Bug #35427 “Segfault in jabber server on dapper with user regist...” : Bugs : jabber package : Ubuntu

Revision history for this message

Tyler Willingham (tyler-ubuntu) wrote on 2006-03-18:

#1

While attempting to install a jabber server on the local network, I have noticed that the server segfaults when attempting to register a new user. I have not been able to successfully register. I was able to copy a user's registration file over from a breezy system and the jabber server allows logins with the breezy account information.

Looking at the log during a registration attempt, it shows:

[warn] (chat): xdb_file failed to open file /var/lib/jabber/chat/tyler.xml: No such file or directory

This may be related to a similiar bug in debian, which has received no response:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337526

Revision history for this message

kitchen (kitchen-506) wrote on 2006-03-22:

#2

I have seen this as well in dapper

Revision history for this message

Kurt Huwig (k-huwig) wrote on 2006-07-23:

#3

I've got the same upon registration:

jabber@wanderer:~$ /usr/sbin/jabberd
20060723T10:15:25: [notice] (-internal): initializing server
20060723T10:15:33: [warn] (wanderer): xdb_file failed to open file /var/lib/jabber/wanderer/kurt.xml: No such file or directory
Memory Leak! [pmalloc received NULL pool, unable to track allocation, exiting]
Aborted

Revision history for this message

Dmitri (dk-launchpad) wrote on 2006-09-27:

#4

i had this problem on 2 different systems.

i also built 1.4.4 from standard source - same problem.

Revision history for this message

In Debian Bug tracker #337526, Andreas Barth (andreas-barth) wrote on 2006-12-24: severity adjustments

#5

severity 404378 serious
severity 337526 serious
severity 334414 important

Revision history for this message

In Debian Bug tracker #337526, Sergei Golovan (sgolovan) wrote on 2006-12-29: Re: jabber: Segmentation fault if compiled with gcc-4.0

#6

tags 337526 + patch
thanks

Hi!

I seem to find out the cause of the segfault. Sometimes jabberd uses string
representation of time(NULL). And it allocates only 10 chars for it, which
is too few (currently decimal result of time(NULL) is a 10-digit number, but
there should be a trailing '\0' also).

Attached patch fixes this issue and increases buffers in a few other
suspicious places.

--
Sergei Golovan

Revision history for this message

In Debian Bug tracker #337526, Andreas Barth (aba) wrote on 2006-12-31: NMU uploaded

#7

Download full text (7.7 KiB)

Hi,

I uploaded an NMU of your package.

Please see this as help to get the package into a releaseable condition for
etch.

Please find the used diff below.

Cheers,
Andi

diff -Nur ../jabber-1.4.3~/debian/changelog ../jabber-1.4.3/debian/changelog
--- ../jabber-1.4.3~/debian/changelog 2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/changelog 2006-12-31 09:47:17.000000000 +0000
@@ -1,3 +1,19 @@
+jabber (1.4.3-3.1) unstable; urgency=medium
+
+ [ Sergei Golovan ]
+ * added patch, which increases buffers for storing string representation
+ of time (Closes: #337526)
+ * bumped standards version to 3.7.2
+
+ [ Andreas Barth ]
+ * non-maintainer upload
+ * rebuild should change dependency from libpth2 to libpth20. Closes: #404378
+ * add IPv6-support. Closes: #334414
+ * fix typos in description and jabberd.8. Closes: #300020, #337538
+ * Update description, partly fixes #404816.
+
+ -- Andreas Barth <email address hidden> Sat, 30 Dec 2006 10:10:28 +0000
+
jabber (1.4.3-3) unstable; urgency=low

* added patch to correct libexpat vulnerability (Closes: #272408)
diff -Nur ../jabber-1.4.3~/debian/control ../jabber-1.4.3/debian/control
--- ../jabber-1.4.3~/debian/control 2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/control 2006-12-31 09:46:29.000000000 +0000
@@ -2,7 +2,7 @@
Section: net
Priority: optional
Maintainer: Jamin W. Collins <email address hidden>
-Standards-Version: 3.6.1.0
+Standards-Version: 3.7.2
Build-Depends: dpatch, libpth-dev (>=2.0.0), libssl-dev (>=0.9.5), debhelper (>=4), libexpat1-dev (>= 1.95.6)

