On Tue, 24 Sep 2024, I wrote:
Next step would be digging deeper and finding the root causes of these
buffer overflows and to fix them, maybe some upstream xymon developer,
since my C skills are quite limited :-(
According to systemd coredumpctl we have at least coredumps in
xymond_client, xymond_rrd and xymond_alert.
Here is the output of gdb bt full for them (maybe someone else
understands more of what the root cause is):
xymond_client:
==============
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {0}}
ret = <optimized out>
#1 0x00007fd7c6fe1e9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
No locals.
#2 0x00007fd7c6f92fb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007fd7c6f7d472 in __GI_abort () at ./stdlib/abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140721929553312, 3558782228032748576,
1675727637748588544, 94097479924736, 94097479924736, 140721929553552, 94097479835289, 140721929553696}}, sa_flags = 2, sa_restorer = 0x7ffc609f85a0}
#4 0x00007fd7c6fd6430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd7c70f0210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffc609f86f0, reg_save_area = 0x7ffc609f8680}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#5 0x00007fd7c706f0f2 in __GI___fortify_fail (msg=msg@entry=0x7fd7c70f01b6 "buffer overflow detected") at ./debug/fortify_fail.c:26
No locals.
#6 0x00007fd7c706dc00 in __GI___chk_fail () at ./debug/chk_fail.c:28
No locals.
#7 0x00007fd7c706d835 in ___snprintf_chk (s=s@entry=0x5594c6dd7c02 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31,
format=format@entry=0x5594c6dc1e99 "%02x") at ./debug/snprintf_chk.c:29
mode = <optimized out>
ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc609f8800, reg_save_area = 0x7ffc609f8740}}
ret = <optimized out>
#8 0x00005594c6db7581 in snprintf (__fmt=0x5594c6dc1e99 "%02x", __n=35, __s=0x5594c6dd7c02 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54
No locals.
#9 md5hash (
input=input@entry=0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44
ctx = 0x5594c83023a0
md_value = "\301tJ\342^\312T\032bGjɨ\f\267I"
md_string = "c1", '\000' <repeats 30 times>
i = 1
p = 0x5594c6dd7c02 <md_string+2> ""
#10 0x00005594c6db2c39 in prepare_fromnet () at ./lib/loadhosts_file.c:104
sres = 0x5594c83023a0
sendstat = <optimized out>
fdata = 0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...
fhash = <optimized out>
contentmd5 = '\000' <repeats 32 times>
sres = <optimized out>
sendstat = <optimized out>
fdata = <optimized out>
fhash = <optimized out>
#11 load_hostnames (hostsfn=0x7ffc609fb889 "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142
prepresult = <optimized out>
ip1 = 0
ip2 = 0
ip3 = 0
ip4 = 0
groupid = <optimized out>
pageidx = <optimized out>
hostname = '\000' <repeats 40 times>, "z\033\036\307\327\177\000\000\000\000\000\000\000\000\000\000\300\215\237`\374\177\000\000 \220 \307\327\177\000\000h\345\035\307\327\177\000\000\006\000\000\000\004\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\003\000\000\000\000\000\000\020\003\000\000\000\000\000\000\b\000\000\000\000\000\000\000\003\000\000\000\004\000\000\000\360\n\032\000\000\000\000\000\360\n\032\000\000\000\000\000\360\n\032\000\000\000\000\000\034\000\000\000\000\000\000\000\034\000\000\000\000\000\000\000\020\000\000\000\000\000\000\000\001\000\000\000\004", '\000' <repeats 27 times>...
dgname = 0x0
dgname_buflen = 0
curtoppage = <optimized out>
curpage = <optimized out>
pgtail = <optimized out>
htree = <optimized out>
cfgdata = <optimized out>
inbol = <optimized out>
ineol = <optimized out>
insavchar = 0 '\000'
#12 0x00005594c6d83b59 in main (argc=<optimized out>, argv=0x7ffc609f9c48) at ./xymond/xymond_client.c:2181
eoln = <optimized out>
restofmsg = <optimized out>
p = <optimized out>
metadata = {0x41564952 <error: Cannot access memory at address 0x41564952>, 0x0, 0x62696c5f5f004554 <error: Cannot access memory at address 0x62696c5f5f004554>,
0x5f796c7261655f63 <error: Cannot access memory at address 0x5f796c7261655f63>, 0x60 <error: Cannot access memory at address 0x60>, 0x0,
0x18 <error: Cannot access memory at address 0x18>, 0x0 <repeats 14 times>}
metacount = <optimized out>
nowtimer = 308
msg = 0x7fd7c6ed2010 "@@client#1/xymon12.sail.spinnaker.de|1727205554.416384|127.0.0.1|xymon12.sail.spinnaker.de|linux|linux|\nclient xymon12,sail,spinnaker,de.linux linux\n[date]\nTue Sep 24 21:19:09 CEST 2024\n[uname]\nLinux "...
