Bug 1837 – Squid-3.0PRE5: Segfault on configuration error

Bug 1837 - Squid-3.0PRE5: Segfault on configuration error


Summary:	Squid-3.0PRE5: Segfault on configuration error

Status:	RESOLVED FIXED

Product:	Squid
Classification:	Unclassified
Component:	other
Version:	3.0
Hardware:	PC All

Importance:	P1 critical
Target Milestone:	3.0
Assigned To:	SQUID BUGS ALIAS

URL:

Duplicates:	1711 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2006-11-20 14:42 UTC by Mark Reidenbach
Modified:	2015-02-12 18:32 UTC (History)
CC List:	2 users (show)

See Also:
Browser:	---
Fixed Versions:
Needs:

Attachments
Revised patch (2.12 KB, patch) 2007-03-10 06:32 UTC, Guido Serassio	Details
Proposed patch for Squid 3.0 (978 bytes, patch) 2007-04-07 02:43 UTC, Guido Serassio	Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Reidenbach 2006-11-20 14:42:19 UTC

Using Squid-3.0PRE5 I accidentally left out "samba" from my path in "auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic" which caused squid to segfault when started.  This occurs when the specified program does not exist.

The only way I was able to tell what happened was to run gdb.  Even though this was definitely a configuration error on my part, it would be useful to show an error letting users know the program doesn't exist rather than segfaulting.  I'm attaching the results of gdb below:

(gdb) handle SIGPIPE pass noprint nostop
Signal        Stop      Print   Pass to program Description
SIGPIPE       No        No      Yes             Broken pipe
(gdb) run -DNYCd3
Starting program: /usr/local/squid/sbin/squid -DNYCd3
[Thread debugging using libthread_db enabled]
[New Thread -1213135168 (LWP 642)]
2006/11/20 15:33:39| storeDirWriteCleanLogs: Starting...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213135168 (LWP 642)]
0x080e904b in commSetCloseOnExec (fd=7) at comm.cc:1783
1783        fd_table[fd].flags.close_on_exec = 1;
(gdb) bt
#0  0x080e904b in commSetCloseOnExec (fd=7) at comm.cc:1783
#1  0x080835cd in file_open (path=0x8231500 "/usr/local/squid/var/cache/swap.state.clean", mode=577) at disk.cc:83
#2  0x080f317d in UFSSwapDir::writeCleanStart (this=0x822c840) at ufs/store_dir_ufs.cc:870
#3  0x080d6a86 in storeDirWriteCleanLogs (reopen=0) at store_dir.cc:439
#4  0x080dd606 in fatal (message=0x81c8060 "authparam basic program /usr/local/bin/blah: (2) No such file or directory") at tools.cc:461
#5  0x080dda63 in fatalf (fmt=0x810a2d9 "%s %s: %s") at tools.cc:489
#6  0x08061ab1 in requirePathnameExists (name=0x812e73b "authparam basic program", path=0x822d0c8 "/usr/local/bin/blah") at cache_cf.cc:3042
#7  0x08067fa7 in parse_line (buff=<value optimized out>) at cache_cf.cc:1308
#8  0x0806ab45 in parseConfigFile (file_name=0x8212788 "/usr/local/squid/etc/squid.conf", manager=@0x81a2640) at cache_cf.cc:307
#9  0x080b591d in main (argc=2, argv=0xbf8470a4) at main.cc:1219
(gdb) quit

Comment 1 Guido Serassio 2006-11-21 03:02:41 UTC

Confirmed, it's the same error seen in comment #2 of bug #1711

Comment 2 Alex Rousskov 2006-11-21 13:44:04 UTC

But the original stack trace for bug #1711 is different, so this "segfault on config error" error may be different.

I have changed the summary line since the bug is present for many (all?) configuration errors.

Comment 3 Christos Tsantilas 2007-03-01 11:15:49 UTC

Hi,
 Looks that it is the same error of comment #2 of bug #1711. It happens in all errors, because the fd_table initialized in comm_init function which called after parseConfigFile function.
I propose    to make a fdAllocMemory() function which initializes the fd_table in early stages.
 The following small patch solves the problem for me:

Index: main.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/main.cc,v
retrieving revision 1.51.2.7
diff -u -r1.51.2.7 main.cc
--- main.cc	29 Jan 2007 20:00:27 -0000	1.51.2.7
+++ main.cc	1 Mar 2007 17:33:34 -0000
@@ -1115,6 +1115,8 @@
 #endif
 #endif /* HAVE_MALLOPT */
 