Package: jabber
@@ -11,20 +11,20 @@
Conflicts: jabber-aim (<= 20030314-6), jabber-jit (<= 1.1.6-6), jabber-jud (<= 0.4-7), jabber-muc (<= 0.5.2-6), jabber-msn (<= 1.2.1-1.2.8rc1-1), jabber-yahoo (<= 2.2.0-1), jabber-dev (<< ${Source-Version})
Replaces: jabber-transport
Provides: jabber-transport, ${jabber:Provides}
-Description: Daemon for the jabber.org Open Source Instant Messenger
+Description: An instant messaging server using the Jabber/XMPP protocol
  Jabber is a Free Instant Messaging System
  .
  In this Package you will find jabberd, a message transport server
- based on a XML Message Routing Infrastructure.
+ based on an XML Message Routing Infrastructure.
  .
  All this high-tech is simply used to provide you with your own IM Server.
- See http://www.jabber.org/ for more details.
+ See http://www.jabberd.org/ for more details.
  .
  Jabber supports connecting to AIM, ICQ, IRC, MSN and a lot of others, so
  you can use all available IM systems from one client.
  .
  This package does not provide a jabber client. Some jabber clients are
- compared at http://www.jabber.org/user/clientlist.php?Platform=Linux
+ compared at http://en.wikipedia.org/wiki/List_of_Jabber_client_software

Package: jabber-dev
Section: devel
@@ -38,7 +38,7 @@
  jabber plugins e.g. transports.
  .
  All this high-tech is simply used to provide you with your own IM Server.
- See http://www.jabber.org/ for more details.
+ See http://www.jabberd.org/ for more details.
  .
  Jabber supports connecting to AIM, ICQ, IRC, MSN and a lot of others, so
  you can use all available IM systems from one...

Hi,

I uploaded an NMU of your package.

Please see this as help to get the package into a releaseable condition for
etch.

Please find the used diff below.

Cheers,
Andi

diff -Nur ../jabber-1.4.3~/debian/changelog ../jabber-1.4.3/debian/changelog
--- ../jabber-1.4.3~/debian/changelog	2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/changelog	2006-12-31 09:47:17.000000000 +0000
@@ -1,3 +1,19 @@
+jabber (1.4.3-3.1) unstable; urgency=medium
+
+  [ Sergei Golovan ]
+  * added patch, which increases buffers for storing string representation
+    of time (Closes: #337526)
+  * bumped standards version to 3.7.2
+
+  [ Andreas Barth ]
+  * non-maintainer upload
+  * rebuild should change dependency from libpth2 to libpth20. Closes: #404378
+  * add IPv6-support. Closes: #334414
+  * fix typos in description and jabberd.8. Closes: #300020, #337538
+  * Update description, partly fixes #404816.
+
+ -- Andreas Barth <aba@not.so.argh.org>  Sat, 30 Dec 2006 10:10:28 +0000
+
 jabber (1.4.3-3) unstable; urgency=low
 
   * added patch to correct libexpat vulnerability (Closes: #272408)
diff -Nur ../jabber-1.4.3~/debian/control ../jabber-1.4.3/debian/control
--- ../jabber-1.4.3~/debian/control	2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/control	2006-12-31 09:46:29.000000000 +0000
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Jamin W. Collins <jcollins@asgardsrealm.net>
-Standards-Version: 3.6.1.0
+Standards-Version: 3.7.2
 Build-Depends: dpatch, libpth-dev (>=2.0.0), libssl-dev (>=0.9.5), debhelper (>=4), libexpat1-dev (>= 1.95.6)
 
 Package: jabber
@@ -11,20 +11,20 @@
 Conflicts: jabber-aim (<= 20030314-6), jabber-jit (<= 1.1.6-6), jabber-jud (<= 0.4-7), jabber-muc (<= 0.5.2-6), jabber-msn (<= 1.2.1-1.2.8rc1-1), jabber-yahoo (<= 2.2.0-1), jabber-dev (<< ${Source-Version})
 Replaces: jabber-transport
 Provides: jabber-transport, ${jabber:Provides}
-Description: Daemon for the jabber.org Open Source Instant Messenger
+Description: An instant messaging server using the Jabber/XMPP protocol
  Jabber is a Free Instant Messaging System
  .
  In this Package you will find jabberd, a message transport server
- based on a XML Message Routing Infrastructure.
+ based on an XML Message Routing Infrastructure.
  . 
  All this high-tech is simply used to provide you with your own IM Server.
- See http://www.jabber.org/ for more details.
+ See http://www.jabberd.org/ for more details.
  .
  Jabber supports connecting to AIM, ICQ, IRC, MSN and a lot of others, so
  you can use all available IM systems from one client.
  .
  This package does not provide a jabber client.  Some jabber clients are
- compared at http://www.jabber.org/user/clientlist.php?Platform=Linux
+ compared at http://en.wikipedia.org/wiki/List_of_Jabber_client_software
 
 Package: jabber-dev
 Section: devel
@@ -38,7 +38,7 @@
  jabber plugins e.g. transports.
  .
  All this high-tech is simply used to provide you with your own IM Server.
- See http://www.jabber.org/ for more details.
+ See http://www.jabberd.org/ for more details.
  .
  Jabber supports connecting to AIM, ICQ, IRC, MSN and a lot of others, so
  you can use all available IM systems from one client.
diff -Nur ../jabber-1.4.3~/debian/jabberd.8 ../jabber-1.4.3/debian/jabberd.8
--- ../jabber-1.4.3~/debian/jabberd.8	2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/jabberd.8	2006-12-30 10:21:17.000000000 +0000
@@ -19,12 +19,12 @@
 .SH DESCRIPTION
 .LP
 Jabber is a Free Instant Messaging System, which is designed to interoperate
-with several other IM systems, such as AIM, ICQ, IRC, MSM, so you only need
+with several other IM systems, such as AIM, ICQ, IRC, MSN, so you only need
 one client to use all these IM systems.
 .br
 This manpage describes the jabber server daemon, \fIjabberd\fR.
 .br
-The daemon, when called, will look for its the configuration file, in
+The daemon, when called, will look for its configuration file, in
 \fI/etc/jabber/jabber.xml\fR (or elsewhere if you use the \-c option), and
 start
 listening on port 5222.
diff -Nur ../jabber-1.4.3~/debian/patches/00list ../jabber-1.4.3/debian/patches/00list
--- ../jabber-1.4.3~/debian/patches/00list	2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/patches/00list	2006-12-30 10:09:29.000000000 +0000
@@ -3,3 +3,4 @@
 base_file
 config
 jabberd-1.4.3-extexpat
+timebuffs.dpatch
diff -Nur ../jabber-1.4.3~/debian/patches/timebuffs.dpatch ../jabber-1.4.3/debian/patches/timebuffs.dpatch
--- ../jabber-1.4.3~/debian/patches/timebuffs.dpatch	1970-01-01 00:00:00.000000000 +0000
+++ ../jabber-1.4.3/debian/patches/timebuffs.dpatch	2006-12-30 10:09:29.000000000 +0000
@@ -0,0 +1,86 @@
+#! /bin/sh -e
+## timebuffs.dpatch by Sergei Golovan <sgolovan@nes.ru>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Increases buffer lengths for storing string representation of
+## DP: time(NULL) and character counts.
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+   -patch) patch $patch_opts -p1 < $0;;
+   -unpatch) patch $patch_opts -Rp1 < $0;;
+   *)
+      echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+      exit 1;;
+esac
+
+exit 0
+diff -ru jabber-1.4.3.old/jsm/modules/mod_admin.c jabber-1.4.3/jsm/modules/mod_admin.c
+--- jabber-1.4.3.old/jsm/modules/mod_admin.c	2002-02-08 10:44:17.000000000 +0300
++++ jabber-1.4.3/jsm/modules/mod_admin.c	2006-12-29 11:29:51.000000000 +0300
+@@ -48,7 +48,7 @@
+     session s = js_session_primary(u);
+     spool sp;
+     int t = time(NULL);
+-    char buff[10];
++    char buff[128];
+ 
+     /* make a user generic entry */
+     x = xmlnode_insert_tag(browse,"user");
+@@ -111,7 +111,7 @@
+     session s;
+     xmlnode x;
+     time_t t;
+-    char buff[10];
++    char buff[128];
+ 
+     t = time(NULL);
+ 
+diff -ru jabber-1.4.3.old/jsm/modules/mod_last.c jabber-1.4.3/jsm/modules/mod_last.c
+--- jabber-1.4.3.old/jsm/modules/mod_last.c	2002-02-08 10:44:17.000000000 +0300
++++ jabber-1.4.3/jsm/modules/mod_last.c	2006-12-29 11:32:12.000000000 +0300
+@@ -43,7 +43,7 @@
+ mreturn mod_last_server(mapi m, void *arg)
+ {
+     time_t start = time(NULL) - *(time_t*)arg;
+-    char str[10];
++    char str[16];
+     xmlnode last;
+ 
+     /* pre-requisites */
+@@ -66,7 +66,7 @@
+ void mod_last_set(mapi m, jid to, char *reason)
+ {
+     xmlnode last;
+-    char str[10];
++    char str[16];
+ 
+     log_debug("mod_last","storing last for user %s",jid_full(to));
+ 
+diff -ru jabber-1.4.3.old/jsm/modules/mod_offline.c jabber-1.4.3/jsm/modules/mod_offline.c
+--- jabber-1.4.3.old/jsm/modules/mod_offline.c	2002-12-03 07:30:02.000000000 +0300
++++ jabber-1.4.3/jsm/modules/mod_offline.c	2006-12-29 11:33:35.000000000 +0300
+@@ -49,7 +49,7 @@
+ {
+     session top;
+     xmlnode cur = NULL, cur2;
+-    char str[10];
++    char str[16];
+ 
+     /* if there's an existing session, just give it to them */
+     if((top = js_session_primary(m->user)) != NULL)
+@@ -123,7 +123,7 @@
+     xmlnode opts, cur, x;
+     int now = time(NULL);
+     int expire, stored, diff;
+-    char str[10];
++    char str[16];
+ 
+     log_debug("mod_offline","avability established, check for messages");
+ 
diff -Nur ../jabber-1.4.3~/debian/rules ../jabber-1.4.3/debian/rules
--- ../jabber-1.4.3~/debian/rules	2006-12-30 10:08:46.000000000 +0000
+++ ../jabber-1.4.3/debian/rules	2006-12-30 10:39:36.000000000 +0000
@@ -17,7 +17,7 @@
 build: build-stamp
 build-stamp: patch-stamp
 	dh_testdir
-	./configure --enable-ssl
+	./configure --enable-ssl --enable-ipv6
 	$(MAKE)
 	# cd docs ; ${MAKE} html
 	touch build-stamp
-- 
  http://home.arcor.de/andreas-barth/

