Project

General

Profile

Bug #19371

monitor creation with IPv6 public network segfaults

Added by Fabian Grünbichler 8 months ago. Updated 3 months ago.


Description

steps to reproduce:

1.) setup host using IPv6
2.) configure cluster and public network with IPv6 subnets in ceph.conf
3.) attempt to create a monitor
4.) ceph-mon --mkfs ... segfaults

the problematic code has been commited in 2011 before v0.39 - I haven't actually verified whether it is triggered that far back. it definitely triggers a segfault on Ceph Luminous (12.0.0)

the root cause is declaring a "struct sockaddr" in src/common/pick_address.cc find_ip_in_subnet_list, which is then first passed to parse_network and then to find_ip_in_subnet (both in src/common/ipaddr.cc). find_ip_in_subnet then casts the reference to sockaddr to one to sockaddr_in6 and assigns the IPv6 address. unfortunately, sockaddr is only 16 bytes big, so this assignment overwrites stuff on the stack.

note that the test cases don't catch this, as they only pass bigger structs casted to (sockaddr *) to parse_networks and find_ip_in_subnet when testing IPv6.

pull request will follow


Related issues

Copied to Ceph - Backport #19463: hammer: monitor creation with IPv6 public network segfaults Rejected
Copied to Ceph - Backport #19464: jewel: monitor creation with IPv6 public network segfaults Resolved
Copied to Ceph - Backport #19465: kraken: monitor creation with IPv6 public network segfaults Resolved

History

#2 Updated by Kefu Chai 8 months ago

  • Status changed from New to Need Review
  • Assignee set to Fabian Grünbichler

#3 Updated by Kefu Chai 8 months ago

  • Backport set to hammer, jewel, kraken

#4 Updated by Kefu Chai 8 months ago

  • Status changed from Need Review to Pending Backport

#5 Updated by Nathan Cutler 8 months ago

  • Copied to Backport #19463: hammer: monitor creation with IPv6 public network segfaults added

#6 Updated by Nathan Cutler 8 months ago

  • Copied to Backport #19464: jewel: monitor creation with IPv6 public network segfaults added

#7 Updated by Nathan Cutler 8 months ago

  • Copied to Backport #19465: kraken: monitor creation with IPv6 public network segfaults added

#8 Updated by Nathan Cutler 3 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF