Ubuntu
jabberd2 package

jabberd2 broken

Bug #997264 reported by Christian Roessner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
jabberd2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise

2.2.8-2.2build1

I configured jabbered2. It shall connect to LDAP using the module ldapfull. When starting the service, we can see the following in the logs of c2s.log:

Wed May 9 18:44:00 2012 [notice] [9] [109.90.84.162, port=39344] connect
Wed May 9 18:44:00 2012 [notice] [9] [109.90.84.162, port=39344] error: XML parse error (not well-formed (invalid token))
Wed May 9 18:44:00 2012 [notice] [9] [109.90.84.162, port=39344] disconnect jid=unbound, packets: 0

I recompiled jabbered by modifying the debian/rules file:


DEB_BUILD_OPTIONS += debug

# dh_strip

Installed it with dpkg -i. I realized that jabbered now is not starting anymore with init.d. So I decided to start first the router with gdb and then the session manager and so on...

Starting the router from the source folder with gdb. The process starts. But if starting sm, the router crashes:

/usr/local/src/jabberd2-2.2.8/router# gdb ./router
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/local/src/jabberd2-2.2.8/router/router...done.
(gdb) run -c /etc/jabberd2/router.xml -D
Starting program: /usr/local/src/jabberd2-2.2.8/router/router -c /etc/jabberd2/router.xml -D
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Wed May 9 20:26:22 2012 [notice] starting up
Wed May 9 20:26:22 2012 [info] process id is 8314, written to /var/run/jabberd2/router.pid
Wed May 9 20:26:22 2012 user.c:33 loading user table
Wed May 9 20:26:22 2012 user.c:86 remembering user 'jabberd'
Wed May 9 20:26:22 2012 [notice] loaded user table (1 users)
Wed May 9 20:26:22 2012 aci.c:37 loading aci
Wed May 9 20:26:22 2012 aci.c:56 building list for 'all'
Wed May 9 20:26:22 2012 aci.c:77 added 'jabberd'
Wed May 9 20:26:22 2012 filter.c:50 loading filter
Wed May 9 20:26:22 2012 filter.c:93 building filter list
Wed May 9 20:26:22 2012 [notice] loaded filters (0 rules)
sx (sasl_gsasl.c:858) initialising sasl plugin
sx (sasl_gsasl.c:885) sasl context initialised
sx (env.c:75) plugin initialised (index 0)
Wed May 9 20:26:22 2012 [notice] [0.0.0.0, port=5347] listening for incoming connections
Wed May 9 20:26:27 2012 main.c:446 running time checks
Wed May 9 20:26:27 2012 main.c:451 next time check at 1336588047
Wed May 9 20:26:34 2012 router.c:904 accept action on fd 10
Wed May 9 20:26:34 2012 [notice] [127.0.0.1, port=44223] connect
sx (sx.c:52) allocated new sx for 10
sx (server.c:236) doing server init for sx 10
sx (server.c:251) waiting for stream header
sx (server.c:254) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
Wed May 9 20:26:34 2012 router.c:855 read action on fd 10
sx (io.c:191) 10 ready for reading
sx (io.c:197) tag 10 event 2 data 0x631180
Wed May 9 20:26:34 2012 router.c:525 reading from 10
Wed May 9 20:26:34 2012 router.c:583 read 98 bytes
sx (io.c:216) passed 98 read bytes
sx (chain.c:93) calling io read chain
sx (io.c:240) decoded read data (98 bytes): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
sx (server.c:118) stream request: to (null) from (null) version 1.0
sx (server.c:133) 10 state change from 0 to 1
sx (server.c:151) stream id is y0nafoazosfdif3vzuvqt3gsknnx1d6zet9thkt6
sx (server.c:181) prepared stream response: <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0' id='y0nafoazosfdif3vzuvqt3gsknnx1d6zet9thkt6'>
