lock file is not present or not older than 5 minutes
success  server-roles              Check rudder status                          The http://localhost:8080/rudder/api/status web application is running
success  server-roles              Check endpoint status                        The http://localhost:8080/endpoint/api/status web application is running
success  server-roles              Check slapd process                          The slapd process is already running
success  server-roles              Check PostgreSQL configu|                    Their is no need of specific postgresql configuration on this system
success  server-roles              Check postgresql process                     The postgresql process is already running
success  server-roles              Check postgresql boot sc|                    Check postgresql boot starting parameters was correct
n/a      server-roles              Send metrics to rudder-p|                    Sending metrics to rudder-project is not enabled. Skipping.
success  DistributePolicy          Configure ncf                                Configure ncf was correct
success  DistributePolicy          Propagate promises                           All files have been propagated
success  DistributePolicy          Send inventories to CMDB                     No inventory to send
success  Inventory                 inventory                                    Next inventory scheduled between 00:00 and 06:00
*** buffer overflow detected ***: /var/rudder/cfengine-community/bin/cf-agent terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7fec04ca1d47]
/lib64/libc.so.6(+0xffc30)[0x7fec04c9fc30]
/lib64/libc.so.6(+0xfeae7)[0x7fec04c9eae7]
/var/rudder/cfengine-community/bin/cf-agent(+0x55198)[0x7fec068fd198]
/var/rudder/cfengine-community/bin/cf-agent(+0x35f9f)[0x7fec068ddf9f]
/var/rudder/cfengine-community/bin/cf-agent(+0x6e267)[0x7fec06916267]
/var/rudder/cfengine-community/bin/cf-agent(+0x34c3d)[0x7fec068dcc3d]
/var/rudder/cfengine-community/bin/cf-agent(+0x23072)[0x7fec068cb072]
/var/rudder/cfengine-community/bin/cf-agent(+0x2413e)[0x7fec068cc13e]
/var/rudder/cfengine-community/bin/cf-agent(+0x4af21)[0x7fec068f2f21]
/var/rudder/cfengine-community/bin/cf-agent(+0x24afc)[0x7fec068ccafc]
/var/rudder/cfengine-community/bin/cf-agent(+0x1fdcb)[0x7fec068c7dcb]
/var/rudder/cfengine-community/bin/cf-agent(+0x6e267)[0x7fec06916267]
/var/rudder/cfengine-community/bin/cf-agent(+0x1f76c)[0x7fec068c776c]
/var/rudder/cfengine-community/bin/cf-agent(main+0xac9)[0x7fec068c9bc9]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7fec04bbecdd]
/var/rudder/cfengine-community/bin/cf-agent(+0x1f319)[0x7fec068c7319]
======= Memory map: ========
7fec02951000-7fec02967000 r-xp 00000000 fd:00 390918                     /lib64/libgcc_s-4.4.6-20120305.so.1
7fec02967000-7fec02b66000 ---p 00016000 fd:00 390918                     /lib64/libgcc_s-4.4.6-20120305.so.1
7fec02b66000-7fec02b67000 rw-p 00015000 fd:00 390918                     /lib64/libgcc_s-4.4.6-20120305.so.1
7fec02b67000-7fec02b6c000 r-xp 00000000 fd:00 390945                     /lib64/libnss_dns-2.12.so
7fec02b6c000-7fec02d6b000 ---p 00005000 fd:00 390945                     /lib64/libnss_dns-2.12.so
7fec02d6b000-7fec02d6c000 r--p 00004000 fd:00 390945                     /lib64/libnss_dns-2.12.so
7fec02d6c000-7fec02d6d000 rw-p 00005000 fd:00 390945                     /lib64/libnss_dns-2.12.so
7fec02d6d000-7fec02d8a000 r-xp 00000000 fd:00 391692                     /lib64/libselinux.so.1
7fec02d8a000-7fec02f89000 ---p 0001d000 fd:00 391692                     /lib64/libselinux.so.1
