URLSnarf/dsniff Segmentation Fault (Signal 11)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

URLSnarf/dsniff Segmentation Fault (Signal 11)

Joseph C. Bender

ports@ denizens,

I've run across a strange issue with the dsniff port, specifically
urlsnarf on 3.8-stable.

Box is a pretty standard configuration, running CARP and pfsync.  I'm
running urlsnarf on the physical interface itself, (running it on the CARP
interface has proven to be a bad idea come failover time).

After about 10-15 lines of output (sometimes much less), it segfaults and
core dumps.  This will reliably happen on both primary and secondary
firewalls, regardless of how urlsnarf is invoked.  There's a couple of
hundred users traversing this box.  Logging to a file through a shell
redirect also seems to have no effect.

Port was compiled with the no_x11 flavor, System itself is -stable as of
November 4th.  dsniff itself will also segfault after a few seconds of
operation.

Is anyone else having this problem?  There's post from October about
something similar happening on a AMD64 box (These are PIII/Celeron Intel
boxen), but that's the only info I can find from the lists that there may
be a problem with the port.

I have the core file if anyone wants to look at it.

dmesg, gdb startup message and backtrace follows.

dmesg:

OpenBSD 3.8-stable (GENERIC) #1: Fri Nov  4 11:50:50 EST 2005

[hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 601 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 401973248 (392552K)
avail mem = 359538688 (351112K)
using 4278 buffers containing 20201472 bytes (19728K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/02/01, BIOS32 rev. 0 @
0xfda74
apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
apm0: flags b0102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2bb0/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1800 0xc9800/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD200BB-75AUA1>
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd1 at pciide0 channel 0 drive 1: <WDC WD400JB-00JJC0>
wd1: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <TEAC, CD-224E, 1.7A> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power" rev 0x02 at pci0 dev 7 function 3 not configured
fxp0 at pci0 dev 12 function 0 "Intel 82557" rev 0x08, i82559: irq 5,
address 00:02:b3:35:fd:02
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 13 function 0 "Intel 82557" rev 0x08, i82559: irq 5,
address 00:02:b3:35:fd:03
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
ppb0 at pci0 dev 14 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci1 at ppb0 bus 1
dc0 at pci1 dev 4 function 0 "DEC 21142/3" rev 0x41: irq 7, address
00:60:f5:08:54:20
lxtphy0 at dc0 phy 1: LXT971 10/100 PHY, rev. 1
dc1 at pci1 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 5, address
00:60:f5:08:54:21
lxtphy1 at dc1 phy 1: LXT971 10/100 PHY, rev. 1
dc2 at pci1 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 11, address
00:60:f5:08:54:22
lxtphy2 at dc2 phy 1: LXT971 10/100 PHY, rev. 1
dc3 at pci1 dev 7 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:60:f5:08:54:23
lxtphy3 at dc3 phy 1: LXT971 10/100 PHY, rev. 1
vga1 at pci0 dev 15 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask e745 netmask efe5 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

GDB startup:

# gdb /usr/local/sbin/urlsnarf urlsnarf.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-unknown-openbsd3.8"...(no debugging
symbols found)

Core was generated by `urlsnarf'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libnet.so.0.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/local/lib/libnet.so.0.0
Reading symbols from /usr/lib/libpcap.so.3.0...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libpcap.so.3.0
Reading symbols from /usr/lib/libc.so.38.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libc.so.38.2
Reading symbols from /usr/libexec/ld.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x1c003344 in ?? ()

GDB backtrace:

(gdb) bt
#0  0x1c003344 in ?? ()
#1  0x8b340494 in ?? ()
#2  0x8b340480 in ?? ()
#3  0x61cb7baf in ?? ()
#4  0xcfbc6a08 in ?? ()
#5  0x1c0039d7 in ?? ()
#6  0x7d87ba28 in ?? ()
#7  0x8b340518 in ?? ()
#8  0x0de3369f in ?? ()
#9  0x1c0048cb in ?? ()
#10 0x04c00050 in ?? ()
#11 0x0de3369f in ?? ()
#12 0x7f01040a in ?? ()
#13 0x8b340494 in ?? ()
#14 0x8b340480 in ?? ()
#15 0x7d87ba28 in ?? ()
#16 0xcfbc6a68 in ?? ()
#17 0x1c0040cb in ?? ()
#18 0x8b340480 in ?? ()
#19 0x7d87ba28 in ?? ()
#20 0x8b3404dc in ?? ()
#21 0x8b340494 in ?? ()
#22 0x7d87ba3c in ?? ()
#23 0x000000dc in ?? ()
#24 0x000001d8 in ?? ()
#25 0x000000dc in ?? ()
#26 0x7d87ba14 in ?? ()
#27 0x7d87ba14 in ?? ()
#28 0xcfbc6a68 in ?? ()
#29 0x1c0054b5 in ?? ()
#30 0x7d87ba14 in ?? ()
#31 0x00000000 in ?? ()
#32 0x8b3404dc in ?? ()
#33 0x000000dc in ?? ()
#34 0x07b6bd74 in _dl_bind () from /usr/libexec/ld.so
Previous frame inner to this frame (corrupt stack?)


--
Signing off,

Joseph C. Bender
<[hidden email]>
"Does the government fear us?  Or do we fear the government?  When the
people fear the government, tyranny has found victory. The federal
government is our servant, not our master."  ---Thomas Jefferson