search

edward6018 / libnetconf

Automatically exported from code.google.com/p/libnetconf
Other
0 stars 0 forks source link

segfault if malformed message is sent #43

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
steps to reproduce:
1. send the following rpc:
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
    message-id="1">
    <nc:edit-config>
        <nc:target>
            <nc:running />
        </nc:target>
        <nc:config>
            <config />
        </nc:config>
    </nc:edit-config>
</nc:rpc>

(I used ncclient [1] to send the request); backtrace is below.

The attached patch adds a check to prevent the segfault in 
ncdflt_edit_remove_default.

best
Tobi

[1] http://ncclient.grnet.gr/

the backtrace:
(gdb) bt
#0  0x00007ffff7b899eb in ncdflt_edit_remove_default (config=0x87be70, 
model=0x7697f0) at src/with_defaults.c:772
#1  0x00007ffff7b9bc5a in ncds_apply_rpc (id=1681692778, session=0xb89ef0, 
rpc=0x971fb0) at src/datastore.c:5376
#2  0x00007ffff7b9d5da in ncds_apply_rpc2all (session=0xb89ef0, rpc=0x971fb0, 
ids=0x0) at src/datastore.c:5955
#3  0x0000000000403dad in server_process_rpc (session=0xb89ef0, rpc=0x971fb0) 
at src/server_operations.c:563
#4  0x0000000000406f08 in process_operation (socket=17) at 
src/server_comm_socket.c:396
#5  0x000000000040729a in comm_loop (conn=0x60aa08 <sock>, timeout=500) at 
src/server_comm_socket.c:494
#6  0x000000000040391e in main (argc=3, argv=0x7fffffffe3d8) at src/server.c:273

Original issue reported on code.google.com by tobias.j...@gmail.com on 6 Oct 2014 at 11:41

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks Tobias for reporting. The problem is actually a little bit earlier in 
the code when an applicable elements from the edit-config's content are 
selected for the part of the datastore being processed.

Original comment by rkre...@cesnet.cz on 7 Oct 2014 at 10:28

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision 82eaedd92a76.

Original comment by rkre...@cesnet.cz on 7 Oct 2014 at 10:28

GoogleCodeExporter commented 9 years ago 
works perfect.
Thanks

Original comment by tobias.j...@gmail.com on 7 Oct 2014 at 11:15