Hi, uname --all Linux xxx 2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan 13 09:21:40 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
--------------- [root@xxx cgi-bin]# ./search.cgi "a" *** buffer overflow detected ***: ./search.cgi terminated ======= Backtrace: ========= [0x52dae5] [0x52da7e] [0x52d523] [0x52d408] [0x440c98] [0x44d247] [0x4171dd] [0x404566] [0x4b6056] [0x405201] ======= Memory map: ======== 00400000-00685000 r-xp 00000000 fd:00 334904 /var/www/cgi-bin/search.cgi 00885000-008e0000 rw-p 00285000 fd:00 334904 /var/www/cgi-bin/search.cgi 008e0000-008ec000 rw-p 00000000 00:00 0 02484000-0251d000 rw-p 00000000 00:00 0 [heap] 399c400000-399c420000 r-xp 00000000 fd:00 318247 /lib64/ld-2.12.so 399c420000-399c61f000 ---p 00020000 fd:00 318247 /lib64/ld-2.12.so 399c61f000-399c620000 r--p 0001f000 fd:00 318247 /lib64/ld-2.12.so 399c620000-399c621000 rw-p 00020000 fd:00 318247 /lib64/ld-2.12.so 399c621000-399c622000 rw-p 00000000 00:00 0 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 /lib64/libc-2.12.so 399cd89000-399cf89000 ---p 00189000 fd:00 318254 /lib64/libc-2.12.so 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 /lib64/libc-2.12.so 399cf8d000-399cf8e000 rw-p 0018d000 fd:00 318254 /lib64/libc-2.12.so 399cf8e000-399cf93000 rw-p 00000000 00:00 0 7fc85941b000-7fc859541000 rw-p 00000000 00:00 0 7fc85994d000-7fc859a95000 rw-p 00000000 00:00 0 7fc859a95000-7fc859aa1000 r-xp 00000000 fd:00 318269 /lib64/libnss_files-2.12.so 7fc859aa1000-7fc859ca1000 ---p 0000c000 fd:00 318269 /lib64/libnss_files-2.12.so 7fc859ca1000-7fc859ca2000 r--p 0000c000 fd:00 318269 /lib64/libnss_files-2.12.so 7fc859ca2000-7fc859ca3000 rw-p 0000d000 fd:00 318269 /lib64/libnss_files-2.12.so 7fff73931000-7fff73946000 rw-p 00000000 00:00 0 [stack] 7fff739ff000-7fff73a00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) ------------------ [root@xxx cgi-bin]# gdb search.cgi GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /var/www/cgi-bin/search.cgi...Missing separate debuginfo for /var/www/cgi-bin/search.cgi Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/c9/14b8eda4e31a052fb8a432cd1fc5f3e1ee56f0.debug (no debugging symbols found)...done. (gdb) run "a" Starting program: /var/www/cgi-bin/search.cgi "a" *** buffer overflow detected ***: /var/www/cgi-bin/search.cgi terminated ======= Backtrace: ========= [0x52dae5] [0x52da7e] [0x52d523] [0x52d408] [0x440c98] [0x44d247] [0x4171dd] [0x404566] [0x4b6056] [0x405201] ======= Memory map: ======== 00400000-00685000 r-xp 00000000 fd:00 334904 /var/www/cgi-bin/search.cgi 00885000-008e0000 rw-p 00285000 fd:00 334904 /var/www/cgi-bin/search.cgi 008e0000-00985000 rw-p 00000000 00:00 0 [heap] 399c400000-399c420000 r-xp 00000000 fd:00 318247 /lib64/ld-2.12.so 399c420000-399c61f000 ---p 00020000 fd:00 318247 /lib64/ld-2.12.so 399c61f000-399c620000 r--p 0001f000 fd:00 318247 /lib64/ld-2.12.so 399c620000-399c621000 rw-p 00020000 fd:00 318247 /lib64/ld-2.12.so 399c621000-399c622000 rw-p 00000000 00:00 0 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 /lib64/libc-2.12.so 399cd89000-399cf89000 ---p 00189000 fd:00 318254 /lib64/libc-2.12.so 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 /lib64/libc-2.12.so 399cf8d000-399cf8e000 rw-p 0018d000 fd:00 318254 /lib64/libc-2.12.so 399cf8e000-399cf93000 rw-p 00000000 00:00 0 7ffff776c000-7ffff7892000 rw-p 00000000 00:00 0 7ffff7c9e000-7ffff7de6000 rw-p 00000000 00:00 0 7ffff7de6000-7ffff7df2000 r-xp 00000000 fd:00 318269 /lib64/libnss_files-2.12.so 7ffff7df2000-7ffff7ff2000 ---p 0000c000 fd:00 318269 /lib64/libnss_files-2.12.so 7ffff7ff2000-7ffff7ff3000 r--p 0000c000 fd:00 318269 /lib64/libnss_files-2.12.so 7ffff7ff3000-7ffff7ff4000 rw-p 0000d000 fd:00 318269 /lib64/libnss_files-2.12.so 7ffff7ffe000-7ffff7fff000 r-xp 00000000 00:00 0 [vdso] 7ffffffea000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x000000000047199b in ?? () (gdb) ------------------------- (gdb) backtrace #0 0x000000000047199b in ?? () #1 0x00000000004be10b in ?? () #2 0x00000000004ca57e in ?? () #3 0x000000000052dae5 in ?? () #4 0x000000000052da7e in ?? () #5 0x000000000052d523 in ?? () #6 0x000000000052d408 in ?? () #7 0x0000000000440c98 in ?? () #8 0x000000000044d247 in ?? () #9 0x00000000004171dd in ?? () #10 0x0000000000404566 in ?? () #11 0x00000000004b6056 in ?? () #12 0x0000000000405201 in ?? () #13 0x00007fffffffe5d8 in ?? () #14 0x0000000000000000 in ?? () (gdb) ---------------------- [root@xxx cgi-bin]# rpm -qi mnogosearch Name : mnogosearch Relocations: (not relocatable) Version : 3.3.12 Vendor: (none) Release : 01.static Build Date: Thu 15 Dec 2011 02:18:31 PM CET Install Date: Thu 21 Feb 2013 06:08:24 PM CET Build Host: bar.myoffice.izhnet.ru Group : Applications/Internet