running = 1
argi = <optimized out>
seq = 1
sa = {__sigaction_handler = {sa_handler = 0x5594c6d84450 <sig_handler>, sa_sigaction = 0x5594c6d84450 <sig_handler>}, sa_mask = {__val = {0 <repeats 16 times>}},
sa_flags = 0, sa_restorer = 0x0}
nextconfigload = 908
configfn = <optimized out>
collectors = 0x5594c83022a0
xymond_rrd:
===========
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {0}}
ret = <optimized out>
#1 0x00007f892b9cee9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
No locals.
#2 0x00007f892b97ffb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007f892b96a472 in __GI_abort () at ./stdlib/abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140720416982192, 3558782991895767008,
8200057225952544256, 94861342943168, 94861342943168, 140720416982432, 94861342820529, 140720416982576}}, sa_flags = 2, sa_restorer = 0x7ffc067784b0}
#4 0x00007f892b9c3430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f892badd210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffc06778600, reg_save_area = 0x7ffc06778590}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#5 0x00007f892ba5c0f2 in __GI___fortify_fail (msg=msg@entry=0x7f892badd1b6 "buffer overflow detected") at ./debug/fortify_fail.c:26
No locals.
#6 0x00007f892ba5ac00 in __GI___chk_fail () at ./debug/chk_fail.c:28
No locals.
#7 0x00007f892ba5a835 in ___snprintf_chk (s=s@entry=0x5646a0a627c2 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31,
format=format@entry=0x5646a0a448b1 "%02x") at ./debug/snprintf_chk.c:29
mode = <optimized out>
ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc06778710, reg_save_area = 0x7ffc06778650}}
ret = <optimized out>
#8 0x00005646a0a2a481 in snprintf (__fmt=0x5646a0a448b1 "%02x", __n=35, __s=0x5646a0a627c2 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54
No locals.
#9 md5hash (
input=input@entry=0x5646a26010d0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44
ctx = 0x5646a26000c0
md_value = "\301tJ\342^\312T\032bGjɨ\f\267I"
md_string = "c1", '\000' <repeats 30 times>
i = 1
p = 0x5646a0a627c2 <md_string+2> ""
#10 0x00005646a0a3d699 in prepare_fromnet () at ./lib/loadhosts_file.c:104
sres = 0x5646a26000c0
sendstat = <optimized out>
fdata = 0x5646a26010d0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...
fhash = <optimized out>
contentmd5 = '\000' <repeats 32 times>
sres = <optimized out>
sendstat = <optimized out>
fdata = <optimized out>
fhash = <optimized out>
#11 load_hostnames (hostsfn=0x7ffc0677f88c "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142
prepresult = <optimized out>
ip1 = 0
ip2 = 0
ip3 = 0
ip4 = 0
groupid = <optimized out>
pageidx = <optimized out>
hostname = '\000' <repeats 16 times>, "/usr/lib/xymon/server/etc/rrddefinitions.cfg", '\000' <repeats 3404 times>...
dgname = 0x0
dgname_buflen = 0
curtoppage = <optimized out>
curpage = <optimized out>
pgtail = <optimized out>
htree = <optimized out>
cfgdata = <optimized out>
inbol = <optimized out>
ineol = <optimized out>
insavchar = 0 '\000'
#12 0x00005646a0a0d08f in main (argc=<optimized out>, argv=<optimized out>) at ./xymond/xymond_rrd.c:329
eoln = <optimized out>
ctlbuf = '\000' <repeats 4095 times>
restofmsg = 0x0
metacount = <optimized out>
testname = 0x0
sender = 0x0
ldef = 0x0
n = <optimized out>
now = 458
classname = 0x0
pagepaths = 0x0
gotcachectlmessage = <optimized out>
metadata = {0x0 <repeats 21 times>}
p = <optimized out>
hostname = 0x0
tstamp = <optimized out>
childstat = 0
msg = 0x7f892877e010 "@@status#8/xymon12.sail.spinnaker.de|1727205704.508355|127.0.0.1||xymon12.sail.spinnaker.de|xymongen|1727207504|green||green|1727205584|0||0||1727205554|linux||0|\nstatus xymon12,sail,spinnaker,de.xymo"...
argi = <optimized out>
sa = {__sigaction_handler = {sa_handler = 0x5646a0a0d740 <sig_handler>, sa_sigaction = 0x5646a0a0d740 <sig_handler>}, sa_mask = {__val = {0 <repeats 16 times>}},
sa_flags = 0, sa_restorer = 0x0}
exthandler = <optimized out>
extids = <optimized out>
processor = <optimized out>
ctlsockaddr = {sun_family = 1, sun_path = "/var/lib/xymon/tmp/rrdctl.1656", '\000' <repeats 77 times>}
ctlsocket = 3
usebackfeedqueue = 0
xymond_alert:
=============
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {0}}
ret = <optimized out>
#1 0x00007f7ae955de9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
No locals.
