[Bug 2078638] Re: coredumps with Xymon on 24.04

Mon Sep 30 15:04:53 UTC 2024

On Mon, 30 Sep 2024, Dave Jones wrote:

> This is a bit of a tricky one. With regard to the first patch
> (fortify2.patch), while it's expedient, I really don't like the idea of
> just turning down the FORTIFY_SOURCE option, so I'm afraid I can't
> sponsor that one.

The fortify2.patch was only a first workaround for this issue (to get
xymon online).  It is superseded by 100_md5_bufferoverflow.patch,
which solves the root cause.

> One thing that does concern me is that upstream have apparently had a
> good tidy-up of their buffer handling code
> (https://sourceforge.net/p/xymon/code/8123/), but that this change
> doesn't appear there. To be fair, most of their changes seem either
> mechanical (ensuring buffer termination after certain operations) or
> cosmetic, while this proposed change is neither.

The above SVN commit is only part of the 4.x-alpha version, which is
not yet released, neither upstream nor in Debian (but there we have an
experimental branch, where we try to prepare a release for 4.x):
https://salsa.debian.org/debian/xymon/-/tree/experimental

> Still, we generally prefer patches are forwarded upstream so we
> don't have to maintain them as an Ubuntu delta long term. Could
> Roland forward the patch upstream?

I developed the patch based on an request on upstream mailing list.  I
also sent my patch to this list.
Sadly the list archive currently is broken (since the migration of the
list server from mailman2 to mailman3 on a different server in July
2024).  As soon as the archive reappears, I'll ad a link to my patch.

> (I note Roland is one of the Debian maintainers of the package, so
> presumably it doesn't need forwarding to himself there :)

I applied the patch to the Debian git repo, but didn't yet push a
release (should do so...).

> 1. I'll target this bug to noble and jammy (and oracular implicitly).
> Although jammy doesn't *appear* affected here, it presumably *is* but
> it's not noticing the buffer overrun because FORTIFY_SOURCE is lower
> there.

ACK.

> 2. Because we don't appear certain that this patch is indeed the root
> cause, I'm going to prep a PPA (ppa:waveform/xymon) with builds for
> oracular, noble, and jammy, containing the second patch here
> (100_md5_bufferoverflow.patch). Could I ask those interested to try the
> following and report back if it appears to fix things?

For the records: I did some testing on Debian 12 (by defaults using
fortify_source=2) and Ubuntu 24.04 (using fortify_source=3 by default)
with switching fortify_source=2/3 and as soon as this is set to 3 the
software fails (on both OS).  The resulting coredumps of
xymond_client, xymond_rrd and xymond_alert all pointed to md5hash from
lig/digest.c:44.  So I checked/patched this code and after this xymon
works with fortify_source=3 on all of my systems without segfaulting.

Greetings
Roland

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2078638

Title:
  coredumps with Xymon on 24.04

Status in xymon package in Ubuntu:
  Confirmed
Status in xymon source package in Jammy:
  New
Status in xymon source package in Noble:
  Confirmed

Bug description:
  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04.1 LTS
  Release:        24.04

  apt-cache policy xymon:
  xymon:
    Installed: 4.3.30-2build3
    Candidate: 4.3.30-2build3
    Version table:
   *** 4.3.30-2build3 500
          500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
          100 /var/lib/dpkg/status

  Noticed Xymon server was not reporting disk and memory utilization from clients however client data was showing that information was received.  Found errors in some logfiles:

  ==> /var/log/xymon/rrd-status.log <==
  2024-09-01 12:34:06.746771 Peer not up, flushing message queue
  2024-09-01 12:34:06.863790 Peer not up, flushing message queue
  2024-09-01 12:34:08.265509 Peer not up, flushing message queue
  2024-09-01 12:34:17.025378 Peer not up, flushing message queue
  2024-09-01 12:34:41.913539 Peer not up, flushing message queue
  2024-09-01 12:34:42.106938 Peer not up, flushing message queue
  2024-09-01 12:34:42.765675 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6
  2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe

  ==> /var/log/xymon/alert.log <==
  2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:33:49.327117 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6
  2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe
  2024-09-01 12:34:06.746753 Peer not up, flushing message queue
  2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:34:41.913550 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6

  ==> /var/log/xymon/clientdata.log <==
  2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:33:54.362205 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6
  2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe
  2024-09-01 12:34:12.013168 Peer not up, flushing message queue
  2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:34:47.190143 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6

  I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4
  (xymon 4.3.30-1build2).  I tried a fresh Ubuntu 24.04 OS install and
  got the same response.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/2078638/+subscriptions