Segmentation fault issue with omapi on release dhcp-3.1.2p1

Nils.Magnusson at teliasonera.com Nils.Magnusson at teliasonera.com
Wed Aug 26 16:52:10 UTC 2009 

Segmentation fault issue with omapi on release dhcp-3.1.2p1

We have a daemon today that supervises the isc-server and all of it's pools. This
program normally runs for months and months without any problem but we have one issue that causes
a segmentation fault within omapi, more specific the dhcpctl_wait_for_completion (LeaseObject, &Waitstatus);


The program opens a connection and then creates a lease object and then uses this lease object to retrieve the status
of all leases. This has worked fine for many years but I have now found an issue (that I guess has been there for long)
and that is the following record:

lease x.x.x.x {
  starts 1 2009/08/10 09:12:43;
  ends 4 2009/09/10 09:32:43;
  tstp 4 2009/09/10 09:32:43;
  binding state active;
  next binding state free;
  billing subclass "gai4-0-private-surf-e" "gai-na-215578 at hs-c-a11-g3n1-s1.p13";
  hardware ethernet 00:21:27:e5:52:9d;
  uid "\001\000!'\345R\235";
  option agent.remote-id "gai-na-215578 at hs-c-a11-g3n1-s1.p13";
  client-hostname "";
}

This record causes the dhcpctl_wait_for_completion (LeaseObject, &Waitstatus); to crasch and it is the line
--  client-hostname ""; that causes it
NOTE. the segmentation fault does not happen when this record is treated but always the record (lease) after.
I have tested where the next lease is free and also where the lease is busy but this does not change the behavior.

The strange thing is that I have only found one client in our entire network that produces such a record, normally
the client name is missing or includes a name, e.g   client-hostname "myname";

If I close the connection and then reopen it for every lease then it works for a while but after a time it is not
possible to connect to the dhcp server.

The exact line in omapip/support.c that causes the problem is
status = (*(outer -> type -> signal_handler)) (outer, name, ap);

I added some printf to get some  traces in support.c

isc_result_t omapi_signal (omapi_object_t *handle, const char *name, ...)
{
        va_list ap;
        omapi_object_t *outer;
        isc_result_t status;
        printf("entering omapi_signal\n");
        printf("omapi_signal 1\n");
        va_start (ap, name);
        printf("omapi_signal 2\n");

        for (outer = handle; outer -> outer; outer = outer -> outer)
        {
          printf("omapi_signal the name in outer is %s\n", outer->type->name);
          ;
        }

        printf("omapi_signal 3\n");
        if (outer -> type -> signal_handler)
         {
           printf("omapi_signal 4\n");
           printf("the name is %s\n", name);

           status = (*(outer -> type -> signal_handler)) (outer, name, ap);
           printf("omapi_signal 5\n");
         }
        else
        {
          status = ISC_R_NOTFOUND;
          printf("omapi_signal 6\n");
        }
        printf("omapi_signal 7\n");
        va_end (ap);
        printf("leaving omapi_signal\n");
        return status;
}

omapi_signal 1
omapi_signal 2
omapi_signal the name in outer is connection
omapi_signal 3
omapi_signal 4
the name is ready
Segmentation fault

I have also traces in omapi_signal_in but no traces are reported from that function before the segmentation fault


Any inputis highly appreciated.

/nils magnusson


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090826/3fe506fa/attachment.html>

More information about the dhcp-users mailing list