sx (io.c:256) tag 10 event 1 data 0x0
Wed May 9 20:26:34 2012 router.c:520 want write
Wed May 9 20:26:34 2012 router.c:869 write action on fd 10
sx (io.c:328) 10 ready for writing
sx (io.c:286) encoding 144 bytes for writing: <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0' id='y0nafoazosfdif3vzuvqt3gsknnx1d6zet9thkt6'>
sx (chain.c:79) calling io write chain
sx (io.c:349) handing app 144 bytes to write
sx (io.c:350) tag 10 event 3 data 0x6315c0
Wed May 9 20:26:34 2012 router.c:590 writing to 10
Wed May 9 20:26:34 2012 router.c:594 144 bytes written
sx (server.c:29) stream established
sx (server.c:39) 10 state change from 1 to 3
sx (server.c:40) tag 10 event 4 data 0x0
sx (server.c:45) building features nad
sx (sasl_gsasl.c:353) offering sasl mechanisms
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 18
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 18
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 5
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 6
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 5
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 6
sx (sasl_gsasl.c:373) offering mechanism: DIGEST-MD5
sx (io.c:383) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
Wed May 9 20:26:34 2012 router.c:869 write action on fd 10
sx (io.c:328) 10 ready for writing
sx (io.c:286) encoding 182 bytes for writing: <stream:features xmlns:stream='http://etherx.jabber.org/streams'><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
sx (chain.c:79) calling io write chain
sx (io.c:349) handing app 182 bytes to write
sx (io.c:350) tag 10 event 3 data 0x6315c0
Wed May 9 20:26:34 2012 router.c:590 writing to 10
Wed May 9 20:26:34 2012 router.c:594 182 bytes written
sx (io.c:383) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
Wed May 9 20:26:34 2012 router.c:855 read action on fd 10
sx (io.c:191) 10 ready for reading
sx (io.c:197) tag 10 event 2 data 0x6315c0
Wed May 9 20:26:34 2012 router.c:525 reading from 10
Wed May 9 20:26:34 2012 router.c:583 read 71 bytes
sx (io.c:216) passed 71 read bytes
sx (chain.c:93) calling io read chain
sx (io.c:240) decoded read data (71 bytes): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'/>
sx (io.c:92) completed nad: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'/>
sx (chain.c:119) calling nad read chain
sx (sasl_gsasl.c:410) auth request from client (mechanism=DIGEST-MD5)
sx (sasl_gsasl.c:459) sasl context initialised for 10
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 13
sx (sasl_gsasl.c:533) sasl handshake in progress (challenge: realm="jabberd-router", nonce="uIux6t7mNBLk/1P5+v7fCA==", qop="auth", charset=utf-8, algorithm=md5-sess)
sx (chain.c:106) calling nad write chain
sx (io.c:406) queueing for write: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImphYmJlcmQtcm91dGVyIiwgbm9uY2U9InVJdXg2dDdtTkJMay8xUDUrdjdmQ0E9PSIsIHFvcD0iYXV0aCIsIGNoYXJzZXQ9dXRmLTgsIGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
sx (io.c:256) tag 10 event 1 data 0x0
Wed May 9 20:26:34 2012 router.c:520 want write
Wed May 9 20:26:34 2012 router.c:869 write action on fd 10
sx (io.c:328) 10 ready for writing
sx (io.c:286) encoding 204 bytes for writing: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImphYmJlcmQtcm91dGVyIiwgbm9uY2U9InVJdXg2dDdtTkJMay8xUDUrdjdmQ0E9PSIsIHFvcD0iYXV0aCIsIGNoYXJzZXQ9dXRmLTgsIGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
sx (chain.c:79) calling io write chain
sx (io.c:349) handing app 204 bytes to write