7fec02f89000-7fec02f8a000 r--p 0001c000 fd:00 391692                     /lib64/libselinux.so.1
7fec02f8a000-7fec02f8b000 rw-p 0001d000 fd:00 391692                     /lib64/libselinux.so.1
7fec02f8b000-7fec02f8c000 rw-p 00000000 00:00 0 
7fec02f8c000-7fec02f8e000 r-xp 00000000 fd:00 390923                     /lib64/libfreebl3.so
7fec02f8e000-7fec0318d000 ---p 00002000 fd:00 390923                     /lib64/libfreebl3.so
7fec0318d000-7fec0318e000 r--p 00001000 fd:00 390923                     /lib64/libfreebl3.so
7fec0318e000-7fec0318f000 rw-p 00002000 fd:00 390923                     /lib64/libfreebl3.so
7fec0318f000-7fec031a5000 r-xp 00000000 fd:00 390957                     /lib64/libresolv-2.12.so
7fec031a5000-7fec033a5000 ---p 00016000 fd:00 390957                     /lib64/libresolv-2.12.so
7fec033a5000-7fec033a6000 r--p 00016000 fd:00 390957                     /lib64/libresolv-2.12.so
7fec033a6000-7fec033a7000 rw-p 00017000 fd:00 390957                     /lib64/libresolv-2.12.so
7fec033a7000-7fec033a9000 rw-p 00000000 00:00 0 
7fec033a9000-7fec033ab000 r-xp 00000000 fd:00 391115                     /lib64/libkeyutils.so.1.3
7fec033ab000-7fec035aa000 ---p 00002000 fd:00 391115                     /lib64/libkeyutils.so.1.3
7fec035aa000-7fec035ab000 r--p 00001000 fd:00 391115                     /lib64/libkeyutils.so.1.3
7fec035ab000-7fec035ac000 rw-p 00002000 fd:00 391115                     /lib64/libkeyutils.so.1.3
7fec035ac000-7fec035b6000 r-xp 00000000 fd:00 391124                     /lib64/libkrb5support.so.0.1
7fec035b6000-7fec037b5000 ---p 0000a000 fd:00 391124                     /lib64/libkrb5support.so.0.1
7fec037b5000-7fec037b6000 r--p 00009000 fd:00 391124                     /lib64/libkrb5support.so.0.1
7fec037b6000-7fec037b7000 rw-p 0000a000 fd:00 391124                     /lib64/libkrb5support.so.0.1
7fec037b7000-7fec037c3000 r-xp 00000000 fd:00 390947                     /lib64/libnss_files-2.12.so
7fec037c3000-7fec039c3000 ---p 0000c000 fd:00 390947                     /lib64/libnss_files-2.12.so
7fec039c3000-7fec039c4000 r--p 0000c000 fd:00 390947                     /lib64/libnss_files-2.12.so
7fec039c4000-7fec039c5000 rw-p 0000d000 fd:00 390947                     /lib64/libnss_files-2.12.so
7fec039c5000-7fec039db000 r-xp 00000000 fd:00 390941                     /lib64/libnsl-2.12.so
7fec039db000-7fec03bda000 ---p 00016000 fd:00 390941                     /lib64/libnsl-2.12.so
7fec03bda000-7fec03bdb000 r--p 00015000 fd:00 390941                     /lib64/libnsl-2.12.so
7fec03bdb000-7fec03bdc000 rw-p 00016000 fd:00 390941                     /lib64/libnsl-2.12.so
7fec03bdc000-7fec03bde000 rw-p 00000000 00:00 0 
7fec03bde000-7fec03be5000 r-xp 00000000 fd:00 390935                     /lib64/libcrypt-2.12.so
7fec03be5000-7fec03de5000 ---p 00007000 fd:00 390935                     /lib64/libcrypt-2.12.so
7fec03de5000-7fec03de6000 r--p 00007000 fd:00 390935                     /lib64/libcrypt-2.12.so
7fec03de6000-7fec03de7000 rw-p 00008000 fd:00 390935                     /lib64/libcrypt-2.12.so
7fec03de7000-7fec03e15000 rw-p 00000000 00:00 0 
7fec03e15000-7fec03e2d000 r-xp 00000000 fd:00 390992                     /lib64/libaudit.so.1.0.0
7fec03e2d000-7fec0402c000 ---p 00018000 fd:00 390992                     /lib64/libaudit.so.1.0.0
7fec0402c000-7fec0402e000 r--p 00017000 fd:00 390992                     /lib64/libaudit.so.1.0.0
7fec0402e000-7fec04039000 rw-p 00019000 fd:00 390992                     /lib64/libaudit.so.1.0.0
7fec04039000-7fec0404e000 r-xp 00000000 fd:00 390981                     /lib64/libz.so.1.2.3
