nsca-ng 64 bit time_t segfault on i386

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

nsca-ng 64 bit time_t segfault on i386

Florian Obser-2
send_nsca segfaults on i386 (presumably on all 32bit archs):

#0  strlen (str=0xd <Address 0xd out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:43
43              for (s = str; *s; ++s)
(gdb) bt
#0  strlen (str=0xd <Address 0xd out of bounds>)
    at /usr/src/lib/libc/string/strlen.c:43
#1  0x01d1a302 in __vfprintf (fp=0xcfbd753c,
    fmt0=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
    ap=0xcfbd772c "\026!O\211\002") at /usr/src/lib/libc/stdio/vfprintf.c:879
#2  0x01cca8c7 in vasprintf (str=0xcfbd7778,
    fmt=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
    ap=0xcfbd7718 "\035\2241R") at /usr/src/lib/libc/stdio/vasprintf.c:40
#3  0x1c00693f in xvasprintf (result=0xcfbd7778,
    format=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
    ap=0xcfbd7718 "\035\2241R")
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/lib/wrappers.c:87
#4  0x1c006982 in xasprintf (result=0xcfbd7778,
    format=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s")
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/lib/wrappers.c:80
#5  0x1c00375f in parse_check_result (
    input=0x894f2100 "-eopenbsd.adns.de_em0\tcvsync update\tOK\tsync ok  - openbsd.adns.de", delimiter=9 '\t')
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/parse.c:107
#6  0x1c002608 in handle_input_chunk (input=0x870a9000,
    chunk=0x894f2100 "-eopenbsd.adns.de_em0\tcvsync update\tOK\tsync ok  - openbsd.adns.de") at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/client.c:137
#7  0x01e8433d in ev_invoke () from /usr/local/lib/libev.so.3.1
---Type <return> to continue, or q <return> to quit---
#8  0x1c00345a in input_read_chunk (input=0x870a9000,
    handle_read=0x1c002520 <handle_input_chunk>)
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/input.c:85
#9  0x1c0024fa in handle_tls_moin_response (tls=0x870a8400,
    line=0x870a9900 "MOIN")
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/client.c:202
#10 0x01e843ae in ev_invoke_pending () from /usr/local/lib/libev.so.3.1
#11 0x01e890a2 in ev_run () from /usr/local/lib/libev.so.3.1
#12 0x1c003df2 in main (argc=0, argv=Cannot access memory at address 0x3
)
    at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/send_nsca.c:123


patch-src_client_parse_c fixes the problem for me, only the "case 4"
tested. I gave the source a quick once over and found another issue in
fifo.c, untested though.


Index: net/nagios/nsca-ng//patches/patch-src_client_parse_c
===================================================================
RCS file: net/nagios/nsca-ng//patches/patch-src_client_parse_c
diff -N net/nagios/nsca-ng//patches/patch-src_client_parse_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/nagios/nsca-ng//patches/patch-src_client_parse_c 12 Sep 2013 10:36:12 -0000
@@ -0,0 +1,30 @@
+$OpenBSD$
+--- src/client/parse.c.orig Fri Feb  8 16:35:32 2013
++++ src/client/parse.c Thu Sep 12 12:22:16 2013
+@@ -56,7 +56,7 @@ parse_command(const char *line)
+ if (line[0] == '[')
+ command = xstrdup(line);
+ else
+- xasprintf(&command, "[%lu] %s", time(NULL), line);
++ xasprintf(&command, "[%llu] %s", time(NULL), line);
+
+ return command;
+ }
+@@ -96,7 +96,7 @@ parse_check_result(const char *input, char delimiter)
+ case 3:
+ debug("Got host check result");
+ xasprintf(&command,
+-    "[%lu] PROCESS_HOST_CHECK_RESULT;%.*s;%.*s;%s",
++    "[%llu] PROCESS_HOST_CHECK_RESULT;%.*s;%.*s;%s",
+    time(NULL),
+    lengths[0], fields[0],
+    lengths[1], fields[1],
+@@ -105,7 +105,7 @@ parse_check_result(const char *input, char delimiter)
+ case 4:
+ debug("Got service check result");
+ xasprintf(&command,
+-    "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
++    "[%llu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
+    time(NULL),
+    lengths[0], fields[0],
+    lengths[1], fields[1],
Index: net/nagios/nsca-ng//patches/patch-src_server_fifo_c
===================================================================
RCS file: net/nagios/nsca-ng//patches/patch-src_server_fifo_c
diff -N net/nagios/nsca-ng//patches/patch-src_server_fifo_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/nagios/nsca-ng//patches/patch-src_server_fifo_c 12 Sep 2013 10:36:12 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- src/server/fifo.c.orig Thu Sep 12 12:31:03 2013
++++ src/server/fifo.c Thu Sep 12 12:31:03 2013
+@@ -528,8 +528,8 @@ make_process_file_command(fifo_state *fifo)
+ {
+ char *command;
+
+- xasprintf(&command, "[%lu] PROCESS_FILE;%s;1\n",
+-    (unsigned long)time(NULL), fifo->dump_file);
++ xasprintf(&command, "[%llu] PROCESS_FILE;%s;1\n",
++    time(NULL), fifo->dump_file);
+
+ return command;
+ }