sx (io.c:350) tag 10 event 3 data 0x634760
Wed May 9 20:26:34 2012 router.c:590 writing to 10
Wed May 9 20:26:34 2012 router.c:594 204 bytes written
sx (io.c:383) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
Wed May 9 20:26:34 2012 router.c:855 read action on fd 10
sx (io.c:191) 10 ready for reading
sx (io.c:197) tag 10 event 2 data 0x634760
Wed May 9 20:26:34 2012 router.c:525 reading from 10
Wed May 9 20:26:34 2012 router.c:583 read 366 bytes
sx (io.c:216) passed 366 read bytes
sx (chain.c:93) calling io read chain
sx (io.c:240) decoded read data (366 bytes): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9ImphYmJlcmQiLCByZWFsbT0iamFiYmVyZC1yb3V0ZXIiLCBub25jZT0idUl1eDZ0N21OQkxrLzFQNSt2N2ZDQT09IiwgY25vbmNlPSJIUzBUcDMxeUFpMVluMmcySWoydlVnPT0iLCBuYz0wMDAwMDAwMSwgcW9wPWF1dGgsIGRpZ2VzdC11cmk9ImphYmJlcmQtcm91dGVyL21haWwiLCByZXNwb25zZT1kNjdhMmI3YWJmNGZlMjE5NzBjNTZkY2E1YTg2MmYxMSwgY2hhcnNldD11dGYtOA==</response>
sx (io.c:92) completed nad: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9ImphYmJlcmQiLCByZWFsbT0iamFiYmVyZC1yb3V0ZXIiLCBub25jZT0idUl1eDZ0N21OQkxrLzFQNSt2N2ZDQT09IiwgY25vbmNlPSJIUzBUcDMxeUFpMVluMmcySWoydlVnPT0iLCBuYz0wMDAwMDAwMSwgcW9wPWF1dGgsIGRpZ2VzdC11cmk9ImphYmJlcmQtcm91dGVyL21haWwiLCByZXNwb25zZT1kNjdhMmI3YWJmNGZlMjE5NzBjNTZkY2E1YTg2MmYxMSwgY2hhcnNldD11dGYtOA==</response>
sx (chain.c:119) calling nad read chain
sx (sasl_gsasl.c:509) response from client (decoded: username="jabberd", realm="jabberd-router", nonce="uIux6t7mNBLk/1P5+v7fCA==", cnonce="HS0Tp31yAi1Yn2g2Ij2vUg==", nc=00000001, qop=auth, digest-uri="jabberd-router/mail", response=d67a2b7abf4fe21970c56dca5a862f11, charset=utf-8)
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 12
sx (sasl_gsasl.c:764) in _sx_sasl_gsasl_callback, property: 3
Wed May 9 20:26:34 2012 main.c:209 sx sasl callback: get pass (authnid=jabberd, realm=jabberd-router)
sx (sasl_gsasl.c:517) sasl handshake completed
sx (chain.c:106) calling nad write chain
sx (io.c:406) queueing for write: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
sx (io.c:256) tag 10 event 1 data 0x0
Wed May 9 20:26:34 2012 router.c:520 want write
Wed May 9 20:26:34 2012 router.c:869 write action on fd 10
sx (io.c:328) 10 ready for writing
sx (io.c:286) encoding 51 bytes for writing: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
sx (chain.c:79) calling io write chain
sx (io.c:349) handing app 51 bytes to write
sx (io.c:350) tag 10 event 3 data 0x636170
Wed May 9 20:26:34 2012 router.c:590 writing to 10
Wed May 9 20:26:34 2012 router.c:594 51 bytes written
sx (chain.c:28) adding io plugin
sx (sasl_gsasl.c:394) auth completed, resetting
sx (sx.c:145) resetting stream state
sx (sx.c:69) freeing sx for 10
sx (sx.c:52) allocated new sx for 10
sx (sx.c:200) finished resetting stream state
sx (server.c:236) doing server init for sx 10
sx (server.c:251) waiting for stream header
sx (server.c:254) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
sx (io.c:383) tag 10 event 0 data 0x0
Wed May 9 20:26:34 2012 router.c:515 want read
Wed May 9 20:26:34 2012 router.c:855 read action on fd 10
sx (io.c:191) 10 ready for reading
sx (io.c:197) tag 10 event 2 data 0x636170
Wed May 9 20:26:34 2012 router.c:525 reading from 10
Wed May 9 20:26:34 2012 router.c:583 read 98 bytes
sx (io.c:216) passed 98 read bytes
sx (chain.c:93) calling io read chain
sx (sasl_gsasl.c:244) doing sasl decode
sx (sasl_gsasl.c:260) 98 bytes decoded from sasl channel