7fec0404e000-7fec0424d000 ---p 00015000 fd:00 390981                     /lib64/libz.so.1.2.3
7fec0424d000-7fec0424e000 r--p 00014000 fd:00 390981                     /lib64/libz.so.1.2.3
7fec0424e000-7fec0424f000 rw-p 00015000 fd:00 390981                     /lib64/libz.so.1.2.3
7fec0424f000-7fec04279000 r-xp 00000000 fd:00 391120                     /lib64/libk5crypto.so.3.1
7fec04279000-7fec04478000 ---p 0002a000 fd:00 391120                     /lib64/libk5crypto.so.3.1
7fec04478000-7fec0447a000 r--p 00029000 fd:00 391120                     /lib64/libk5crypto.so.3.1
7fec0447a000-7fec0447b000 rw-p 0002b000 fd:00 391120                     /lib64/libk5crypto.so.3.1
7fec0447b000-7fec0447e000 r-xp 00000000 fd:00 390986                     /lib64/libcom_err.so.2.1
7fec0447e000-7fec0467d000 ---p 00003000 fd:00 390986                     /lib64/libcom_err.so.2.1
7fec0467d000-7fec0467e000 r--p 00002000 fd:00 390986                     /lib64/libcom_err.so.2.1
7fec0467e000-7fec0467f000 rw-p 00003000 fd:00 390986                     /lib64/libcom_err.so.2.1
7fec0467f000-7fec04753000 r-xp 00000000 fd:00 391122                     /lib64/libkrb5.so.3.3
7fec04753000-7fec04953000 ---p 000d4000 fd:00 391122                     /lib64/libkrb5.so.3.3
7fec04953000-7fec0495c000 r--p 000d4000 fd:00 391122                     /lib64/libkrb5.so.3.3
7fec0495c000-7fec0495e000 rw-p 000dd000 fd:00 391122                     /lib64/libkrb5.so.3.3
7fec0495e000-7fec0499d000 r-xp 00000000 fd:00 391116                     /lib64/libgssapi_krb5.so.2.2
7fec0499d000-7fec04b9d000 ---p 0003f000 fd:00 391116                     /lib64/libgssapi_krb5.so.2.2
7fec04b9d000-7fec04b9e000 r--p 0003f000 fd:00 391116                     /lib64/libgssapi_krb5.so.2.2
7fec04b9e000-7fec04ba0000 rw-p 00040000 fd:00 391116                     /lib64/libgssapi_krb5.so.2.2
7fec04ba0000-7fec04d29000 r-xp 00000000 fd:00 390931                     /lib64/libc-2.12.so
7fec04d29000-7fec04f29000 ---p 00189000 fd:00 390931                     /lib64/libc-2.12.so
7fec04f29000-7fec04f2d000 r--p 00189000 fd:00 390931                     /lib64/libc-2.12.so
7fec04f2d000-7fec04f2e000 rw-p 0018d000 fd:00 390931                     /lib64/libc-2.12.so
7fec04f2e000-7fec04f33000 rw-p 00000000 00:00 0 
7fec04f33000-7fec04f4a000 r-xp 00000000 fd:00 390955                     /lib64/libpthread-2.12.so
7fec04f4a000-7fec0514a000 ---p 00017000 fd:00 390955                     /lib64/libpthread-2.12.so
7fec0514a000-7fec0514b000 r--p 00017000 fd:00 390955                     /lib64/libpthread-2.12.so
7fec0514b000-7fec0514c000 rw-p 00018000 fd:00 390955                     /lib64/libpthread-2.12.so
7fec0514c000-7fec05150000 rw-p 00000000 00:00 0 
7fec05150000-7fec051d3000 r-xp 00000000 fd:00 390939                     /lib64/libm-2.12.so
7fec051d3000-7fec053d2000 ---p 00083000 fd:00 390939                     /lib64/libm-2.12.so
7fec053d2000-7fec053d3000 r--p 00082000 fd:00 390939                     /lib64/libm-2.12.so
7fec053d3000-7fec053d4000 rw-p 00083000 fd:00 390939                     /lib64/libm-2.12.so
7fec053d4000-7fec053db000 r-xp 00000000 fd:00 390959                     /lib64/librt-2.12.so
7fec053db000-7fec055da000 ---p 00007000 fd:00 390959                     /lib64/librt-2.12.so
7fec055da000-7fec055db000 r--p 00006000 fd:00 390959                     /lib64/librt-2.12.so
7fec055db000-7fec055dc000 rw-p 00007000 fd:00 390959                     /lib64/librt-2.12.so
7fec055dc000-7fec055de000 r-xp 00000000 fd:00 390937                     /lib64/libdl-2.12.so
7fec055de000-7fec057de000 ---p 00002000 fd:00 390937                     /lib64/libdl-2.12.so