+    void fdAllocMemory(void);
+    fdAllocMemory();
     /*
      * The plan here is to set the umask to 007 (deny others for
      * read,write,execute), but only if the umask is not already
Index: comm.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/comm.cc,v
retrieving revision 1.53.2.5
diff -u -r1.53.2.5 comm.cc
--- comm.cc	19 Oct 2006 06:12:56 -0000	1.53.2.5
+++ comm.cc	1 Mar 2007 17:33:40 -0000
@@ -1801,7 +1801,7 @@
 
 void
 comm_init(void) {
-    fd_table =(fde *) xcalloc(Squid_MaxFD, sizeof(fde));
+//    fd_table =(fde *) xcalloc(Squid_MaxFD, sizeof(fde));
     fdd_table = (fd_debug_t *)xcalloc(Squid_MaxFD, sizeof(fd_debug_t));
     fdc_table = new fdc_t[Squid_MaxFD];
     commfd_table = (comm_fd_t *) xcalloc(Squid_MaxFD, sizeof(comm_fd_t));
Index: fd.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/fd.cc,v
retrieving revision 1.10.8.3
diff -u -r1.10.8.3 fd.cc
--- fd.cc	14 Dec 2006 06:12:16 -0000	1.10.8.3
+++ fd.cc	1 Mar 2007 17:33:40 -0000
@@ -248,6 +248,12 @@
 }
 
 void
+fdAllocMemory(void)
+{
+    fd_table =(fde *) xcalloc(Squid_MaxFD, sizeof(fde));
+}
+
+void
 fdFreeMemory(void)
 {
     safe_free(fd_table);

Comment 4 Guido Serassio 2007-03-10 06:32:49 UTC

Created attachment 1315 [details]
Revised patch

Just moved the fdAllocMemory() declaration to protos.h

This patch seems to fix the problem.

Comment 5 Alex Rousskov 2007-03-19 08:04:56 UTC

*** Bug 1711 has been marked as a duplicate of this bug. ***

Comment 6 Alex Rousskov 2007-04-06 08:38:23 UTC

It seems wrong that we are just allocating memory for some internal comm_ structure without doing the rest of the stuff that comm_init does (or will do). How long before we hit another bug because some other comm_ state (e.g., conn_close_pool) was not initialized properly when some comm_ routine (commSetCloseOnExec in this case) is called before comm_init?

Can we call comm_init earlier instead? Do MemPools need something from squid.conf?

Comment 7 Guido Serassio 2007-04-07 02:41:39 UTC

Hi Alex,

(In reply to comment #6)
> It seems wrong that we are just allocating memory for some internal comm_
> structure without doing the rest of the stuff that comm_init does (or will do).
> How long before we hit another bug because some other comm_ state (e.g.,
> conn_close_pool) was not initialized properly when some comm_ routine
> (commSetCloseOnExec in this case) is called before comm_init?
> 
> Can we call comm_init earlier instead? Do MemPools need something from
> squid.conf?
> 
I agree with you.
We can move comm_init() just after Mem::Init().

Regards

Guido

Comment 8 Guido Serassio 2007-04-07 02:43:23 UTC

Created attachment 1354 [details]
Proposed patch for Squid 3.0

Comment 9 Alex Rousskov 2007-04-11 08:38:46 UTC

comm_init calls memPoolCreate. Squid.conf has options related to memory pools. Is it really OK to move comm_init before Mem::Init and before parseConfigFile, as patch #1354 does?

Comment 10 Henrik Nordstrom 2007-04-11 10:19:05 UTC

Last time I looked the memory pools are operational before main() is called.

Comment 11 Guido Serassio 2007-04-11 11:20:57 UTC

Hi Alex,

(In reply to comment #9)
> comm_init calls memPoolCreate. Squid.conf has options related to memory pools.
> Is it really OK to move comm_init before Mem::Init and before parseConfigFile,
> as patch #1354 does?

But I have placed comm_init() just after Mem::Init .... :-)

Guido

Comment 12 Alex Rousskov 2007-04-12 08:59:29 UTC

Committed to Squid3 HEAD.

Thank you.

Comment 13 Pavel Šimerda 2015-02-12 17:04:52 UTC

Note: The patch still applies to squid 3.1.23.

Comment 14 Amos Jeffries 2015-02-12 18:32:09 UTC

It was reverted in http://www.squid-cache.org/Versions/v3/3.0/changesets/10689.patch