修复bug： IP Plugin和FQDN Plugin更新时，先释放了哈希表索引的ex data，后进行匹配引擎重建，导致匹配线程从旧的匹配引擎中访问到已释放的结构体，造成Segmentation fault TSG-10486v3.6.7

author: zhengchao <[email protected]> 2022-04-28 11:32:14 +0800
committer: zhengchao <[email protected]> 2022-04-28 11:32:14 +0800
commit: af4cdebe2cd3feec0ccaf67b53794397c6a80a15 (patch)
tree: abab388e0692f47fa9497278b8128b8cdcdf31c2
parent: d814b4e9eb8c9db49e033f00c3a551c585716e11 (diff)
4 files changed, 17 insertions, 14 deletions
diff --git a/src/entry/Maat_ex_data.cpp b/src/entry/Maat_ex_data.cpp
index 6f6dded..954209c 100644
--- a/src/entry/Maat_ex_data.cpp
+++ b/src/entry/Maat_ex_data.cpp
@@ -346,16 +346,20 @@ MAAT_RULE_EX_DATA  EX_data_rt_get_EX_data_by_container(struct EX_data_rt* ex_rt,
 	return dupped_ex_data;
 }
 
-size_t EX_data_rt_list_all_ex_container(struct EX_data_rt* ex_rt, struct EX_data_container*** ex_container_array)
+size_t EX_data_rt_list_updating_ex_containers(struct EX_data_rt* ex_rt, struct EX_data_container*** ex_container_array)
 {
 	size_t ex_data_cnt=0, i=0;
 	struct EX_data_container* ex_container=NULL, *tmp=NULL;
-	assert(ex_rt->is_updating==0);
+	if(!ex_rt->ex_schema)
+	{
+		return 0;
+	}
+	assert(ex_rt->is_updating==1);
 	if(ex_rt->effective_hash=='a')
 	{
-		ex_data_cnt=HASH_CNT(hh_a, ex_rt->hash_key2ex_a);
+		ex_data_cnt=HASH_CNT(hh_b, ex_rt->hash_key2ex_b);
 		*ex_container_array=ALLOC(struct EX_data_container*, ex_data_cnt);
-		HASH_ITER(hh_a, ex_rt->hash_key2ex_a, ex_container, tmp)
+		HASH_ITER(hh_b, ex_rt->hash_key2ex_b, ex_container, tmp)
 		{
 			(*ex_container_array)[i]=ex_container;
 			i++;
@@ -363,13 +367,13 @@ size_t EX_data_rt_list_all_ex_container(struct EX_data_rt* ex_rt, struct EX_data
 	}
 	else
 	{
-		ex_data_cnt=HASH_CNT(hh_b, ex_rt->hash_key2ex_b);
+		ex_data_cnt=HASH_CNT(hh_a, ex_rt->hash_key2ex_a);
 		*ex_container_array=ALLOC(struct EX_data_container*, ex_data_cnt);
-		HASH_ITER(hh_b, ex_rt->hash_key2ex_b, ex_container, tmp)
+		HASH_ITER(hh_a, ex_rt->hash_key2ex_a, ex_container, tmp)
 		{
 			(*ex_container_array)[i]=ex_container;
 			i++;
-		}
+		}		
 	}
 	return ex_data_cnt;
 }
diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp
index 833a3f2..bf01aa3 100644
--- a/src/entry/Maat_rule.cpp
+++ b/src/entry/Maat_rule.cpp
@@ -57,7 +57,7 @@ extern "C"
 }
 #endif
 
