rinetd crashing (SIGBUS/SIGSEGV) on large lists - Ubuntu LTS 12.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rinetd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Using rinetd in Ubuntu 12.04 LTS with large lists (further than 32 entries) on /etc/rinetd.conf leads to a crash.
Sometimes by SIGBUS or SIGSEGV. Using strace, it is possible to see results:
read(28, "# Network services, Internet sty"..., 4096) = 4096
read(28, "\t\t# IPX\nipx\
read(28, "\nlotusnote\
read(28, "\t\t\t# MySQL Proxy\nmysql-
read(28, "dp\t\t\t# predict -- satellite trac"..., 4096) = 2917
read(28, "", 4096) = 0
close(28) = 0
munmap(
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 28
setsockopt(28, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(28, {sa_family=AF_INET, sin_port=htons(80), sin_addr=
listen(28, 5) = 0
ioctl(28, FIONBIO, [1]) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(
open("/
fstat(3, {st_mode=
mmap(NULL, 4096, PROT_READ|
write(3, "10331\n", 6) = 6
close(3) = 0
munmap(
sendto(11, "<30>Jun 3 10:40:02 rinetd[10331"..., 59, MSG_NOSIGNAL, NULL, 0) = 59
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)
or
open("/
fstat(130, {st_mode=
mmap(NULL, 4096, PROT_READ|
read(130, "# Network services, Internet sty"..., 4096) = 4096
read(130, "\t\t# IPX\nipx\
read(130, "\nlotusnote\
read(130, "\t\t\t# MySQL Proxy\nmysql-
read(130, "dp\t\t\t# predict -- satellite trac"..., 4096) = 2917
read(130, "", 4096) = 0
close(130) = 0
munmap(
open("/
fstat(130, {st_mode=
mmap(NULL, 4096, PROT_READ|
read(130, "# Network services, Internet sty"..., 4096) = 4096
read(130, "\t\t# IPX\nipx\
read(130, "\nlotusnote\
read(130, "\t\t\t# MySQL Proxy\nmysql-
read(130, "dp\t\t\t# predict -- satellite trac"..., 4096) = 2917
read(130, "", 4096) = 0
close(130) = 0
munmap(
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 130
setsockopt(130, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(130, {sa_family=AF_INET, sin_port=htons(20), sin_addr=
listen(130, 5) = 0
ioctl(130, FIONBIO, [1]) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(
open("/
fstat(3, {st_mode=
mmap(NULL, 4096, PROT_READ|
write(3, "8215\n", 5) = 5
close(3) = 0
munmap(
sendto(6, "<30>Jun 3 10:27:19 rinetd[8215]"..., 58, MSG_NOSIGNAL, NULL, 0) = 58
--- SIGBUS (Bus error) @ 0 (0) ---
+++ killed by SIGBUS (core dumped) +++
Bus error (core dumped)
Installing source code (apt-get source -b rinetd), compiling, and testing generates similar error.
root@elx3030vlm -78:rinetd- 0.62# make ssp-buffer- size=4 -Wformat -Wformat-security -DHAVE_CONFIG_H -Wall -Wwrite-strings -I. -c -o rinetd.o rinetd.c x86_64- linux-gnu/ sys/socket. h:214:12: note: expected ‘socklen_t * __restrict__’ but argument is of type ‘int *’ functions -Wl,-z,relro -78:rinetd- 0.62# ./rinetd -f -c /tmp/rinetd.conf 64-linux- gnu/libc. so.6(__ fortify_ fail+0x37) [0x7f15f8c7c817 ] 64-linux- gnu/libc. so.6(+0x109710) [0x7f15f8c7b710 ] 64-linux- gnu/libc. so.6(+0x10a7ce) [0x7f15f8c7c7ce ] 64-linux- gnu/libc. so.6(__ libc_start_ main+0xed) [0x7f15f8b9376d ] rinetd- 0.62/rinetd rinetd- 0.62/rinetd rinetd- 0.62/rinetd 7f15f8764000 r-xp 00000000 fc:01 524340 /lib/x86_ 64-linux- gnu/libgcc_ s.so.1 7f15f8963000 ---p 00015000 fc:01 524340 /lib/x86_ 64-linux- gnu/libgcc_ s.so.1 7f15f8964000 r--p 00014000 fc:01 524340 /lib/x86_ 64-linux- gnu/libgcc_ s.so.1 7f15f8965000 rw-p 00015000 fc:01 524340 /lib/x86_ 64-linux- gnu/libgcc_ s.so.1 7f15f8971000 r-xp 00000000 fc:01 524480 /lib/x86_ 64-linux- gnu/libnss_ files-2. 15.so 7f15f8b70000 ---p 0000c000 fc:01 524480 /lib/x86_ 64-linux- gnu/libnss_ files-2. 15.so 7f15f8b71000 r--p 0000b000 fc:01 524480 /lib/x86_ 64-linux- gnu/libnss_ files-2. 15.so 7f15f8b72000 rw-p 0000c000 fc:01 524480 /lib/x86_ 64-linux- gnu/libnss_ files-2. 15.so 7f15f8d27000 r-xp 00000000 fc:01 524384 /lib/x86_ 64-linux- gnu/libc- 2.15.so 7f15f8f26000 ---p 001b5000 fc:01 524384 /lib/x86_ 64-linux- gnu/libc- 2.15.so 7f15f8f2a000 r--p 001b4000 fc:01 524384 /lib/x86_ 64-linux- gnu/libc- 2.15.so 7f15f8f2c000 rw-p 001b8000 fc:01 524384 /lib/x86_ 64-linux- gnu/libc- 2.15.so 7f15f8f31000 rw-...
./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
gcc -g -O2 -fstack-protector --param=
rinetd.c:196:6: warning: conflicting types for built-in function ‘log’ [enabled by default]
rinetd.c: In function ‘handleAccept’:
rinetd.c:1056:2: warning: pointer targets in passing argument 3 of ‘accept’ differ in signedness [-Wpointer-sign]
/usr/include/
rinetd.c: In function ‘log’:
rinetd.c:1467:6: warning: the address of ‘log’ will always evaluate as ‘true’ [-Waddress]
gcc rinetd.o match.o -o rinetd -Wl,-Bsymbolic-
root@elx3030vlm
*** buffer overflow detected ***: ./rinetd terminated
======= Backtrace: =========
/lib/x86_
/lib/x86_
/lib/x86_
./rinetd[0x403de9]
./rinetd[0x401435]
/lib/x86_
./rinetd[0x401469]
======= Memory map: ========
00400000-00406000 r-xp 00000000 fc:01 15731923 /usr/src/
00605000-00606000 r--p 00005000 fc:01 15731923 /usr/src/
00606000-00607000 rw-p 00006000 fc:01 15731923 /usr/src/
01b95000-01bd7000 rw-p 00000000 00:00 0 [heap]
7f15f874f000-
7f15f8764000-
7f15f8963000-
7f15f8964000-
7f15f8965000-
7f15f8971000-
7f15f8b70000-
7f15f8b71000-
7f15f8b72000-
7f15f8d27000-
7f15f8f26000-
7f15f8f2a000-
7f15f8f2c000-