View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003738 | unreal | ircd | public | 2008-11-02 18:01 | 2009-05-13 06:36 |
Reporter | Darth Android | Assigned To | |||
Priority | normal | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | amd64 | OS | Ubuntu | OS Version | 8.10 |
Product Version | 3.2.7-RC2 | ||||
Fixed in Version | 3.2.8 | ||||
Summary | 0003738: IRCd segfaults when linking to the network | ||||
Description | My network contains the following servers: 1. Unreal 3.2.7 (ubuntu64) 2. Unreal 3.2.5 (openbsd32) 3. Unreal 3.2.7 (win32) Server 2 is the hub server, and server 3 can link fine with server 2. Server 1 segfaults when trying to connect to server 2, producing the attached backtrace. server 1 also complains about an unknown server (the services server), so it seems that server 2 isn't sending server 1 a complete server list. server 2 is in the middle of sending the list of active g-lines when server 1 segfaults. | ||||
Additional Information | dmesg contains the following regarding the segfault: [2861628.081732] ircd[23816]: segfault at 0 rip 7f0cc19f8a01 rsp 7fffcad49b78 error 4 [2868922.336779] ircd[26606]: segfault at 0 rip 7fd707a6fa01 rsp 7fff10dc0be8 error 4 [2869074.114687] ircd[26654]: segfault at 0 rip 7f4f97cdfa01 rsp 7fffa1031e58 error 4 BACKTRACE: warning: Can't read pathname for load map: Input/output error. Core was generated by `/var/lib/ircd/Unreal3.2.7/src/ircd'. Program terminated with signal 11, Segmentation fault. [New process 26654] #0 0x00007f4f97cdfa01 in strncpy () from /lib/libc.so.6 #0 0x00007f4f97cdfa01 in strncpy () from /lib/libc.so.6 #1 0x00007f4f97a14015 in _m_tkl (cptr=0x862180, sptr=0x862180, parc=9, parv=0x717aa0) at /usr/include/bits/string3.h:122 #2 0x0000000000425cdb in dopacket (cptr=0x862180, buffer=<value optimized out>, length=6307) at packet.c:138 #3 0x00000000004159cf in read_message (delay=1, listp=0x7493a0) at s_bsd.c:1475 #4 0x0000000000420d8b in main (argc=1225594408, argv=<value optimized out>) at ircd.c:1597 #0 0x00007f4f97cdfa01 in strncpy () from /lib/libc.so.6 0x74e3a0 <backupbuf>: ":zathur.dragon-fire.org BD + G * pool-70-104-245-88.ptldor.dsl-w.verizon.net [email protected] 5565259448521326591 1222504225 :One Week ban" #0 0x00007f4f97cdfa01 in strncpy () from /lib/libc.so.6 No symbol table info available. #1 0x00007f4f97a14015 in _m_tkl (cptr=0x862180, sptr=0x862180, parc=9, parv=0x717aa0) at /usr/include/bits/string3.h:122 tk = (aTKline *) 0x896950 type = 5 gmt = "Sat Sep 27 08:30:25 2008\n", '\0' <repeats 230 times> gmt2 = "0�y\000\000\000\000\000\224�y\000\000\000\000\000��y\000\000\000\000\000�y\000\000\000\000\000\217�\210\000\000\000\000\000`&\000\000\000\000\000\000`&\000\000f\002\000\000n&\000\000\000\000\000\000\000\203\036\230n�\000\000Pwr\000\000\000\000\000;\006\000\000\v\000\000\000Pwr\000\000\000\000\000�\025\000\000\000\000\000\000\006\000\f\000K\006\000\000��\006\000\000\000\000\000\032�\006\000\000\000\000\000<\v\000\000\000\000\000\000;�\000\000\000\000\000\000u�\002\000\000\000\000\000�\002\000\000\000\000\000\020qr\000\000\000\000\000�\033\000\000\000\000\000\000�e\206\000\000\000\000\000z\005\000\000\000\000\000\000 �y", '\0' <repeats 21 times>... txt = '\0' <repeats 16 times>, "\230\"\003��\177\000\000\236��\230O\177\000\000\000\000\000\000\000\000\000\000\a\000\000\000\000\000\000\000\000��\227O\177\000\000�\000\000\000\000\000\000\000\220e\211\000\000\000\000\000`f\211\000\000\000\000\000\200!\206\000\000\000\000\000`f\211\000\000\000\000\000\200!\206\000\000\000\000\000�\000\000\000\000\000\000\000\220e\211\000\000\000\000\000�\217�\227O\177\000\0000i\211\000\000\000\000\000�hHF\000\000\000\000`h\211\000\000\000\000\000\030\000\000\000\000\000\000\000\033", '\0' <repeats 15 times>, "�E\206\000\032\000\000\000��y\000\000\000\000\000\200!\206\000\000\000\000\000�m\036\230O\177\000\000�\"\206"... expiry_1 = 5565259448521326591 setat_1 = 1222504225 spamf_tklduration = 0 reason = 0x862338 "One Week ban" #2 0x0000000000425cdb in dopacket (cptr=0x862180, buffer=<value optimized out>, length=6307) at packet.c:138 ch1 = 0x100 <Address 0x100 out of bounds> ch2 = 0x725eb8 "\n:zathur.dragon-fire.org BD + G * dante01.u.washington.edu [email protected] 5565259446373842944 1217649843 :been warned enough times about that real-name. This is a perminant ban.\r\n:zath"... acpt = <value optimized out> zipped = 1 GCC: gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu10) UNAME: Linux tinuvael 2.6.24-21-generic #1 SMP Mon Aug 25 16:57:51 UTC 2008 x86_64 GNU/Linux UNREAL: Unreal3.2.7 build 1.1.1.1.2.1.2.1.2.2234.2.676 2007/07/13 10:43:04 CORE: -rw------- 1 irc irc 2703360 2008-11-01 21:54 core | ||||
Tags | No tags attached. | ||||
3rd party modules | |||||
|
I think this is the cause: :zathur.dragon-fire.org BD + G * pool-70-104-245-88.ptldor.dsl-w.verizon.net [email protected] 5565259448521326591 1222504225 :One Week ban The expiry time of that gline(?) is 5565259448521326591, which is quite out of range.. leading to asctime() returning NULL leading to a crash in strncpy. |
|
fixed in .722: - Fix crash if settime/expirytime is out of range in TKL, set by another server. Should never happen except when using faulty services or when something else got horrible wrong (like a date which is 40 years ahead). Reported by Darth Android (0003738). [unverified!] can you confirm that this weird gline with that 5565259448521326591 expiry time got indeed set by services or something? |
|
assuming this is fixed... |
Date Modified | Username | Field | Change |
---|---|---|---|
2008-11-02 18:01 | Darth Android | New Issue | |
2008-12-21 14:20 | syzop | Note Added: 0015470 | |
2008-12-21 14:32 | syzop | Note Added: 0015473 | |
2009-05-13 06:36 | syzop | QA | => Not touched yet by developer |
2009-05-13 06:36 | syzop | U4: Need for upstream patch | => No need for upstream InspIRCd patch |
2009-05-13 06:36 | syzop | Note Added: 0015848 | |
2009-05-13 06:36 | syzop | Status | new => closed |
2009-05-13 06:36 | syzop | Resolution | open => fixed |
2009-05-13 06:36 | syzop | Fixed in Version | => 3.2.8 |