[Bug 1384943] Re: [SRU] Pinger crashes with segfault in libc

Marco Bettio marco.bettio at lattonedil.it
Fri Dec 19 12:51:58 UTC 2014 

Hi Jorge, I tried removing all and reinstallig all from repository.
the step i followed: 

 2056  sudo apt-get remove squidclient
 2057  sudo apt-get remove squid3-common (this also remove squid3)
 2058  sudo apt-get clean squid3-common
 2059  sudo apt-get clean squid3
 2060  sudo apt-get clean squidclient
 2061  sudo apt-get install squid3 squid3-common squidclient

Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
I seguenti pacchetti sono stati installati automaticamente e non sono più richiesti:
  linux-headers-3.13.0-40 linux-headers-3.13.0-40-generic
  linux-image-3.13.0-40-generic linux-image-extra-3.13.0-40-generic
Usare "apt-get autoremove" per rimuoverli.
Pacchetti suggeriti:
  squid-cgi squid-purge smbclient winbindd
I seguenti pacchetti NUOVI saranno installati:
  squid3 squid3-common squidclient
0 aggiornati, 3 installati, 0 da rimuovere e 1 non aggiornati.
È necessario scaricare 1.970 kB di archivi.
Dopo quest'operazione, verranno occupati 6.679 kB di spazio su disco.
Scaricamento di:1 http://it.archive.ubuntu.com/ubuntu/ trusty-updates/main squid3-common all 3.3.8-1ubuntu6.2 [153 kB]
Scaricamento di:2 http://it.archive.ubuntu.com/ubuntu/ trusty-updates/main squid3 amd64 3.3.8-1ubuntu6.2 [1.787 kB]
Scaricamento di:3 http://it.archive.ubuntu.com/ubuntu/ trusty-updates/universe squidclient amd64 3.3.8-1ubuntu6.2 [31,1 kB]
Recuperati 1.970 kB in 4s (441 kB/s)
Selezionato il pacchetto squid3-common non precedentemente selezionato.
(Lettura del database... 101279 file e directory attualmente installati.)
Preparing to unpack .../squid3-common_3.3.8-1ubuntu6.2_all.deb ...
Unpacking squid3-common (3.3.8-1ubuntu6.2) ...
Selezionato il pacchetto squid3 non precedentemente selezionato.
Preparing to unpack .../squid3_3.3.8-1ubuntu6.2_amd64.deb ...
Unpacking squid3 (3.3.8-1ubuntu6.2) ...
Selezionato il pacchetto squidclient non precedentemente selezionato.
Preparing to unpack .../squidclient_3.3.8-1ubuntu6.2_amd64.deb ...
Unpacking squidclient (3.3.8-1ubuntu6.2) ...
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Configurazione di squid3-common (3.3.8-1ubuntu6.2)...
Configurazione di squid3 (3.3.8-1ubuntu6.2)...
squid3 start/running, process 8150
Skipping profile in /etc/apparmor.d/disable: usr.sbin.squid3
Configurazione di squidclient (3.3.8-1ubuntu6.2)...

/var/log/squid3/cache.log

2014/12/19 13:38:07.606| cc(263) Recv: 282 bytes from [2001:1418:100:84df:1::1]
2014/12/19 13:38:07.606| cc(306) Recv: [2001:1418:100:84df:1::1] said: 2/0 Packet Too Big
*** Error in `(pinger)': munmap_chunk(): invalid pointer: 0x00007f430603a260 ***

crash report attached.

Hope this time we had better luck with this .


** Attachment added: "crash file"
   https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1384943/+attachment/4284149/+files/_usr_lib_squid3_pinger.0.crash

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1384943

Title:
  [SRU] Pinger crashes with segfault in libc

Status in squid3 package in Ubuntu:
  Fix Released
Status in squid3 source package in Trusty:
  Fix Released
Status in squid3 source package in Utopic:
  Fix Released

Bug description:
  [Description]

  Malformed ICMP packets were accepted into processing with undefined
  and potentially nasty results.

  Both sets of flaws can result in pinger segmentation fault and halting
  the Squid functionality relying on pinger for correct operation.

  A backtrace obtained from a failing guest, shows

  #0  0x00007f6e3833cb4a in __strcmp_sse2 () from /lib/x86_64-linux-gnu/libc.so.6
  #1  0x00007f6e38369971 in __tzfile_compute (timer=1415395716, use_localtime=<optimized out>, leap_correct=0x7ffff810be00,
      leap_hit=0x7ffff810bdf0, tp=0x7f6e38679de0 <_tmbuf>) at tzfile.c:786
  #2  0x00007f6e38368547 in __tz_convert () from /lib/x86_64-linux-gnu/libc.so.6
  #3  0x00007f6e38dc2683 in _db_print(char const*, ...) ()
  #4  0x00007f6e38dc300b in Debug::finishDebug() ()
  #5  0x00007f6e38dc0581 in IcmpPinger::Recv (this=0x7f6e38fd1680 <control>) at IcmpPinger.cc:190
  #6  0x00007f6e38dbf04e in main (argc=<optimized out>, argv=<optimized out>) at pinger.cc:223

  Dissecting the trace , it appears that the amount
  of read bytes on the  IcmpPinger::Recv method is < 0 (error), but
  no validation is being performed on the readed data, thus an segfault is being triggered.

  This patch handles most of this cases by bound checking all the recv values, also the ICMP type checking routines are improved to properly
  handle just existent types.

  [Test Case]

  - Install latest squid3 from archive.
  - Enable ICMP pinger
  - Wait for some anomalous ICMP response to come from any origin server,
  - Then the pinger process will segfault with an error like this:

  Nov 8 06:28:56 gd2mrbp001 kernel: [1543874.494491] pinger[8802]: segfault at 0 ip 00007fd276d6bb4a sp 00007fff11711908 error 4 in libc-2.19.so[7fd276ce4000+1bb000]
  - After applying this patch, i have ran this over 10 times without
  experiencing this issue anymore.

  [Other Customer information]

  After upgrading ubuntu over from 12. something to the 14.04 lts release my squid proxy did not work any longer.
  It often happens that sites are loading quite long and in the end there is a connection problem.
  Just in this moments I can see the following happen in dmesg output

  [4611237.325605] pinger[15651]: segfault at 0 ip 00007f6db12aeb4a sp 00007fff2552ad68 error 4 in libc-2.19.so[7f6db1227000+1bb000]
  [4611258.022931] init: squid3 main process (32738) killed by ABRT signal
  [4611258.022968] init: squid3 main process ended, respawning

  I already tried to reinstall squid3 and glibc and I build the squid3
  packages on the machine just in case there was something wrong with my
  glibc.

  I am using ubuntu 14.04.1 lts
  The squid version is
  squid3 3.3.8-1ubuntu6.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1384943/+subscriptions

More information about the Ubuntu-sponsors mailing list