bip crash with "FATAL: Failed assetion in src/irc.c(2447): n

Bug #1247888 reported by Dave Chiluk on 2013-11-04
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bip (Ubuntu)
Undecided
Dave Chiluk
Precise
Medium
Dave Chiluk
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Dave Chiluk

Bug Description

[Impact]

 * Affects Precise versions and earlier.
 * Bip crashes with "FATAL: Failed assetion in src/irc.c(2447): n" in log

 * Current version of bip in precise is vulnerable to the following CVE http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0806

[Test Case]

 * Run BIP server for an extended period of time.

[Regression Potential]

 * Regression potential is minimal as this brings bip up to the same level of code as quantal

 * I am currently running this patch on my bip server, and it currently has not had a recurrence of the crash

[Other Info]

 * Patch is already included in quantal and newer as well as upstream.

___________________________________________________________________________________

Last error before bip crashes in bip.log is

02-11-2013 02:42:18 FATAL: Failed assetion in src/irc.c(2447): n

This is the same bug as upstream bip bug
https://bugs.mageia.org/show_bug.cgi?id=4319

Which is resolved
https://projects.duckcorp.org/attachments/56?type=sbs

This was resolved in quantal and newer by
Fix CVE-2012-0806: buffer overflow.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/quantal/bip/quantal/view/head:/debian/patches/CVE-2012-0806.patch

This fix needs to be backported into precise.

I'm not exactly sure why bip is failing for me all of a sudden, but I did recently go through some major upgrades of both software and hardware on my bip server. I'll be posting debdiffs as soon as I have tested them.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bip 0.8.8-1build1
ProcVersionSignature: Ubuntu 3.8.0-32.47~precise1-generic 3.8.13.10
Uname: Linux 3.8.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Nov 4 10:08:02 2013
InstallationMedia: Mythbuntu 12.04.1 "Precise Pangolin" - Release amd64 (20120818.1)
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: bip
UpgradeStatus: No upgrade log present (probably fresh install)

Dave Chiluk (chiluk) wrote :
Changed in bip (Ubuntu):
assignee: nobody → Dave Chiluk (chiluk)
status: New → In Progress
Dave Chiluk (chiluk) wrote :

Here is the debdiff that contains the CVE backport from quantal.

Dave Chiluk (chiluk) wrote :

I'm currently running with the above debdiff on my server, and all appears to be going well.

description: updated
Chris J Arges (arges) on 2013-11-04
Changed in bip (Ubuntu Precise):
assignee: nobody → Dave Chiluk (chiluk)
status: New → In Progress
importance: Undecided → Medium
Changed in bip (Ubuntu):
assignee: Dave Chiluk (chiluk) → nobody
status: In Progress → Fix Released
description: updated
Chris J Arges (arges) wrote :

Uploaded with a few modifications.

Hello Dave, or anyone else affected,

Accepted bip into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/bip/0.8.8-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bip (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Dave Chiluk (chiluk) wrote :

The proposed package is now installed on my server machine. I will verify in a week if any more crashes have occurred.

Tyler Hicks (tyhicks) wrote :

Hi Stéphane - this should go through precise-security instead of precise-updates. Can we put a stop on the SRU process and allow a security team member sponsor this for precise-security?

Marc Deslauriers (mdeslaur) wrote :

Since this is a security fix, it needs to be built and released in the -security pocket.

I have rebuilt this as a security update, and have released it, superseding the -proposed package.

Thanks!

Dave Chiluk (chiluk) wrote :

Well sorry to burst everyone's bubble, but my bip server just crashed again this morning.