Revision history for this message

In Debian Bug tracker #337526, Andreas Barth (aba) wrote on 2006-12-31: Bug#337526: fixed in jabber 1.4.3-3.1

#8

Source: jabber
Source-Version: 1.4.3-3.1

We believe that the bug you reported is fixed in the latest version of
jabber, which is due to be installed in the Debian FTP archive:

jabber-dev_1.4.3-3.1_amd64.deb
  to pool/main/j/jabber/jabber-dev_1.4.3-3.1_amd64.deb
jabber_1.4.3-3.1.diff.gz
  to pool/main/j/jabber/jabber_1.4.3-3.1.diff.gz
jabber_1.4.3-3.1.dsc
  to pool/main/j/jabber/jabber_1.4.3-3.1.dsc
jabber_1.4.3-3.1_amd64.deb
  to pool/main/j/jabber/jabber_1.4.3-3.1_amd64.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Barth <email address hidden> (supplier of updated jabber package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 30 Dec 2006 10:10:28 +0000
Source: jabber
Binary: jabber-dev jabber
Architecture: source amd64
Version: 1.4.3-3.1
Distribution: unstable
Urgency: medium
Maintainer: Jamin W. Collins <email address hidden>
Changed-By: Andreas Barth <email address hidden>
Description:
jabber - An instant messaging server using the Jabber/XMPP protocol
jabber-dev - Daemon for the jabber.org Open Source Instant Messenger
Closes: 300020 334414 337526 337538 404378
Changes:
jabber (1.4.3-3.1) unstable; urgency=medium
.
   [ Sergei Golovan ]
   * added patch, which increases buffers for storing string representation
     of time (Closes: #337526)
   * bumped standards version to 3.7.2
.
   [ Andreas Barth ]
   * non-maintainer upload
   * rebuild should change dependency from libpth2 to libpth20. Closes: #404378
   * add IPv6-support. Closes: #334414
   * fix typos in description and jabberd.8. Closes: #300020, #337538
   * Update description, partly fixes #404816.
Files:
c8da130d9f108df039083e7824352278 662 net optional jabber_1.4.3-3.1.dsc
fda09ad6f1b0970b840908851e6019a5 71473 net optional jabber_1.4.3-3.1.diff.gz
c6e4e43a413605edf7236edb5a48fe17 174216 net optional jabber_1.4.3-3.1_amd64.deb
012952570b0edccfbd7e3660dabc315b 24888 devel optional jabber-dev_1.4.3-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFl4cwmdOZoew2oYURAmntAJ0Q6zVT8H0oD3krd7JHEw6mTcmCqwCghQR+
aaLwp0L129UOzOYC1+XkPHk=
=cLsn
-----END PGP SIGNATURE-----