7fec057de000-7fec057df000 r--p 00002000 fd:00 390937                     /lib64/libdl-2.12.so
7fec057df000-7fec057e0000 rw-p 00003000 fd:00 390937                     /lib64/libdl-2.12.so
7fec057e0000-7fec057ea000 r-xp 00000000 fd:00 390951                     /lib64/libnss_nis-2.12.so
7fec057ea000-7fec059e9000 ---p 0000a000 fd:00 390951                     /lib64/libnss_nis-2.12.so
7fec059e9000-7fec059ea000 r--p 00009000 fd:00 390951                     /lib64/libnss_nis-2.12.so
7fec059ea000-7fec059eb000 rw-p 0000a000 fd:00 390951                     /lib64/libnss_nis-2.12.so
7fec059eb000-7fec059f7000 r-xp 00000000 fd:00 391163                     /lib64/libpam.so.0.82.2
7fec059f7000-7fec05bf7000 ---p 0000c000 fd:00 391163                     /lib64/libpam.so.0.82.2
7fec05bf7000-7fec05bf8000 r--p 0000c000 fd:00 391163                     /lib64/libpam.so.0.82.2
7fec05bf8000-7fec05bf9000 rw-p 0000d000 fd:00 391163                     /lib64/libpam.so.0.82.2
7fec05bf9000-7fec05c25000 r-xp 00000000 fd:00 391134                     /lib64/libpcre.so.0.0.1
7fec05c25000-7fec05e24000 ---p 0002c000 fd:00 391134                     /lib64/libpcre.so.0.0.1
7fec05e24000-7fec05e25000 rw-p 0002b000 fd:00 391134                     /lib64/libpcre.so.0.0.1
7fec05e25000-7fec05fdf000 r-xp 00000000 fd:00 524928                     /usr/lib64/libcrypto.so.1.0.1e
7fec05fdf000-7fec061de000 ---p 001ba000 fd:00 524928                     /usr/lib64/libcrypto.so.1.0.1e
7fec061de000-7fec061f9000 r--p 001b9000 fd:00 524928                     /usr/lib64/libcrypto.so.1.0.1e
7fec061f9000-7fec06205000 rw-p 001d4000 fd:00 524928                     /usr/lib64/libcrypto.so.1.0.1e
7fec06205000-7fec06209000 rw-p 00000000 00:00 0 
7fec06209000-7fec0626b000 r-xp 00000000 fd:00 533221                     /usr/lib64/libssl.so.1.0.1e
7fec0626b000-7fec0646a000 ---p 00062000 fd:00 533221                     /usr/lib64/libssl.so.1.0.1e
7fec0646a000-7fec0646e000 r--p 00061000 fd:00 533221                     /usr/lib64/libssl.so.1.0.1e
7fec0646e000-7fec06475000 rw-p 00065000 fd:00 533221                     /usr/lib64/libssl.so.1.0.1e
7fec06475000-7fec06486000 r-xp 00000000 fd:00 405040                     /opt/rudder/lib/liblmdb.so
7fec06486000-7fec06685000 ---p 00011000 fd:00 405040                     /opt/rudder/lib/liblmdb.so
7fec06685000-7fec06686000 rw-p 00010000 fd:00 405040                     /opt/rudder/lib/liblmdb.so
7fec06686000-7fec066a6000 r-xp 00000000 fd:00 391714                     /lib64/ld-2.12.so
7fec06890000-7fec0689d000 rw-p 00000000 00:00 0 
7fec068a2000-7fec068a5000 rw-p 00000000 00:00 0 
7fec068a5000-7fec068a6000 r--p 0001f000 fd:00 391714                     /lib64/ld-2.12.so
7fec068a6000-7fec068a7000 rw-p 00020000 fd:00 391714                     /lib64/ld-2.12.so
7fec068a7000-7fec068a8000 rw-p 00000000 00:00 0 
7fec068a8000-7fec069aa000 r-xp 00000000 fd:00 663643                     /var/rudder/cfengine-community/bin/cf-agent
7fec06baa000-7fec06bb9000 r--p 00102000 fd:00 663643                     /var/rudder/cfengine-community/bin/cf-agent
7fec06bb9000-7fec06bbf000 rw-p 00111000 fd:00 663643                     /var/rudder/cfengine-community/bin/cf-agent
7fec06bbf000-7fec06bcc000 rw-p 00000000 00:00 0 
7fec06cbc000-7fec0757e000 rw-p 00000000 00:00 0                          [heap]
7fff24524000-7fff2457c000 rw-p 00000000 00:00 0                          [stack]
7fff245ff000-7fff24600000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
error    Rudder agent was interrupted during execution by a fatal error
         Run with -i to see log messages.