The end of the log looks like this
05-11-2013 10:26:04 ERROR: Error in SSL handshake.
05-11-2013 10:26:04 ERROR: Error on fd 35 (state 3)
05-11-2013 10:26:04 ERROR: client read_lines error, closing...
....
06-11-2013 06:34:05 ERROR: Error in SSL handshake.
06-11-2013 06:34:05 ERROR: Error on fd 1022 (state 3)
06-11-2013 06:34:05 ERROR: client read_lines error, closing...
06-11-2013 06:34:10 ERROR: Error in SSL handshake.
06-11-2013 06:34:10 ERROR: Error on fd 1023 (state 3)
06-11-2013 06:34:10 ERROR: client read_lines error, closing...
06-11-2013 06:34:15 FATAL: accept failed: Too many open files

I think the fix is still necessary, as it clearly was never pulled from quantal, but I think there may be something else necessary as well.

Dave Chiluk (chiluk) wrote :

So the patch appears to have fixed the failed assertion, but the source of the problem still appears to have been a file descriptor leak. Discussed upstream here.
https://projects.duckcorp.org/issues/261

I'm now testing with this additional fix. And things appear to be fixed. I'm not longer seeing broken file handles in /proc/<pid>/fd for bip.

I think we should include this additional fix before releasing to updates.

Dave Chiluk (chiluk) wrote :

I'm fairly certain this issue is being caused by time warner *(or an attacker with a time warner IP) port scanning my machine. It's connecting to the port, failing the ssl handshake, and bip leaks the FD. Not sure if the SRU team or the security team wants to take the fix.

Changed in bip (Ubuntu):
assignee: nobody → Dave Chiluk (chiluk)
Dave Chiluk (chiluk) wrote :
Dave Chiluk (chiluk) wrote :
Dave Chiluk (chiluk) wrote :
Dave Chiluk (chiluk) wrote :

As this can be considered a DoS vulnerability here are the debdiffs for q, r, and s as well. Trusty already has this fix.

Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs. I will push them as security updates with some minor changelog changes. Thanks!

Changed in bip (Ubuntu Quantal):
status: New → Confirmed
Changed in bip (Ubuntu Raring):
status: New → Confirmed
Changed in bip (Ubuntu Saucy):
status: New → Confirmed
Changed in bip (Ubuntu Precise):
status: Fix Committed → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bip - 0.8.8-1ubuntu0.3

---------------
bip (0.8.8-1ubuntu0.3) precise-security; urgency=low

  * SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
    socket, and never close the connection. (LP: #1247888)
    - debian/patches/sslfailurefdleak.patch: properly close connection in
      src/connection.c.
    - CVE number pending
 -- Dave Chiluk <email address hidden> Thu, 07 Nov 2013 14:50:18 -0600

Changed in bip (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bip - 0.8.8-2ubuntu0.13.04.1

---------------
bip (0.8.8-2ubuntu0.13.04.1) raring-security; urgency=low

  * SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
    socket, and never close the connection. (LP: #1247888)
    - debian/patches/sslfailurefdleak.patch: properly close connection in
      src/connection.c.
    - CVE number pending
 -- Dave Chiluk <email address hidden> Fri, 08 Nov 2013 10:57:55 -0600

Changed in bip (Ubuntu Raring):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bip - 0.8.8-2ubuntu1.1

---------------
bip (0.8.8-2ubuntu1.1) saucy-security; urgency=low

  * SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
    socket, and never close the connection. (LP: #1247888)
    - debian/patches/sslfailurefdleak.patch: properly close connection in
      src/connection.c.
    - CVE number pending
 -- Dave Chiluk <email address hidden> Fri, 08 Nov 2013 11:02:00 -0600

Changed in bip (Ubuntu Saucy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bip - 0.8.8-2ubuntu0.12.10.1

---------------
bip (0.8.8-2ubuntu0.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
    socket, and never close the connection. (LP: #1247888)
    - debian/patches/sslfailurefdleak.patch: properly close connection in
      src/connection.c.
    - CVE number pending
 -- Dave Chiluk <email address hidden> Fri, 08 Nov 2013 11:06:30 -0600

Changed in bip (Ubuntu Quantal):
status: Confirmed → Fix Released
tags: removed: verification-needed
Dave Chiluk (chiluk) on 2015-10-27
tags: added: verification-done
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers