[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug when cfagent updates cfagent binary
|
From: |
David J. Bianco |
|
Subject: |
Bug when cfagent updates cfagent binary |
|
Date: |
01 Aug 2002 10:32:54 -0400 |
I relinked my cfengine 2.0.3 binaries the other day with the new OpenSSL
packages, just to be safe. When cfagent on my RedHat 7.3 hosts tried to
copy the new binary down from the server, it mysteriously failed. I
have the following in update.conf:
copy:
redhat_7::
$(update_dir)/Linux-glibc-2.2/sbin dest=$(workdir)/sbin
r=inf
owner=root
group=root
mode=500
type=checksum
server=$(update_master)
After putting the server and client into debug mode, I saw that
cfagent was getting a message like:
File master.jlab.org:/opt/cfengine/Linux-glibc-2.2/sbin/cfagent changed
while copying
This is generated by the following code in client.c's CopyRegNet()
function:
if (strncmp(buf,CFCHANGEDSTR,strlen(CFCHANGEDSTR)) == 0)
{
snprintf(OUTPUT,bufsize*2,"File %s:%s changed while
copying\n",ip->server,source);
RecvSocketStream(CONN->sd,buf,buf_size-n_read,0); /* flush rest of
transaction */
CfLog(cfinform,OUTPUT,"");
close(dd);
free(buf);
return false;
}
In other words, while the client is reading the datastream from the
server, it looks to see if a magic string "CFCHANGEDSTR" was sent
instead of file data. The problem is, the file I was copying (cfagent)
has this string inside it because it's calls this code. Of course, this
code tries to guard against similar situations, by checking to be sure
the CFCHANGEDSTR only occurs at the beginning of a chunk of data, but
it just so happens that this particular binary has that string right at
the beginning of a chunk boundary.
The workaround was simple. I just set "encrypt=true" and it no longer
saw the CFCHANGEDSTR in the cfengine binary. A better solution might be
an extra check in the code, maybe something like changing:
if (strncmp(buf,CFCHANGEDSTR,strlen(CFCHANGEDSTR)) == 0)
to
if ( (strlen(buf) == strlen(CFCHANGEDSTR) &&
(strncmp(buf,CFCHANGEDSTR,strlen(CFCHANGEDSTR)) == 0) )
Mark, if you'd like to see the actual binary, I can send it to you.
David
--
David J. Bianco, GSEC <address@hidden>
Thomas Jefferson National Accelerator Facility
The views expressed herein are soley those of the author and
not those of SURA/Jefferson Lab or the US DOE.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug when cfagent updates cfagent binary,
David J. Bianco <=