Someone told me that the new version 1 is unstable. You could try downgrading?
Matt Richards wrote:
> I didn't think cf-monitord was required, I am just taking stabs in the dark
> on this one. cf-serverd has been crashing a few times a day now and it is
> driving me crazy trying to figure it out. It has nothing to do with cfengine
> (as far as I can tell), but with the low level SSL functions. Maybe someone
> on this list can help me.
>
> It always crashes in the same spot:
>
> unnamed block in sha1_block_data_order(c = 0x2020a5e8, p = 0x2003a527, num =
> 67064724), line 269 in "sha_locl.h"
> sha1_block_data_order(c = 0x2020a5e8, p = 0x2003a527, num = 67064724), line
> 269 in "sha_locl.h"
> SHA1_Update(c = 0x2020a5e8, data_ = 0x2003a511, len = 4294967244), line 325
> in "md32_common.h"
> m_sha1.update(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266), line
> 77 in "m_sha1.c"
> EVP_DigestUpdate(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266),
> line 316 in "digest.c" <<<<<<<
> ssleay_rand_bytes(buf = " \271`", num = 22), line 485 in "md_rand.c" <<<<<<<
> RAND_bytes(buf = " \271`", num = 32), line 227 in "rand_lib.c"
> bnrand(pseudorand = 0, rnd = 0x2020a4d8, bits = 256, top = 0, bottom = 0),
> line 152 in "bn_rand.c"
> BN_rand(rnd = 0x2020a4d8, bits = 256, top = 0, bottom = 0), line 213 in
> "bn_rand.c"
> AuthenticationDialogue(conn = 0x2021a898, recvbuffer = "", recvlen = 280),
> line 2369 in "server.c"
> BusyWithConnection(conn = 0x2021a898), line 1018 in "server.c"
> HandleConnection(conn = 0x2021a898), line 885 in "server.c"
> _pthread_body(??) at 0xd0111780
>
> I see this as the culprit:
> EVP_DigestUpdate(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266),
> line 316 in "digest.c"
>
> That "count=4294967266" number is a dead give away. Some negative number just
> got stuffed into a wrong type. It all starts in
>
> ssleay_rand_bytes(buf = " \271`", num = 22), line 485 in "md_rand.c":
>
>
> k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
> if (k > 0)
> {
> MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
> <<<<<<<
> MD_Update(&m,&(state[0]),k);
> }
>
>
> k=40
> MD_DIGEST_LENGTH is 20
> st_idx=1053
> st_num=1023
>
> So a negative number is being sent to MD_Update (MD_DIGEST_LENGTH/2-k = -30)
> which eventually causes an overflow. The SSL code is the definition of
> insanity, I have no idea what is going on inside it.
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
