fluent-bit icon indicating copy to clipboard operation
fluent-bit copied to clipboard

Published 20 hours ago verified publisher icon fluent

config_format: fluentbit: break recursion

Open DavidKorczynski opened this issue 1 year ago • 7 comments

There is potential for infinite recursion. This is an attempt to fix it.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45932

Signed-off-by: David Korczynski [email protected]

Enter [N/A] in the box, if an item is not applicable to your change.

Testing Before we can approve your change; please submit the following in a comment:

  • [N/A ] Example configuration file for the change
  • [N/A ] Debug log output from testing the change
  • [N/A ] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • [N/A ] Attached local packaging test output showing all targets (including any new ones) build.

Documentation

  • [N/A] Documentation required for this feature

Backporting

  • [N/A ] Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

DavidKorczynski avatar Sep 04 '22 19:09 DavidKorczynski

The following config file gives me an infinite recursion:

@INCLUDE *

The problem is the line https://github.com/fluent/fluent-bit/blob/93ece8d7d415c8cb50b7b757ec4b956edcdefd68/src/config_format/flb_cf_fluentbit.c#L514

Will end up triggering https://github.com/fluent/fluent-bit/blob/93ece8d7d415c8cb50b7b757ec4b956edcdefd68/src/config_format/flb_cf_fluentbit.c#L177

Which calls read_config again, which then calls glob again with exactly the same arguments, and the infinite loop exists. This causes a stack overflow.

I'm not 100% sure about what fix is desirable here to be honest, so please do approach this PR with a critical mindset in terms of what's the best approach to avoiding infinite recursion.

DavidKorczynski avatar Sep 04 '22 19:09 DavidKorczynski

cc: @nokute78

edsiper avatar Sep 05 '22 01:09 edsiper

@DavidKorczynski Thank you for contribution.

A following configuration will be error and I think it should be valid.

fluent-bit.conf:

@INCLUDE input*
@INCLUDE output*

intput_mem.conf:

[INPUT]
    Name mem

output_stdout.conf:

[OUTPUT]
    Name stdout
    Match *

$ ~/git/tmp/fluent-bit/build/bin/fluent-bit -c fluent-bit.conf 
Fluent Bit v2.0.0
* Copyright (C) 2015-2022 The Fluent Bit Authors
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
* https://fluentbit.io

[2022/09/08 18:51:32] [ warn] [read_glob] glob: breaking recursion
[2022/09/08 18:51:32] [error] configuration file contains errors, aborting.

nokute78 avatar Sep 08 '22 09:09 nokute78

@nokute78 thanks, note you're using a different config than the one I post (I only have INCLUDE * in the config, nothing else) which I assume would break the infinite recursion possibility -- also why I wrote:

I'm not 100% sure about what fix is desirable here to be honest, so please do approach this PR with a critical mindset in terms of what's the best approach to avoiding infinite recursion.

I still think the infinite recursion that I describe should not be possible -- please advice on what's the preferred solution

DavidKorczynski avatar Sep 08 '22 10:09 DavidKorczynski

@DavidKorczynski I think an easy way is to count files. e.g. If fluent-bit reads 10k files, gives up and reports error.

A threshold is difficult since it will need a stack per call.

note you're using a different config than the one I post...

Yes, but it will be breaking change for some users like https://github.com/fluent/fluent-bit/issues/5612 . I want to prevent it and an infinite loop.

nokute78 avatar Sep 08 '22 10:09 nokute78

@DavidKorczynski I think an easy way is to count files. e.g. If fluent-bit reads 10k files, gives up and reports error.

A threshold is difficult since it will need a stack per call.

I think that would work, however, in the recursion I describe my understanding was it was trying to read the same thing over and over again, rather than reading different files. Did I get this wrong?

DavidKorczynski avatar Sep 08 '22 10:09 DavidKorczynski

@DavidKorczynski Sorry for my English.. I considered like following case. 1.conf -> 2.conf -> 3.conf -> .... -> n.conf -> 1.conf ...

I think you are right and it is a case that n = 1.

nokute78 avatar Sep 08 '22 10:09 nokute78

adding @pwhelan for visibility

edsiper avatar Oct 07 '22 03:10 edsiper

@nokute78 is this PR ready to go ?

edsiper avatar Oct 11 '22 17:10 edsiper

@edsiper Not ready. This patch will reject some valid configurations.

e.g. https://github.com/fluent/fluent-bit/pull/5998#issuecomment-1240489376

nokute78 avatar Oct 13 '22 11:10 nokute78

Am not sure what the desired logical fix is here as I'm not very familiar with what features you're looking for -- in essence my fix is rooted in highlighting there is an infinite recursion, but i'd prefer you come up with the real fix.

DavidKorczynski avatar Oct 13 '22 11:10 DavidKorczynski

@nokute78 pls take a look at the root cause of the issue and a potential fix (this issue is reported by oss-fuzz)

edsiper avatar Oct 15 '22 01:10 edsiper

@edsiper I sent a patch https://github.com/fluent/fluent-bit/pull/6213

nokute78 avatar Oct 16 '22 00:10 nokute78

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.

github-actions[bot] avatar Jan 14 '23 01:01 github-actions[bot]

I close this PR since #6213 fixes the issue.

nokute78 avatar May 03 '23 00:05 nokute78