Source RPM: mnogosearch-3.3.12-01.static.src.rpm Size : 16239228 License: GNU GPL Version 2 Signature : (none) URL : http://www.mnogosearch.org/ Summary : Full-featured MySQL based web search engine. Description : mnoGoSearch is a full-featured MySQL based web search engine. mnoGoSearch consists of two parts. The first part is an indexing mechanism (indexer). The indexer walks over html hypertext references and stores found words and new references into a database. The second part is a web CGI front-end to provide search using data collected by the indexer. A PHP and a Perl front-ends are also available from our site http://www.mnogosearch.org/. mnoGoSearch first release took place in November 1998. The search engine was named UDMSearch until the project was acquired by Lavtech.Com Corp. in October 2000 and its name changed to mnoGoSearch. [root@xxx cgi-bin]# -------------------------------- Philippe -----Original Message----- From: general-boun...@mnogosearch.org [mailto:general-boun...@mnogosearch.org] On Behalf Of Alexander Barkov Sent: 19 March 2013 18:54 To: general@mnogosearch.org Subject: Re: [General] Buffer overflow Hi, What are exactly your Linux distribution and version? Does it crash on all queries, or on a certain query only? Please try to run search.cgi from command line like this: ./search.cgi "query words" where "query words" are the search words that make it crash. Does it crash when started from command line? If so, it would be nice to get a gdb backtrace. Please do the following: gdb search cgi (gdb) run "query words" (gdb) backtrace Thanks. On 03/19/2013 08:31 PM, Philippe DE ROCHAMBEAU wrote: > Hello, > > When I type a word in the Search Form Input field and press Search!, I > get a buffer overflow error. > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] *** buffer > overflow detected ***: /var/www/cgi-bin/search.cgi terminated > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] ======= > Backtrace: ========= > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52dae5] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52da7e] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52d523] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52d408] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x440c98] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x44d247] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x4171dd] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x404566] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x4b6056] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x405201] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] ======= > Memory map: ======== > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 00400000-00685000 r-xp 00000000 fd:00 334904 > /var/www/cgi-bin/search.cgi > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 00885000-008e0000 rw-p 00285000 fd:00 334904 > /var/www/cgi-bin/search.cgi > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 008e0000-008ec000 rw-p 00000000 00:00 0 > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 01ee0000-01f6d000 rw-p 00000000 00:00 0 [heap] > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399c400000-399c420000 r-xp 00000000 fd:00 318247 > /lib64/ld-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399c420000-399c61f000 ---p 00020000 fd:00 318247 /lib64/ld-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399c61f000-399c620000 r--p 0001f000 fd:00 318247 /lib64/ld-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399c620000-399c621000 rw-p 00020000 fd:00 318247 /lib64/ld-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399c621000-399c622000 rw-p 00000000 00:00 0 > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 /lib64/libc-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399cd89000-399cf89000 ---p 00189000 fd:00 318254 /lib64/libc-2.12.so > > [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] > 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 > > Configuration: mnogosearch 3.3.13 on Linux 2.6.32 > > Any help would be greatly appreciated. > > Philippe > > P In order to preserve the environment, please do not print this > message unless it is necessary. > > > > _______________________________________________ > General mailing list > General@mnogosearch.org > http://lists.mnogosearch.org/listinfo/general > _______________________________________________ General mailing list General@mnogosearch.org http://lists.mnogosearch.org/listinfo/general P In order to preserve the environment, please do not print this message unless it is necessary. _______________________________________________ General mailing list General@mnogosearch.org http://lists.mnogosearch.org/listinfo/general