--
I'm not entirely sure you are real.

Reply | Threaded
Open this post in threaded view
|

Re: nsca-ng 64 bit time_t segfault on i386

Stuart Henderson-6
cc'ing Holger; OpenBSD recently switched to long long time_t which has
caused nsca-ng to break on 32-bit arch.

On 2013/09/12 10:42, Florian Obser wrote (on [hidden email]):

> send_nsca segfaults on i386 (presumably on all 32bit archs):
>
> #0  strlen (str=0xd <Address 0xd out of bounds>)
>     at /usr/src/lib/libc/string/strlen.c:43
> 43              for (s = str; *s; ++s)
> (gdb) bt
> #0  strlen (str=0xd <Address 0xd out of bounds>)
>     at /usr/src/lib/libc/string/strlen.c:43
> #1  0x01d1a302 in __vfprintf (fp=0xcfbd753c,
>     fmt0=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
>     ap=0xcfbd772c "\026!O\211\002") at /usr/src/lib/libc/stdio/vfprintf.c:879
> #2  0x01cca8c7 in vasprintf (str=0xcfbd7778,
>     fmt=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
>     ap=0xcfbd7718 "\035\2241R") at /usr/src/lib/libc/stdio/vasprintf.c:40
> #3  0x1c00693f in xvasprintf (result=0xcfbd7778,
>     format=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
>     ap=0xcfbd7718 "\035\2241R")
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/lib/wrappers.c:87
> #4  0x1c006982 in xasprintf (result=0xcfbd7778,
>     format=0x3c000668 "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s")
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/lib/wrappers.c:80
> #5  0x1c00375f in parse_check_result (
>     input=0x894f2100 "-eopenbsd.adns.de_em0\tcvsync update\tOK\tsync ok  - openbsd.adns.de", delimiter=9 '\t')
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/parse.c:107
> #6  0x1c002608 in handle_input_chunk (input=0x870a9000,
>     chunk=0x894f2100 "-eopenbsd.adns.de_em0\tcvsync update\tOK\tsync ok  - openbsd.adns.de") at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/client.c:137
> #7  0x01e8433d in ev_invoke () from /usr/local/lib/libev.so.3.1
> ---Type <return> to continue, or q <return> to quit---
> #8  0x1c00345a in input_read_chunk (input=0x870a9000,
>     handle_read=0x1c002520 <handle_input_chunk>)
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/input.c:85
> #9  0x1c0024fa in handle_tls_moin_response (tls=0x870a8400,
>     line=0x870a9900 "MOIN")
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/client.c:202
> #10 0x01e843ae in ev_invoke_pending () from /usr/local/lib/libev.so.3.1
> #11 0x01e890a2 in ev_run () from /usr/local/lib/libev.so.3.1
> #12 0x1c003df2 in main (argc=0, argv=Cannot access memory at address 0x3
> )
>     at /usr/ports/pobj/nsca-ng-1.1/nsca-ng-1.1/src/client/send_nsca.c:123
>
>
> patch-src_client_parse_c fixes the problem for me, only the "case 4"
> tested. I gave the source a quick once over and found another issue in
> fifo.c, untested though.

