View Issue Details

IDProjectCategoryView StatusLast Update
0003453unrealircdpublic2007-11-20 20:51
ReporterMonkAssigned Tosyzop 
PrioritynormalSeveritycrashReproducibilityrandom
Status resolvedResolutionfixed 
Platformi386OSLinuxOS VersionDebian 4
Product Version3.2.6 
Target VersionFixed in Version3.2.8 
Summary0003453: Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
DescriptionCurrently we suffer from some ddos attacks. May be related to the following:


-------------------------------SNOTICES---------------------------------------
[7:45pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[7:45pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[7:45pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- inflate() error: * Are you perhaps linking zipped with non-zipped? *
[7:45pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Hint: link::options::zip should be the same at both sides (either both disabled or both enabled)
[7:45pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- inflate() error(-3): invalid code lengths set
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Fake direction from user haihappen in SJOIN from Hades.MindForge.org(CommunityOfPeople.MindForge.org) at #eMule-Spanish-2
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE
[8:01pm][07/17/2007] -HaPPy.MindForge.org- *** Notice -- Overflowed unzipbuf increase UNZIP_BUFFER_SIZE

----------------------------------------------------------------------------

With similar outputs two servers crashed this morning in our network. A backtrace of both follows:

--------------------------BACKTRACE1----------------------------------------
(gdb) bt full
#0 0x4020cfcc in memcpy () from /lib/tls/libc.so.6
No symbol table info available.
#1 0x080889d0 in unzip_packet (cptr=0x846e138, buffer=0x0, length=0xbfb4ced8) at zip.c:157
        zin = (z_stream *) 0x82f9520
        r = <value optimized out>
        p = <value optimized out>
#2 0x08065e6e in dopacket (cptr=0x846e138, buffer=0x80ad4a0 "`ç\f\221", length=8108) at packet.c:195
        ch1 = <value optimized out>
        ch2 = 0x81346ec ""
        acpt = <value optimized out>
        zipped = 1
#3 0x080580be in read_message (delay=0, listp=0x8147780) at s_bsd.c:1475
        write_err = <value optimized out>
        cptr = (aClient *) 0x846e138
        nfds = <value optimized out>
        wait = {tv_sec = 0, tv_usec = 0}
        read_set = {__fds_bits = {64, 0 <repeats 31 times>}}
        write_set = {__fds_bits = {0 <repeats 32 times>}}
        j = 1
        delay2 = 0
        res = 0
        length = <value optimized out>
        fd = <value optimized out>
        i = <value optimized out>
        sockerr = <value optimized out>
#4 0x08061508 in main (argc=0, argv=0xbfb4d1c4) at ircd.c:1576
        uid = 65001
        euid = 65001
        gid = 104
        egid = 104
        delay = 1
        corelim = {rlim_cur = 4294967295, rlim_max = 4294967295}
        nextfdlistcheck = 1184697975
        cptr = <value optimized out>
        pri = <value optimized out>
        i = <value optimized out>
        j = <value optimized out>
(gdb)
-----------------------------------------------------------------------------

--------------------------BACKTRACE2-----------------------------------------
(gdb) bt full
#0 0xb7cdbccf in memcpy () from /lib/tls/libc.so.6
No symbol table info available.
#1 0x0808d5ab in unzip_packet (cptr=0x8af4538, buffer=0x0, length=0xbf956a48) at zip.c:157
        zin = (z_stream *) 0x8a1ee90
        r = <value optimized out>
        p = <value optimized out>
#2 0x08067068 in dopacket (cptr=0x8af4538,
    buffer=0x80b2fa0 "X,8Úe\033í²\215βqái¤\214.\214\004]p\2136\2306º0\022íƸÑ\205\221Ðê\225¬\203\037ÑR×èÂHJ®AC\vLà)ò\224\\F\215fÚh\227m´Ë\226\203\177üÇ\225Ô\205\221", length=-1) at packet.c:195
        g = <value optimized out>
        ch1 = 0x8130a40 "rChanServ B victoriano : UNB arnold Remove all bans preventing you from entering a channelisrChanServ B victoriano : CLEAR Tells ChanServ to clear certain settings on a channelisrChanServ B"...
        ch2 = 0x81478b9 "GOUT This command will logout the selected nicknameisrChanServ B A-Y-S-E-- : TOPIC Manipulate the topic of the specified channelisrChanServ B A-Y-S-E-- : INFO Lists information ab"...
        acpt = <value optimized out>
        zipped = 1
#3 0x0805859a in read_message (delay=0, listp=0x815ee20) at s_bsd.c:1475
        write_err = <value optimized out>
        cptr = (aClient *) 0x8af4538
        nfds = <value optimized out>
        wait = {tv_sec = 0, tv_usec = 0}
        read_set = {__fds_bits = {0, 0, 1024, 0 <repeats 125 times>}}
        write_set = {__fds_bits = {0, 0, 1024, 0 <repeats 125 times>}}
        j = <value optimized out>
        delay2 = 0
        res = 0
        length = 8192
        fd = 137108248
        i = <value optimized out>
        sockerr = <value optimized out>
#4 0x080626c5 in main (argc=Cannot access memory at address 0x78f080c
) at ircd.c:1576
        type = <value optimized out>
        result = <value optimized out>
        uid = 2525
        euid = 2525
        gid = 10002
        egid = 10002
        delay = <value optimized out>
        corelim = {rlim_cur = 4294967295, rlim_max = 4294967295}
        nextfdlistcheck = 1184695293
        alllasttime = 0
(gdb)
------------------------------------------------------------------------------

And before the question pops up: Yes all servers are properly configured with zip-links and the whole network has been running stable on 3.2.6 for months now ;)

Best regards,

Monk
TagsNo tags attached.
3rd party modules

Relationships

child of 0003454 resolvedsyzop Unreal3.2.8 TODO 

Activities

syzop

2007-11-20 20:51

administrator   ~0014816

i fixed this by increasing the buffer a lot, but this info got lost due to bugtracker backup restore.

Issue History

Date Modified Username Field Change
2007-07-17 17:02 Monk New Issue
2007-07-19 08:20 stskeeps Status new => acknowledged
2007-07-19 08:21 stskeeps Relationship added child of 0003454
2007-11-20 20:51 syzop QA => Not touched yet by developer
2007-11-20 20:51 syzop U4: Need for upstream patch => No need for upstream InspIRCd patch
2007-11-20 20:51 syzop Status acknowledged => resolved
2007-11-20 20:51 syzop Fixed in Version => 3.2.8
2007-11-20 20:51 syzop Resolution open => fixed
2007-11-20 20:51 syzop Assigned To => syzop
2007-11-20 20:51 syzop Note Added: 0014816