Source: jabber
Source-Version: 1.4.3-3.1

We believe that the bug you reported is fixed in the latest version of
jabber, which is due to be installed in the Debian FTP archive:

jabber-dev_1.4.3-3.1_amd64.deb
  to pool/main/j/jabber/jabber-dev_1.4.3-3.1_amd64.deb
jabber_1.4.3-3.1.diff.gz
  to pool/main/j/jabber/jabber_1.4.3-3.1.diff.gz
jabber_1.4.3-3.1.dsc
  to pool/main/j/jabber/jabber_1.4.3-3.1.dsc
jabber_1.4.3-3.1_amd64.deb
  to pool/main/j/jabber/jabber_1.4.3-3.1_amd64.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 337526@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Barth <aba@not.so.argh.org> (supplier of updated jabber package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 30 Dec 2006 10:10:28 +0000
Source: jabber
Binary: jabber-dev jabber
Architecture: source amd64
Version: 1.4.3-3.1
Distribution: unstable
Urgency: medium
Maintainer: Jamin W. Collins <jcollins@asgardsrealm.net>
Changed-By: Andreas Barth <aba@not.so.argh.org>
Description: 
 jabber     - An instant messaging server using the Jabber/XMPP protocol
 jabber-dev - Daemon for the jabber.org Open Source Instant Messenger
Closes: 300020 334414 337526 337538 404378
Changes: 
 jabber (1.4.3-3.1) unstable; urgency=medium
 .
   [ Sergei Golovan ]
   * added patch, which increases buffers for storing string representation
     of time (Closes: #337526)
   * bumped standards version to 3.7.2
 .
   [ Andreas Barth ]
   * non-maintainer upload
   * rebuild should change dependency from libpth2 to libpth20. Closes: #404378
   * add IPv6-support. Closes: #334414
   * fix typos in description and jabberd.8. Closes: #300020, #337538
   * Update description, partly fixes #404816.
Files: 
 c8da130d9f108df039083e7824352278 662 net optional jabber_1.4.3-3.1.dsc
 fda09ad6f1b0970b840908851e6019a5 71473 net optional jabber_1.4.3-3.1.diff.gz
 c6e4e43a413605edf7236edb5a48fe17 174216 net optional jabber_1.4.3-3.1_amd64.deb
 012952570b0edccfbd7e3660dabc315b 24888 devel optional jabber-dev_1.4.3-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFl4cwmdOZoew2oYURAmntAJ0Q6zVT8H0oD3krd7JHEw6mTcmCqwCghQR+
aaLwp0L129UOzOYC1+XkPHk=
=cLsn
-----END PGP SIGNATURE-----

ville palo (vi64pa) on 2007-01-08

Changed in jabber:
status:	Unconfirmed → Confirmed

Revision history for this message

ville palo (vi64pa) wrote on 2007-01-08:

#9

Debian has a fix for this and merge/sync is required to get this fixed in feisty.

From debian BTS:
Severity: serious; Tags: patch;
Found in version jabber/1.4.3-3;
Fixed in version jabber/1.4.3-3.1 by Andreas Barth <email address hidden>.

Revision history for this message

Matthew Bassett (hewbass) wrote on 2007-01-08:

#10

Should the fix not also go into dapper? Dapper is the current LTS release and currently the only way to run a jabber server on it is to build it yourself, or grab jabber-1.4.3-3 from Debian. Note that jabber-1.4.3-3.1 from Debian does not appear to run on Dapper.

Revision history for this message

ville palo (vi64pa) wrote on 2007-01-08:

#11

SRU request should be made for dapper (https://wiki.ubuntu.com/MOTU/SRU).

I could do it for edgy, but since I dont use dapper anymore somebody else should do it for dapper.

Revision history for this message

Matthew Bassett (hewbass) wrote on 2007-01-08:

#12

Thanks. I will make the request for dapper.

Bug Watch Updater (bug-watch-updater) on 2007-01-09

Changed in jabber:
status:	Unknown → Fix Released

Revision history for this message

Matthew Bassett (hewbass) wrote on 2007-01-16:

#13

To reproduce bug on dapper:

In a shell:
sudo apt-get install jabber
sudo /etc/init.d/jabber stop
sudo jabberd

(to start the jabberd daemon interactively)

start gaim, attempt to register a jabber account on the server localhost

jabberd will segfault and die.

Revision history for this message

William Grant (wgrant) wrote on 2007-03-09:

#14

The fixed version is in Feisty.

Changed in jabber:
status:	Confirmed → Fix Released

Affects		Status	Importance	Assigned to	Milestone
	jabber (Debian)	Fix Released	Unknown	debbugs #337526
	jabber (Ubuntu)	Fix Released	Medium	Unassigned

Ubuntu
jabber package

Segfault in jabber server on dapper with user registration

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntujabber package

Segfault in jabber server on dapper with user registration

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
jabber package