Nearly, but time_t should be printed using %lld, and the value cast (long
long) so that it's also OK for other OS where time_t is not long long.

>
> Index: net/nagios/nsca-ng//patches/patch-src_client_parse_c
> ===================================================================
> RCS file: net/nagios/nsca-ng//patches/patch-src_client_parse_c
> diff -N net/nagios/nsca-ng//patches/patch-src_client_parse_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/nagios/nsca-ng//patches/patch-src_client_parse_c 12 Sep 2013 10:36:12 -0000
> @@ -0,0 +1,30 @@
> +$OpenBSD$
> +--- src/client/parse.c.orig Fri Feb  8 16:35:32 2013
> ++++ src/client/parse.c Thu Sep 12 12:22:16 2013
> +@@ -56,7 +56,7 @@ parse_command(const char *line)
> + if (line[0] == '[')
> + command = xstrdup(line);
> + else
> +- xasprintf(&command, "[%lu] %s", time(NULL), line);
> ++ xasprintf(&command, "[%llu] %s", time(NULL), line);
> +
> + return command;
> + }
> +@@ -96,7 +96,7 @@ parse_check_result(const char *input, char delimiter)
> + case 3:
> + debug("Got host check result");
> + xasprintf(&command,
> +-    "[%lu] PROCESS_HOST_CHECK_RESULT;%.*s;%.*s;%s",
> ++    "[%llu] PROCESS_HOST_CHECK_RESULT;%.*s;%.*s;%s",
> +    time(NULL),
> +    lengths[0], fields[0],
> +    lengths[1], fields[1],
> +@@ -105,7 +105,7 @@ parse_check_result(const char *input, char delimiter)
> + case 4:
> + debug("Got service check result");
> + xasprintf(&command,
> +-    "[%lu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
> ++    "[%llu] PROCESS_SERVICE_CHECK_RESULT;%.*s;%.*s;%.*s;%s",
> +    time(NULL),
> +    lengths[0], fields[0],
> +    lengths[1], fields[1],
> Index: net/nagios/nsca-ng//patches/patch-src_server_fifo_c
> ===================================================================
> RCS file: net/nagios/nsca-ng//patches/patch-src_server_fifo_c
> diff -N net/nagios/nsca-ng//patches/patch-src_server_fifo_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ net/nagios/nsca-ng//patches/patch-src_server_fifo_c 12 Sep 2013 10:36:12 -0000
> @@ -0,0 +1,14 @@
> +$OpenBSD$
> +--- src/server/fifo.c.orig Thu Sep 12 12:31:03 2013
> ++++ src/server/fifo.c Thu Sep 12 12:31:03 2013
> +@@ -528,8 +528,8 @@ make_process_file_command(fifo_state *fifo)
> + {
> + char *command;
> +
> +- xasprintf(&command, "[%lu] PROCESS_FILE;%s;1\n",
> +-    (unsigned long)time(NULL), fifo->dump_file);
> ++ xasprintf(&command, "[%llu] PROCESS_FILE;%s;1\n",
> ++    time(NULL), fifo->dump_file);
> +
> + return command;
> + }
>
> --
> I'm not entirely sure you are real.

Reply | Threaded
Open this post in threaded view
|

Re: nsca-ng 64 bit time_t segfault on i386

Holger Weiß
* Stuart Henderson <[hidden email]> [2013-09-12 12:43]:
> On 2013/09/12 10:42, Florian Obser wrote (on [hidden email]):
> > send_nsca segfaults on i386 (presumably on all 32bit archs):

D'oh!  Thanks for the hint.

> > patch-src_client_parse_c fixes the problem for me, only the "case 4"
> > tested. I gave the source a quick once over and found another issue in
> > fifo.c, untested though.

In fifo.c, the time_t value is cast to unsigned long, so that should be
fine.

> Nearly, but time_t should be printed using %lld, and the value cast (long
> long) so that it's also OK for other OS where time_t is not long long.

Fixed.[*]  (I went for unsigned long.  The range is large enough in
practice, and so far the code doesn't depend on C99 features.)

Thanks again, Holger

[*] https://www.nsca-ng.org/cgi-bin/repository/nsca-ng/commit/?id=d48a58508e