Report information
The Basics
Id:
42834
Status:
resolved
Worked:
2 hours (120 minutes)
Users:
tmark: 2 hours (120 minutes)
Priority:
Low/Low
Queue:
dhcp-public
People
BugTracker
Version Fixed:
4.4.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
4.4.0
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
DHCP Common
Area:
bug
Dates
Created:Tue, 12 Jul 2016 08:39:52 -0400
Updated:Tue, 12 Dec 2017 07:38:34 -0500
Closed:Wed, 21 Sep 2016 13:43:24 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 12 Jul 2016 08:39:52 -0400 pinjala ganesh Babu <pinjalaganeshb@gmail.com> - Ticket created
Subject: Problem with omapi_iscsock_cb(omapip/dispatch.c)
Date: Tue, 12 Jul 2016 18:09:47 +0530
To: dhcp-suggest@isc.org
From: "pinjala ganesh Babu" <pinjalaganeshb@gmail.com>


Hi,

This is Ganesh P , Would like to know whether the look-up logic of omapi_io_states is appropriate when picking up the correct state information  for the given ( input ) cbarg.

Existing Logic:

omapi_iscsock_cb(isc_task_t   *task,
                 isc_socket_t *socket,
                 void         *cbarg,
                 int           flags)
{
#if SOCKDELETE
        /*
         * walk through the io states list, if our object is on there
         * service it.  if not ignore it.
         */
        for (obj = omapi_io_states.next; (obj != NULL) ; obj = obj->next) {
                if (obj == cbarg) {
                        break;
                }
        }

        if (obj == NULL)  {
                return(0);
        }
#else
}

"obj = obj->next" is this condition to be removed from for loop ? because of having it we might never do a comparison of last state of  "omapi_io_states" , isn't it ?

 in existing code flow  ,  failing to find an appropriate  "omapi_io_states" ( i.e no match with "cbarg" )  can lead to invocation of  "status = obj->reader(obj->inner);" and hence "dhcp" process might wait on an UNSET FD and blocks forever ? 

Can you please clarify ?

Thanks in advance ,

Ganesh.

Tue, 12 Jul 2016 10:55:10 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added
Tue, 12 Jul 2016 10:55:11 -0400 Stephen Morris <stephen@isc.org> - Severity S2 Normal added
Tue, 12 Jul 2016 10:55:11 -0400 Stephen Morris <stephen@isc.org> - Area bug added
Tue, 12 Jul 2016 10:55:12 -0400 Stephen Morris <stephen@isc.org> - Component DHCP Server added
  Fri, 26 Aug 2016 01:34:52 -0400 Shawn Routhier <sar@isc.org> - Correspondence added

On Tue Jul 12 12:39:52 2016, pinjalaganeshb@gmail.com wrote: > Hi, > > This is Ganesh P , Would like to know whether the look-up logic of > omapi_io_states is appropriate when picking up the correct state > information for the given ( input ) cbarg. > > Existing Logic: > > omapi_iscsock_cb(isc_task_t *task, > isc_socket_t *socket, > void *cbarg, > int flags) > { > #if SOCKDELETE > /* > * walk through the io states list, if our object is on there > * service it. if not ignore it. > */ > for (obj = omapi_io_states.next; (obj != NULL) ; obj = obj->next) { I think there may have been a cut and paste error. In my copy of the code the check statement is (obj != NULL) && (obj->next != NULL); > if (obj == cbarg) { > break; > } > } > > if (obj == NULL) { > return(0); > } > #else > } > > "obj = obj->next" is this condition to be removed from for loop ? because > of having it we might never do a comparison of last state of > "omapi_io_states" , isn't it ? I think you meant to refer to the (obj->next != NULL) condition rather than the obj = obj->next statement. It does appear to be incorrect. I'll have to review the code more deeply to see if there is any reason for it to be there. > > in existing code flow , failing to find an appropriate > "omapi_io_states" ( i.e no match with "cbarg" ) can lead to invocation of > "status = obj->reader(obj->inner);" and hence "dhcp" process might wait on > an UNSET FD and blocks forever ? I think this turns out to be only possibly in theory. I think that in reality the matching socket is always on the list. We either find it by comparison with cbarg, or it is the last one on the list and we default to using it. That is, there appears to be a bug in the code but as the rest of the code is generally well behaved this bug probably doesn't cause an issue. Have you seen any problems in this area? > > Can you please clarify ? > > Thanks in advance , > > Ganesh.
Fri, 26 Aug 2016 01:34:53 -0400 The RT System itself - Status changed from 'new' to 'open'
Fri, 26 Aug 2016 01:37:58 -0400 Shawn Routhier <sar@isc.org> - Versions Planned 4.4.0 added
Fri, 26 Aug 2016 01:37:59 -0400 Shawn Routhier <sar@isc.org> - Component DHCP Server changed to DHCP Common
Fri, 26 Aug 2016 01:38:31 -0400 Shawn Routhier <sar@isc.org> - Queue changed from #10 to #8
Tue, 06 Sep 2016 07:06:45 -0400 Thomas Markwalder <tmark@isc.org> - Taken
Tue, 06 Sep 2016 10:34:22 -0400 Thomas Markwalder <tmark@isc.org> - Worked 2 hours (120 minutes) 120 minutes
Tue, 06 Sep 2016 10:51:33 -0400 Thomas Markwalder <tmark@isc.org> - Queue changed from #8 to #9
  Wed, 07 Sep 2016 09:16:58 -0400 Thomas Markwalder <tmark@isc.org> - Correspondence added

