From c194367cbf86cce4faad9e4126ee0529f37c3690 Mon Sep 17 00:00:00 2001 From: Han Zhou Date: Mon, 19 Aug 2019 16:30:35 -0700 Subject: ovsdb monitor: Fix crash when using non-zero last-id with standalone DB. When a client uses monitor-cond-since with a non-zero last-id but the server is not in cluster mode for the DB being monitored, it leads to segmentation fault because the txn_history list is not initialized in this case. Program terminated with signal SIGSEGV, Segmentation fault. 1536 struct ovsdb_txn *txn = h_node->txn; (gdb) bt 0 ovsdb_monitor_get_changes_after (txn_uuid=txn_uuid@entry=0x7ffe8605b7e0, dbmon=0x17c1b40, p_mcs=p_mcs@entry=0x17c4900) at ovsdb/monitor.c:1536 1 0x000000000040da2d in ovsdb_jsonrpc_monitor_create (request_id=0x1804630, version=, params=0x17ad330, db=0x18015b0, s=) at ovsdb/jsonrpc-server.c:1469 2 ovsdb_jsonrpc_session_got_request (request=0x17ad520, s=) at ovsdb/jsonrpc-server.c:1002 3 ovsdb_jsonrpc_session_run (s=) at ovsdb/jsonrpc-server.c:556 ... Although it doesn't happen in normal use cases, no one can prevent a client to send this on purpose or in a corner case when a client firstly connected to a clustered DB but later the server restarted with a non-clustered DB. This patch fixes it by always initialize the txn_history list to avoid the undefined behavior in this case. It adds a test case to cover it, too. Fixes: 695e815 ("ovsdb-server: Transaction history tracking.") Reported-by: Aliasgar Ginwala Signed-off-by: Han Zhou Signed-off-by: Ben Pfaff --- ovsdb/transaction.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ovsdb/transaction.h') diff --git a/ovsdb/transaction.h b/ovsdb/transaction.h index c21871a45..ea6b53d3c 100644 --- a/ovsdb/transaction.h +++ b/ovsdb/transaction.h @@ -63,7 +63,7 @@ void ovsdb_txn_for_each_change(const struct ovsdb_txn *, void ovsdb_txn_add_comment(struct ovsdb_txn *, const char *); const char *ovsdb_txn_get_comment(const struct ovsdb_txn *); void ovsdb_txn_history_run(struct ovsdb *); -void ovsdb_txn_history_init(struct ovsdb *); +void ovsdb_txn_history_init(struct ovsdb *, bool need_txn_history); void ovsdb_txn_history_destroy(struct ovsdb *); #endif /* ovsdb/transaction.h */ -- cgit v1.2.1