Bug#1038644: nfdump: segfault if started with -R option
> Could you please try the just uploaded 1.7.1-3 to verify the fix for > both bugs? Verified: in 1.7.1-3 no segfault and no false "failed!" message from /etc/init.d/nfdump start. Thank you! On Wed, Jun 21, 2023 at 09:42:38PM +0200, Bernhard Schmidt wrote: > On 19/06/23 05:25 PM, Yury Shevchuk wrote: > > > # /usr/bin/nfcapd -D -P /var/run/nfcapd/default.pid -w /var/cache/nfdump > > -S1 -b 120.0.1 -p 2055 -R 127.0.0.2 2055 > > Segmentation fault > > The patch (trivial) is attached. > > Thanks. For the record, this is included in the much larger > > https://github.com/phaag/nfdump/commit/abfab42419117add44e1ea15ad9559d265642219#diff-c95665baa1999e70e29344d1dc05f3282cd1cf7f31b47341581cd1cf81b7d062R593 > > in v1.7.2 > > > A minor change in /etc/init.d/nfdump conffile (added return 0) fixes false > > "failed!" message from "/etc/init.d/nfdump start" which appears on systems > > using sysvinit-core rather than systemd. > > I really don't get what this code is supposed to do though. And I don't > want to invest much time into sysvinit. From my understanding > > start-stop-daemon --start --quiet \ > --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ > || return 1 > > First we run with --test. If start-stop-daemon returns zero (process not > already running) we continue, else we return 1. So far so good. > > start-stop-daemon --start --quiet \ > --pidfile "$PIDFILE" \ > --exec "$NFCAPD" -- \ > -D -P "$PIDFILE" \ > $options \ > || return 2 > > Now we really start it. If we can do it we continue, if we can't we > return 2 (could not be started) > > sleep 1 > start-stop-daemon --start --quiet \ > --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ > && return 2 > > Now we basically test again if the daemon is already running. If it > isn't, we return 2, > > At this point we have checked that 1 second after the start the process > is still running, and can return 0. > > Could you please try the just uploaded 1.7.1-3 to verify the fix for > both bugs? > > Bernhard
Bug#1038644: nfdump: segfault if started with -R option
On 19/06/23 05:25 PM, Yury Shevchuk wrote: > # /usr/bin/nfcapd -D -P /var/run/nfcapd/default.pid -w /var/cache/nfdump -S1 > -b 120.0.1 -p 2055 -R 127.0.0.2 2055 > Segmentation fault > The patch (trivial) is attached. Thanks. For the record, this is included in the much larger https://github.com/phaag/nfdump/commit/abfab42419117add44e1ea15ad9559d265642219#diff-c95665baa1999e70e29344d1dc05f3282cd1cf7f31b47341581cd1cf81b7d062R593 in v1.7.2 > A minor change in /etc/init.d/nfdump conffile (added return 0) fixes false > "failed!" message from "/etc/init.d/nfdump start" which appears on systems > using sysvinit-core rather than systemd. I really don't get what this code is supposed to do though. And I don't want to invest much time into sysvinit. From my understanding start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ || return 1 First we run with --test. If start-stop-daemon returns zero (process not already running) we continue, else we return 1. So far so good. start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" \ --exec "$NFCAPD" -- \ -D -P "$PIDFILE" \ $options \ || return 2 Now we really start it. If we can do it we continue, if we can't we return 2 (could not be started) sleep 1 start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ && return 2 Now we basically test again if the daemon is already running. If it isn't, we return 2, At this point we have checked that 1 second after the start the process is still running, and can return 0. Could you please try the just uploaded 1.7.1-3 to verify the fix for both bugs? Bernhard
Bug#1038644: nfdump: segfault if started with -R option
Package: nfdump Version: 1.7.1-2 Severity: normal Tags: patch X-Debbugs-Cc: si...@botik.ru Dear Maintainer, -R option is broken in nfdump-1.7.1-2. It used to work in infdump-1.6.22-2. How to reproduce: # /usr/bin/nfcapd -D -P /var/run/nfcapd/default.pid -w /var/cache/nfdump -S1 -b 120.0.1 -p 2055 -R 127.0.0.2 2055 Segmentation fault The patch (trivial) is attached. A minor change in /etc/init.d/nfdump conffile (added return 0) fixes false "failed!" message from "/etc/init.d/nfdump start" which appears on systems using sysvinit-core rather than systemd. Thank you! -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages nfdump depends on: ii init-system-helpers1.65.2 ii libbz2-1.0 1.0.8-5+b1 ii libc6 2.36-9 ii libpcap0.8 1.10.3-1 ii librrd81.7.2-4+b8 ii lsb-base 11.6 ii sysvinit-utils [lsb-base] 3.06-4 nfdump recommends no packages. nfdump suggests no packages. -- Configuration Files: /etc/init.d/nfdump changed: PATH=/sbin:/usr/sbin:/bin:/usr/bin NAME=nfcapd DESC='Netflow capture daemon' NFCAPD='/usr/bin/nfcapd' PIDDIR="/var/run/$NAME/" [ -x "$NFCAPD" ] || exit 0 mkdir -p "$PIDDIR" . /lib/init/vars.sh . /lib/lsb/init-functions do_start () { local INSTANCE="$1" local CONFIG="$2" sh -n "$CONFIG" 2>/dev/null || return 2 cache_dir= user= group= options= . "$CONFIG" [ "$options" ] || return 2 if [ "$cache_dir" ] ; then mkdir -p "$cache_dir" if [ "$user" ] && [ "$group" ] ; then chown "$user:$group" "$cache_dir" elif [ "$user" ] ; then chown "$user" "$cache_dir" fi fi local PIDFILE="$PIDDIR$INSTANCE.pid" start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ || return 1 start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" \ --exec "$NFCAPD" -- \ -D -P "$PIDFILE" \ $options \ || return 2 sleep 1 start-stop-daemon --start --quiet \ --pidfile "$PIDFILE" --exec "$NFCAPD" --test > /dev/null \ && return 2 return 0 # 20230617, sizif: shut up "failed!" complaint } do_stop () { local INSTANCE="$1" local PIDFILE="$PIDDIR/$INSTANCE.pid" start-stop-daemon --stop --quiet \ --retry=TERM/30/KILL/5 --pidfile "$PIDFILE" --name "$NAME" RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f "$PIDFILE" return "$RETVAL" } EXIT=0 do_action () { local CONFIG="$1" INSTANCE="$(basename "${CONFIG%%.conf}")" case "$ACTION" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$INSTANCE" do_start "$INSTANCE" "$CONFIG" case "$?" in 0|1)[ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 EXIT=1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$INSTANCE" do_stop "$INSTANCE" case "$?" in 0|1)[ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 EXIT=1 ;; esac ;; status) status_of_proc -p "$PIDDIR/$INSTANCE.pid" "$NFCAPD" "nfcapd $INSTANCE instance" || EXIT=$? ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$INSTANCE" do_stop "$INSTANCE" case "$?" in 0|1) do_start "$INSTANCE" "$CONFIG" case "$?" in 0) log_end_msg 0 ;; *) # Old process is still running or # failed to start log_end_msg 1 ;; esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: /etc/init.d/nfdump {start|stop|status|restart|force-reload} [ ...]" >&2 exit 3 ;; esac } ACTION="$1" shift if [ "$1" ] ; then while [ "$1" ] ; do CONFIG="/etc/nfdump/$1.conf" if [ -f "$CONFIG" ] ; then do_action