#2 0x00007f7ae950efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007f7ae94f9472 in __GI_abort () at ./stdlib/abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140729827760864, 3558781987793485696,
18061915719574039552, 93857240661856, 93857240661856, 140729827761104, 93857240583353, 140729827761248}}, sa_flags = 2, sa_restorer = 0x7ffe37649ae0}
#4 0x00007f7ae9552430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7ae966c210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffe37649c30, reg_save_area = 0x7ffe37649bc0}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#5 0x00007f7ae95eb0f2 in __GI___fortify_fail (msg=msg@entry=0x7f7ae966c1b6 "buffer overflow detected") at ./debug/fortify_fail.c:26
No locals.
#6 0x00007f7ae95e9c00 in __GI___chk_fail () at ./debug/chk_fail.c:28
No locals.
#7 0x00007f7ae95e9835 in ___snprintf_chk (s=s@entry=0x555cd77d3f62 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31,
format=format@entry=0x555cd77c0cb9 "%02x") at ./debug/snprintf_chk.c:29
mode = <optimized out>
ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe37649d40, reg_save_area = 0x7ffe37649c80}}
ret = <optimized out>
#8 0x0000555cd77ba6d1 in snprintf (__fmt=0x555cd77c0cb9 "%02x", __n=35, __s=0x555cd77d3f62 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54
No locals.
#9 md5hash (
input=input@entry=0x555cd81e5390 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44
ctx = 0x555cd81e5350
md_value = "\301tJ\342^\312T\032bGjɨ\f\267I"
md_string = "c1", '\000' <repeats 30 times>
i = 1
p = 0x555cd77d3f62 <md_string+2> ""
#10 0x0000555cd77b5d89 in prepare_fromnet () at ./lib/loadhosts_file.c:104
sres = 0x555cd81e5350
sendstat = <optimized out>
fdata = 0x555cd81e5390 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...
fhash = <optimized out>
contentmd5 = '\000' <repeats 32 times>
sres = <optimized out>
sendstat = <optimized out>
fdata = <optimized out>
fhash = <optimized out>
#11 load_hostnames (hostsfn=0x7ffe3764f88f "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142
prepresult = <optimized out>
ip1 = 0
ip2 = 0
ip3 = 0
ip4 = 0
groupid = <optimized out>
pageidx = <optimized out>
hostname = '\000' <repeats 3720 times>...
dgname = 0x0
dgname_buflen = 0
curtoppage = <optimized out>
curpage = <optimized out>
pgtail = <optimized out>
htree = <optimized out>
cfgdata = <optimized out>
inbol = <optimized out>
ineol = <optimized out>
insavchar = 0 '\000'
#12 0x0000555cd77a09a8 in main (argc=3, argv=0x7ffe3764d1c8) at ./xymond/xymond_alert.c:533
msg = <optimized out>
seq = 0
argi = <optimized out>
alertcolors = 56
alertinterval = 1800
configfn = <optimized out>
checkfn = <optimized out>
loadresult = <optimized out>
reloadconfigtime = 0
checkpointinterval = <optimized out>
acklogfn = '\000' <repeats 2888 times>...
acklogfd = 0x0
notiflogfn = "P\003\000\000\000\000\000\000 \000\000\000\000\000\000\000 \000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\004\000\000\000\004\000\000\000p\003\000\000\000\000\000\000p\003\000\000\000\000\000\000p\003\000\000\000\000\000\000D\000\000\000\000\000\000\000D\000\000\000\000\000\000\000\004\000\000\000\000\000\000\000\a\000\000\000\004\000\000\000\320\350\034\000\000\000\000\000\320\350\034\000\000\000\000\000\320\350\034\000\000\000\000\000\020\000\000\000\000\000\000\000\220\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000S\345td\004\000\000\000P\003\000\000\000\000\000\000P\003\000\000\000\000\000\000P\003\000\000\000\000\000\000 \000\000\000\000\000\000\000 \000\000\000\000\000\000\000\b\000\000\000\000\000\000\000"...
notiflogfd = 0x0
tracefn = <optimized out>
sa = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0}
configchanged = <optimized out>
lastxmit = 0
Greetings
Roland