## Summary #####################################################################
success:     29
error:        1
execution time: 110.59s
################################################################################

This occured on 3.1.12.rc1.git201607290630 (CFEngine Core 3.6.5) but I assume it can also happen in 2.11.

Actions #1

Updated by Alexis MOUSSET over 4 years ago

Happens when trying to edit the long line:

2016-07-29T15:38:26+0000  verbose: /default/check_usergroup_user_parameters/files/'/etc/shadow'/default/set_user_field/field_edits/'toto:.:'[0]: Comment 'Edit a user attribute in the password file'
2016-07-29T15:38:26+0000  verbose: /default/check_usergroup_user_parameters/files/'/etc/shadow'/default/set_user_field/field_edits/'toto:.:'[0]: Matched line 'toto:linux-shadow-sha512:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1:rudder.password.auto("SHA-256", "server.rudder.local".substring(0,8), "abcdefg"):rudder.password.auto("SHA-256", "server.rudder.local".substring(0,8), "abcdefg"):17011:0:99999:7:::'
2016-07-29T15:38:26+0000  verbose: /default/check_usergroup_user_parameters/files/'/etc/shadow'/default/set_user_field/field_edits/'toto:.:'[0]: Stopped at field 2
2016-07-29T15:38:26+0000     info: /default/check_usergroup_user_parameters/files/'/etc/shadow'/default/set_user_field/field_edits/'toto:.:'[0]: Setting field sub-value 'linux-shadow-sha512:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1' in '/etc/shadow'
2016-07-29T15:38:26+0000     info: /default/check_usergroup_user_parameters/files/'/etc/shadow'/default/set_user_field/field_edits/'toto:.:'[0]: Edited field inside file object /etc/shadow
*** buffer overflow detected ***: /var/rudder/cfengine-community/bin/cf-agent terminated
======= Backtrace: =========

Actions #2

Updated by Alexis MOUSSET over 4 years ago

I get a segfault on CFEngine master, so the issue is not fixed yet.

Actions #3

Updated by Alexis MOUSSET over 4 years ago

rudder  verbose: Stopped at field 2
rudder     info: Setting field sub-value 'linux-shadow-sha512:$6$shAz1X6A$yAVGLnUR5V08/FH4YTzZsNF2JMhMIjdfKWLr3dJ4OpC.YeZgQC7klSLHl826L3fU0nR371A.cihYPd/GUwJ.V1' in '/etc/shadow'
rudder     info: Edited field inside file object /etc/shadow

Program received signal SIGSEGV, Segmentation fault.
0x000000000044c503 in Rlist2String (list=0xbd0610, sep=0x7fffffff01e0 ":") at conversion.c:216
216            if (rp->next)

Actions #4

Updated by Alexis MOUSSET over 4 years ago

The bug is caused by Rlist2String which tries to write a arbitrary length string into a CF_BUFSIZE buffer without any check.

Actions #5

Updated by Alexis MOUSSET over 4 years ago

RlistToString works well but adds {} and a fixed , separator. I will open an upstream issue and prepare a fix.

Actions #6

Updated by Alexis MOUSSET over 4 years ago

  • Subject changed from Buffer overflow in rudder-agent with huge password field in /etc/shadow to The agent fails writing fields in lines longer than 4k
Actions #7

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 2.11.24 to 308
Actions #8

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 308 to 3.1.14
Actions #10

Updated by Alexis MOUSSET over 4 years ago

  • Status changed from New to In progress
Actions #11

Updated by Alexis MOUSSET over 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1065
Actions #12

Updated by Alexis MOUSSET over 4 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #13

Updated by Vincent MEMBRÉ over 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.15/14 and 3.2.8/7 which were released today.

Actions

Also available in: Atom PDF