[Nagiosplug-devel] Stack overflow in check_clamd/check_tcp

Holger Weiß holger at CIS.FU-Berlin.DE
Tue Oct 26 19:37:19 CEST 2010

Previous message: [Nagiosplug-devel] Stack overflow in check_clamd/check_tcp
Next message: [Nagiosplug-devel] Stack overflow in check_clamd/check_tcp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* C. Bensend <benny at bennyvision.com> [2010-10-26 11:32]:
> I have sent a lot of step output to Holger privately, I can re-send
> here if it would help.

Here are the most interesting parts.  Many thanks for providing them,
Benny!

| (gdb) file ./check_clamd
| Reading symbols from
| /home/benny/temp/nagios-plugins-1.4.15/plugins/check_clamd...done.
|
| (gdb) break np_net_connect
| Breakpoint 1 at 0x1c00380c: file netutils.c, line 162.
|
| (gdb) run /tmp/clamd.socket
| Starting program:
| /home/benny/temp/nagios-plugins-1.4.15/plugins/check_clamd
| /tmp/clamd.socket
| [Switching to process 5491, thread 0x7e980000]
|
| Breakpoint 1, np_net_connect (host_name=0xcfbd0db3 "/tmp/clamd.socket",
|     port=3310, sd=0x3c002064, proto=6) at netutils.c:162
| 162     {
|
| (gdb) bt
| #0  np_net_connect (host_name=0xcfbd0db3 "/tmp/clamd.socket", port=3310,
|     sd=0x3c002064, proto=6) at netutils.c:162
| #1  0x1c0025b9 in main (argc=1, argv=0xcfbd0ce0) at check_tcp.c:231
|
| (gdb) print host_name
| $1 = 0xcfbd0db3 "/tmp/clamd.socket"
|
| (gdb) cont
| Continuing.
|
| Program received signal SIGABRT, Aborted.
| 0x0db1df4d in kill () from /usr/lib/libc.so.56.0
|
| (gdb) bt
| #0  0x0db1df4d in kill () from /usr/lib/libc.so.56.0
| #1  0x0db803c3 in __stack_smash_handler (func=0x3c0012ec "np_net_connect",
|     damaged=-809694338) at /usr/src/lib/libc/sys/stack_protector.c:89
| #2  0x1c003a5d in np_net_connect (host_name=0x0, port=3310, sd=0x3c002064,
|     proto=10652) at netutils.c:267
| #3  0x1c0025b9 in main (argc=1, argv=0xcfbd0ce0) at check_tcp.c:231
|
| (gdb) up 3
| #3  0x1c0025b9 in main (argc=1, argv=0xcfbd0ce0) at check_tcp.c:231
| 231             result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
|
| (gdb) print server_address
| $2 = 0xcfbd0db3 "/tmp/clamd.socket"

And here is another session which steps through np_net_connect():

| (gdb) run -H /tmp/clamd.socket -t 180
| Starting program:
| /home/benny/temp/nagios-plugins-1.4.15/plugins/check_clamd -H
| /tmp/clamd.socket -t 180
| [Switching to process 25631, thread 0x8a928800]
|
| Breakpoint 1, np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket",
|     port=3310, sd=0x3c002064, proto=6) at netutils.c:162
| 162     {
| (gdb) step
| 170             socktype = (proto == IPPROTO_UDP) ? SOCK_DGRAM : SOCK_STREAM;
| (gdb) step
| 173             if(host_name[0] != '/'){
| (gdb) step
| 231                     if(strlen(host_name) >= UNIX_PATH_MAX){
| (gdb) step
| 234                     memset(&su, 0, sizeof(su));
| (gdb) step
| 236                     strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
| (gdb) step
| 235                     su.sun_family = AF_UNIX;
| (gdb) step
| 236                     strncpy(su.sun_path, host_name, UNIX_PATH_MAX);
| (gdb) step
| strncpy (dst=0xcfbe1940 "", src=0xcfbe1b7e "/tmp/clamd.socket", n=108)
|     at /usr/src/lib/libc/string/strncpy.c:47
|
| [...]
|
| (gdb) step
| np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket", port=3310,
|     sd=0x3c002064, proto=6) at netutils.c:237
| 237                     *sd = socket(PF_UNIX, SOCK_STREAM, 0);
| (gdb) step
| socket (af=1, type=1, protocol=0)
|     at /usr/src/lib/libpthread/uthread/uthread_socket.c:49
|
| [...]
|
| (gdb) step
| np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket", port=3310,
|     sd=0x3c002064, proto=6) at netutils.c:238
| 238                     if(*sd < 0){
| (gdb) step
| 237                     *sd = socket(PF_UNIX, SOCK_STREAM, 0);
| (gdb) step
| 238                     if(*sd < 0){
| (gdb) step
| 241                     result = connect(*sd, (struct sockaddr *)&su, sizeof(su));
| (gdb) step
| connect (fd=8, name=0xcfbe193e, namelen=106)
|     at /usr/src/lib/libpthread/uthread/uthread_connect.c:45
|
| [...]
|
| (gdb) step
| np_net_connect (host_name=0xcfbe1b7e "/tmp/clamd.socket", port=3310,
|     sd=0x3c002064, proto=6) at netutils.c:242
| 242                     if (result < 0 && errno == ECONNREFUSED)
| (gdb) step
| 241                     result = connect(*sd, (struct sockaddr *)&su,
| sizeof(su));
| (gdb) step
| 242                     if (result < 0 && errno == ECONNREFUSED)
| (gdb) step
| 246             if (result == 0)
| (gdb) step
| 267     }
| (gdb) step
| __stack_smash_handler (func=0x3c0012ec "np_net_connect", damaged=-809625282)
|     at /usr/src/lib/libc/sys/stack_protector.c:69

Holger

Previous message: [Nagiosplug-devel] Stack overflow in check_clamd/check_tcp
Next message: [Nagiosplug-devel] Stack overflow in check_clamd/check_tcp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list