Program received signal SIGSEGV, Segmentation fault.
_sx_chain_io_read (s=0x629c00, buf=0x635290) at chain.c:95
95 for(scan = s->rio; scan != NULL; scan = scan->rnext)
(gdb) bt
#0 _sx_chain_io_read (s=0x629c00, buf=0x635290) at chain.c:95
#1 0x0000000000408e23 in sx_can_read (s=0x629c00) at io.c:222
#2 0x000000000040503d in router_mio_callback (m=0x629970, a=<optimized out>, fd=0x629b10, data=0x0, arg=0x629b40) at router.c:866
#3 0x00000000004101a4 in _mio_run (m=0x629970, timeout=<optimized out>) at mio_impl.h:257
#4 0x0000000000404050 in main (argc=<optimized out>, argv=<optimized out>) at main.c:420

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in jabberd2 (Ubuntu):
status: New → Confirmed
Revision history for this message
nbetham (nbetham) wrote :

I think this bug is something along the lines of the problem that I am having with clients failing to connect. Connecting with Pidgin on Windows yields the following error in the log for the jabberd server:

Mon Jun 4 12:28:22 2012 [notice] [10] [127.0.0.1, port=38482] connect
Mon Jun 4 12:28:23 2012 [notice] [10] [127.0.0.1, port=38482] error: XML parse error (not well-formed (invalid token))
Mon Jun 4 12:28:23 2012 [notice] [10] [127.0.0.1, port=38482] disconnect jid=unbound, packets: 0

Keep in mind that I'm using an ssh tunnel to log in which is why the client is listed as 127.0.0.1 If you need more logs from the other parts of the jabber instillation let me know.

I am currently running Ubuntu Server 12.04 with JabberD Version: 2.2.8-2.2build1

This problem was supposedly fixed in the main JabberD repository, version 2.2.15, but I have been unable to locate the changes that fixed the issue as the linked Github change set returns a 404. But I imagine the maintainer could shed some light on the issue. Here is the link to the bug with fix commit linked in the second to last comment:

https://bugs.launchpad.net/jabberd2/+bug/899284

As far as compiling the updates from the main repository, I have had no success in getting the releases or master branch of the Github repo to compile properly.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

This bug was fixed in the package jabberd2 - 2.2.17-1

---------------
jabberd2 (2.2.17-1) unstable; urgency=low

  * New upstream version (Closes: #637112, #547767).
  * New version patches user security hole (Closes: #685666).
  * debian/init: added Should-Start/Should-Stop dependency for MySQL
    (Closes: #673243).
  * debian/watch: updated URL (Closes: #543415).
  * debian/dirs, debian/postinst: removed /var/run/jabber2 (Closes: #689538).
  * debian/component.d: removed 20resolver. Resolver is not included anymore
    (Closes: #689539).
  * Added myself to uploaders list (Closes: #589304).
  * debian/init, debian/component.d/*: Make less bashish.
  * debian/control: Remove inactive uploaders from list.
  * Make it a debhelper package:
    + debian/rules: dh compliant.
    + debian/install: file created. Needed for rules.
    + debian/default: made some corrections and comments.
    + debian/control: remove hardening-includes.
    + debian/lintianoverride: added *-has-useless-call-to-ldconfig.
  * debian/TODO: updated.
  * debian/prerm: removed because not needed.
  * debian/control: moved adduser from Depends to Pre-Depends.
  * debian/copyright: new format, updated maintainer information.
  * debian/TODO: added file.
  * Removed CVE-2011-1755.dpatch. Is now included in upstream source.
  * Removed implicit-pointer-conversion.dpatch. Is now included in
    upstream source.
  * debian/control: changed homepage URL.
  * debian/control: changed debhelper dependency to >= 9.0.0.
  * debian/control: added ${misc:Depends} to binairy packages.
  * debian/control: added Vcs-git and Vcs-Browser tags.
  * debian/control: added hardening-includes to dependecies.
  * debian/init: added Description tag.
  * debian/init, debian/component.d/*: added status option.
  * debian/init, debian/default: removed resolver entries.
  * debian/rules: removed unrecognized enable-sasl and disable-rpath
    options and added --with-sasl=gsasl option to configure.
  * debian/rules: include hardening options.
  * debian/rules: added build-arch, build-indep.
  * Now quilt 3.0 compatible.
  * debian/preinst, debian/postrm: removed resolver entries.
  * debian/lintian-overrides: overrides false positives.
  * Added patches man_hypen.diff, sm_typo.diff and usr_etc.diff.
  * Add patch to remove config.guess and config.sub from upstream.
    debian/rules: remove 'rm config.guess and config.sub'.
  * Bumped up Standards Version to 3.9.4.
  * Bumped up debhelper to 9.

 -- Willem van den Akker <email address hidden> Wed, 16 Jan 2013 10:00:41 +0100

Changed in jabberd2 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.