Our old red hat Linux kernel does not support pselect(), so we have to use self pipe trick to handle it. In a select loop, we have to monitor both the file descriptors and signal. Whenever one of them happens, it should not block. For example,
while (1)
{
if (shutdownSignal)
//do shutdown
<===== The shutdown signal may come here
select (socketfd);
}
When no traffic sent through, and the select may block here until somebody send some data.
Or you can use siglongjmp, which will jump out from the signal handler even if you are inside of the select() call.
Thursday, September 30, 2010
Thursday, September 23, 2010
Write safe code
In these days, I come cross a few vulnerability of squid. Here are some lessons learned:
(1) strcmp
If you pass the strcmp with NULL pointer, the behavior is undefined and program may crash. Also check the NULL, '\0' and string can be trivial. This assumes that the str1 and str2 is end with '\0':
int compare(char* str1, char* str2)
{
if (str1==NULL || str2==NULL)
{
if (str1==str2)
return 0;
if (str1==NULL)
return -1;
if (str2==NULL)
return 1;
}
return strcmp(str1,str2);
}
(2) check the minor major version in HTTP header.
Squid was using this code to get numeric version number from HTTP header (HTTP/1.1...):
//assume the data stored in buffer, assume we only care about major digit now..
int maj=-1;
if (buffer see line end)
maj=1;
else
return;
for (pos=verStart; isdigit(buffer[pos]); pos++)
{
maj = maj * 10;
maj = maj + (hmsg->buf[i]) - '0';
}
//The maj should never be -1 until it is overflow at 65536
assert(maj!=-1)
(3) Recently, there is a vulnerablity in bzip2 code
int N, result;
while (buffer not end)
{
//read buffer;
result+=N*2;
}
Here the result is signed integer and it may overflow, which cause undefined behavior.
(1) strcmp
If you pass the strcmp with NULL pointer, the behavior is undefined and program may crash. Also check the NULL, '\0' and string can be trivial. This assumes that the str1 and str2 is end with '\0':
int compare(char* str1, char* str2)
{
if (str1==NULL || str2==NULL)
{
if (str1==str2)
return 0;
if (str1==NULL)
return -1;
if (str2==NULL)
return 1;
}
return strcmp(str1,str2);
}
(2) check the minor major version in HTTP header.
Squid was using this code to get numeric version number from HTTP header (HTTP/1.1...):
//assume the data stored in buffer, assume we only care about major digit now..
int maj=-1;
if (buffer see line end)
maj=1;
else
return;
for (pos=verStart; isdigit(buffer[pos]); pos++)
{
maj = maj * 10;
maj = maj + (hmsg->buf[i]) - '0';
}
//The maj should never be -1 until it is overflow at 65536
assert(maj!=-1)
(3) Recently, there is a vulnerablity in bzip2 code
int N, result;
while (buffer not end)
{
//read buffer;
result+=N*2;
}
Here the result is signed integer and it may overflow, which cause undefined behavior.
Wednesday, September 15, 2010
From Red Hat 8.0 to Centos 5.3
This page is reserved for the porting from Red Hat 8.0 to Centos 5.3:
1). What is changed?
a). Native Posix Thread support. Special synchronization primitive: futex
b). O(1) scheduler and SMP Scalability.
c). Preemptive kernel.
d). Latency improvement. schedule latency <0.5 microseconds
e). Redesign block layer
f). Improved VM Subsystem
1). What is changed?
a). Native Posix Thread support. Special synchronization primitive: futex
b). O(1) scheduler and SMP Scalability.
c). Preemptive kernel.
d). Latency improvement. schedule latency <0.5 microseconds
e). Redesign block layer
f). Improved VM Subsystem
Tuesday, September 7, 2010
set up a user on centos
Here are some notes to add a user and set up sudo in CentOS:
(1) Create a user ,for example, alice:
useradd alice
passwd alice
(2) Add to the sudo file
visudo
Then add this to the last line:
alice All=(ALL) ALL
(3) ssh-agent
(4) ssh-agent automatically
sudo yum install openssh-askpass
Main Menu Button (on the Panel) => Preferences => More Preferences =>Sessions, and click on the Startup Programs tab. Click Add and enter /usr/bin/ssh-add in the Startup Command text area
(1) Create a user ,for example, alice:
useradd alice
passwd alice
(2) Add to the sudo file
visudo
Then add this to the last line:
alice All=(ALL) ALL
(3) ssh-agent
/usr/bin/ssh-agent $SHELLssh-add
(4) ssh-agent automatically
sudo yum install openssh-askpass
Main Menu Button (on the Panel) => Preferences => More Preferences =>Sessions, and click on the Startup Programs tab. Click Add and enter /usr/bin/ssh-add in the Startup Command text area
Subscribe to:
Posts (Atom)