When using the UCL configuration format, ctld segfaults if the configuration file contains per-target chap settings. This crash is observed on both 15.0-CURRENT and 13.2-RELEASE. Stack Trace =========== #0 uclparse_chap (auth_group=0x0, obj=obj@entry=0x2212d1a37940) at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/uclparse.c:66 #1 0x0000014e7e066079 in uclparse_target (name=<optimized out>, top=0x2212d1a37240) at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/uclparse.c:762 #2 uclparse_toplevel (top=0x2212d1a371c0) at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/uclparse.c:376 #3 uclparse_conf (newconf=newconf@entry=0x2212d1a320a0, path=path@entry=0x14e7e050b3e "/etc/ctl.conf") at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/uclparse.c:1007 #4 0x0000014e7e05b359 in conf_new_from_file ( path=path@entry=0x14e7e050b3e "/etc/ctl.conf", oldconf=<optimized out>, ucl=true) at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/ctld.c:2719 #5 0x0000014e7e05a9d8 in main (argc=<optimized out>, argv=0x1569e170570) at /usr/home/somers/src/freebsd.org/src/usr.sbin/ctld/ctld.c:2804 Steps to Reproduce ================== Create a /etc/ctl.conf file like this: auth-group { myag { auth-type = none } } portal-group { pg0 { discovery-auth-group myag listen 0.0.0.0 } } lun { example_1 { path = "/tmp/luns/lun.1" } } target { "iqn.2012-06.com.example:target1" { portal-group { name = pg0 } lun = [ { number = 1, name = example_1 } ] chap = [ { user = "user_1" secret = "secret_1" } ] } } Then start ctld like this: # ctld -ut Segmentation fault (core dumped)
Created attachment 246602 [details] Patch to fix the described bug This patch fixes the problem for me. I'm still waiting for another department to test it privately before I open a Phabricator review.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2391e536c01cb51d2a2c11a0f5820481314e9ec2 commit 2391e536c01cb51d2a2c11a0f5820481314e9ec2 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2023-10-09 18:26:25 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2023-12-27 17:49:15 +0000 Fix multiple bugs with ctld's UCL parsing * Don't segfault when parsing a misformatted auth-group section * If the config file specifies a chap section within a target but no auth-group, create a new anonymous auth-group. That matches the behavior with non-UCL config files. * Protect some potential segfaults with assertions PR: 274380 MFC after: 1 week Sponsored by: Axcient Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D43198 usr.sbin/ctld/ctld.c | 1 + usr.sbin/ctld/uclparse.c | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=c2ec8038a7f1a52c013c2d4d215363ff906c6781 commit c2ec8038a7f1a52c013c2d4d215363ff906c6781 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2023-10-09 18:26:25 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2024-01-19 20:21:40 +0000 Fix multiple bugs with ctld's UCL parsing * Don't segfault when parsing a misformatted auth-group section * If the config file specifies a chap section within a target but no auth-group, create a new anonymous auth-group. That matches the behavior with non-UCL config files. * Protect some potential segfaults with assertions PR: 274380 Sponsored by: Axcient Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D43198 (cherry picked from commit 2391e536c01cb51d2a2c11a0f5820481314e9ec2) usr.sbin/ctld/ctld.c | 1 + usr.sbin/ctld/uclparse.c | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5a2767d20325d5065ae4bc04d954530150551016 commit 5a2767d20325d5065ae4bc04d954530150551016 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2023-10-09 18:26:25 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2024-01-20 01:52:38 +0000 Fix multiple bugs with ctld's UCL parsing * Don't segfault when parsing a misformatted auth-group section * If the config file specifies a chap section within a target but no auth-group, create a new anonymous auth-group. That matches the behavior with non-UCL config files. * Protect some potential segfaults with assertions PR: 274380 Sponsored by: Axcient Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D43198 (cherry picked from commit 2391e536c01cb51d2a2c11a0f5820481314e9ec2) usr.sbin/ctld/ctld.c | 1 + usr.sbin/ctld/uclparse.c | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-)