-int MAAT_FRAME_VERSION_3_6_6_20220427=1;
+int MAAT_FRAME_VERSION_3_6_7_20220428=1;
 
 int is_valid_table_name(const char* str)
 {
diff --git a/src/entry/Maat_table_runtime.cpp b/src/entry/Maat_table_runtime.cpp
index 657a886..bade9d8 100644
--- a/src/entry/Maat_table_runtime.cpp
+++ b/src/entry/Maat_table_runtime.cpp
@@ -491,8 +491,7 @@ int Maat_table_runtime_fqdn_plugin_rebuild_fqdn_engine(struct Maat_table_runtime
 	{
 		return ret;
 	}
-	EX_data_rt_update_commit(fqdn_rt->ex_data_rt);
-	rule_cnt=EX_data_rt_list_all_ex_container(fqdn_rt->ex_data_rt, &exc_array);
+	rule_cnt=EX_data_rt_list_updating_ex_containers(fqdn_rt->ex_data_rt, &exc_array);
 	rules=ALLOC(struct FQDN_rule, rule_cnt);
 	for(i=0; i<rule_cnt; i++)
 	{
@@ -511,6 +510,7 @@ int Maat_table_runtime_fqdn_plugin_rebuild_fqdn_engine(struct Maat_table_runtime
 	old_fqdn_engine=fqdn_rt->fqdn_engine;	
 	fqdn_rt->fqdn_engine=new_fqdn_engine;
 	Maat_garbage_bagging(table_rt->ref_garbage_bin, old_fqdn_engine, (void (*)(void*))FQDN_engine_free);
+	EX_data_rt_update_commit(fqdn_rt->ex_data_rt);
 	
 	free(rules);
 	free(exc_array);	
@@ -634,8 +634,7 @@ int Maat_table_runtime_ip_plugin_rebuild_ip_matcher(struct Maat_table_runtime* t
 	{
 		return ret;
 	}
-	EX_data_rt_update_commit(ip_plugin->ex_data_rt);
-	rule_cnt=EX_data_rt_list_all_ex_container(ip_plugin->ex_data_rt, &exc_array);
+	rule_cnt=EX_data_rt_list_updating_ex_containers(ip_plugin->ex_data_rt, &exc_array);
 	rules=ALLOC(struct ip_rule, rule_cnt);
 	for(i=0; i<rule_cnt; i++)
 	{
@@ -654,7 +653,7 @@ int Maat_table_runtime_ip_plugin_rebuild_ip_matcher(struct Maat_table_runtime* t
 	old_ip_matcher=ip_plugin->ip_matcher;
 	ip_plugin->ip_matcher=new_ip_matcher;
 	Maat_garbage_bagging(table_rt->ref_garbage_bin, old_ip_matcher, (void (*)(void*))ip_matcher_free);
-
+	EX_data_rt_update_commit(ip_plugin->ex_data_rt);
 
 	free(rules);
 	free(exc_array);
diff --git a/src/inc_internal/Maat_ex_data.h b/src/inc_internal/Maat_ex_data.h
index b06d848..a3369e0 100644
--- a/src/inc_internal/Maat_ex_data.h
+++ b/src/inc_internal/Maat_ex_data.h
@@ -23,7 +23,7 @@ int EX_data_rt_row2EX_data(struct EX_data_rt* ex_rt,
 int EX_data_rt_delete_by_row(struct EX_data_rt* ex_rt, const char* row, const char* key, size_t key_len,	void *logger);
 MAAT_RULE_EX_DATA  EX_data_rt_get_EX_data_by_key(struct EX_data_rt* ex_rt, const char* key, size_t key_len);
 MAAT_RULE_EX_DATA  EX_data_rt_get_EX_data_by_container(struct EX_data_rt* ex_rt, struct EX_data_container* container);
-size_t EX_data_rt_list_all_ex_container(struct EX_data_rt* ex_rt, struct EX_data_container*** ex_container_array);
+size_t EX_data_rt_list_updating_ex_containers(struct EX_data_rt* ex_rt, struct EX_data_container*** ex_container_array);
 void* EX_data_container_get_user_data(struct EX_data_container* ex_container);
 size_t EX_data_rt_get_ex_container_count(struct EX_data_rt* ex_rt);
author	zhengchao <[email protected]>	2022-04-28 11:32:14 +0800
committer	zhengchao <[email protected]>	2022-04-28 11:32:14 +0800
commit	af4cdebe2cd3feec0ccaf67b53794397c6a80a15 (patch)
tree	abab388e0692f47fa9497278b8128b8cdcdf31c2
parent	d814b4e9eb8c9db49e033f00c3a551c585716e11 (diff)