Hello Ganesh: You'll be pleased to learn that we've addressed your issue for our next major release of ISC_DHCP, 4.4.0. The release date hasn't been finalized at this time. The solution was to simply remove the check of (obj->next != NULL) from the for-loop expresion. It is our custom to credit our contributors by citing them in the release notes by name and/or organization. If you wish to be recognized in this fashion please respond with how you would like to be identified. Thank you for taking the time and interest to report this issue, we will welcome any future submissions you wish to make. Sincerely, Thomas Markwalder ISC Software Engineering
Wed, 07 Sep 2016 09:19:31 -0400 Thomas Markwalder <tmark@isc.org> - Version Fixed 4.4.0 added
Wed, 07 Sep 2016 09:19:33 -0400 Thomas Markwalder <tmark@isc.org> - Dependency by #24720: added
  Wed, 21 Sep 2016 13:22:30 -0400 pinjala ganesh Babu <pinjalaganeshb@gmail.com> - Correspondence added
Subject: Re: [ISC-Bugs #42834] Problem with omapi_iscsock_cb(omapip/dispatch.c)
Date: Wed, 21 Sep 2016 22:52:26 +0530
To: dhcp-review@isc.org
From: "pinjala ganesh Babu" <pinjalaganeshb@gmail.com>


Hello Thomas,

I am glad to know that it has been picked for the next major release.
Yes i would like to be recognized by name "Ganesh Pinjala".

Thanks,
Ganesh.
 

On Wed, Sep 7, 2016 at 6:46 PM, Thomas Markwalder via RT <dhcp-review@isc.org> wrote:
Hello Ganesh:

You'll be pleased to learn that we've addressed your issue for our next major release of ISC_DHCP, 4.4.0.  The release date hasn't been finalized at this time.  The solution was to simply remove the check of (obj->next != NULL) from the for-loop expresion.

It is our custom to credit our contributors by citing them in the release notes by name and/or organization.  If you wish to be recognized in this fashion please respond with how you would like to be identified.

Thank you for taking the time and interest to report this issue, we will welcome any future submissions you wish to make.

Sincerely,

Thomas Markwalder
ISC Software Engineering



Wed, 21 Sep 2016 13:43:23 -0400 Thomas Markwalder <tmark@isc.org> - FinalPriority changed from 'Low' to 'Low'
Wed, 21 Sep 2016 13:43:23 -0400 Thomas Markwalder <tmark@isc.org> - Priority changed from 'Low' to 'Low'
Wed, 21 Sep 2016 13:43:24 -0400 Thomas Markwalder <tmark@isc.org> - Status changed from 'open' to 'resolved'
Wed, 21 Jun 2017 15:40:52 -0400 Brian Conry <bconry@isc.org> - Queue changed from #9 to #8
Tue, 12 Dec 2017 07:38:34 -0500 Thomas Markwalder <tmark@isc.org> - Queue changed from #8 to dhcp-public