Re: [ossec-list] ossec remoted - segfault error

Wed, 27 Nov 2013 09:25:05 -0800 

On Wed, Nov 27, 2013 at 12:22 PM, Darin Perusich <[email protected]> wrote:
> --
> Later,
> Darin
>
>
> On Wed, Nov 27, 2013 at 12:11 PM, dan (ddp) <[email protected]> wrote:
>> On Wed, Nov 27, 2013 at 11:41 AM, Darin Perusich <[email protected]> wrote:
>>> On Tue, Nov 26, 2013 at 2:15 PM, Darin Perusich <[email protected]> wrote:
>>>> On Tue, Nov 26, 2013 at 12:59 PM, dan (ddp) <[email protected]> wrote:
>>>>> On Tue, Nov 26, 2013 at 12:57 PM, Darin Perusich <[email protected]> wrote:
>>>>>> This "fixed" remoted. What's so special about this included zlib,
>>>>>> other then being 8.5 years old and getting ever more unmaintained? I
>>>>>> haven't had a chance to diff it against upstream yet.
>>>>>>
>>>>>
>>>>> I don't know actually. I remember the Debian folks mentioning
>>>>> differences and possibly trying to push some upstream.
>>>>>
>>>>
>>>> Looks I spoke to soon, I'm still getting the segfault with
>>>> ossec-remoted built against the provided zlib. This is giving me a bit
>>>> of a headache. Let me keep poking around and see if I can come up with
>>>> anything else.
>>>
>>> Ok, so I'm looking at this again and ossec-remoted is built with the
>>> provided zlib and it's still segfaulting. What other info can I
>>> provide to keep this moving, any additional gdb output, valgrind,
>>> building w/specify debug flags (other then -g)?
>>>
>>
>> Is the trace in gdb the same?
>>
>
> It is but's here's the output again.
>
> # gdb /var/ossec/bin/ossec-remoted
> GNU gdb (GDB) SUSE (7.5.1-2.1.1)
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-suse-linux".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /var/ossec/bin/ossec-remoted...done.
> (gdb) set follow-fork-mode child
> (gdb) run -d
> Starting program: /var/ossec/bin/ossec-remoted -d
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> 2013/11/27 12:21:22 ossec-remoted: DEBUG: Starting ...
> [New process 3486]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New process 3487]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New process 3488]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New Thread 0x7ffff6fd8700 (LWP 3489)]
> [New Thread 0x7ffff67d7700 (LWP 3490)]
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff7fdf700 (LWP 3488)]
> 0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at msgs.c:89
> warning: Source file is more recent than executable.
> 89                      if((keys->keyentries[i -1]->fp) && (i > 10))
> (gdb) where
> #0  0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at msgs.c:89
> #1  0x0000000000404845 in HandleSecure () at secure.c:85
> #2  0x0000000000404708 in HandleRemote (position=0, uid=493) at remoted.c:102
> #3  0x0000000000403234 in main (argc=2, argv=0x7fffffffe1d8) at main.c:151
> (gdb) list
> 84                  if(!keys->keyentries[i]->fp)
> 85                  {
> 86                      int my_error = errno;
> 87
> 88                      /* Just in case we run out of file descriptiors */
> 89                      if((keys->keyentries[i -1]->fp) && (i > 10))
> 90                      {
> 91                          fclose(keys->keyentries[i -1]->fp);
> 92
> 93                          if(keys->keyentries[i -2]->fp)


(gdb) bt full
#0  0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at msgs.c:89
        my_error = 13
        i = 0
        rids_file =
"/queue/rids/001\000\000\256\377\377\377\177\000\000\022*\226R\000\000\000\000\340\347\273\367\377\177\000\000\300\325e\000\000\000\000\000\260\256\377\377\377\177\000\000!tB",
'\000' <repeats 13 times>, "BLC", '\000' <repeats 13 times>,
"\020\000\000\000\060\000\000\000\300\256\377\377\377\177\000\000\000\256\377\377\377\177\000\000\000\000\000\000\000\000\000\000@KC\000\000\000\000\000H\000\000\000\000\000\000\000@\002\000\000\000\000\000\000\001\000\000\000\000\000\000\000\005",
'\000' <repeats 88 times>"\256,
\377\377\377\177\000\000צ\377\377\377\177\000\000"
#1  0x0000000000404845 in HandleSecure () at secure.c:85
        agentid = 0
        buffer = '\000' <repeats 1928 times>,
"\002\030\336\367\377\177", '\000' <repeats 67 times>"\300,
\000\000\000\000\000\000\254\260\000\000\000\000\000\000\254\260",
'\000' <repeats 14 times>, "\005\000\000\000\000\000\000\000\000\260
\000\000\000\000\000\000\320 \000\000\000\000\000\030\303
\000\000\000\000\000H\307
\000\000\000\000\000\000\260\000\000\000\000\000\000\003", '\000'
<repeats 31 times>"\320, \004", '\000' <repeats 14 times>, "P", '\000'
<repeats 39 times>,
"\003\000\000\000\060\000\000\000[\000\000\000n\000\000\000w\000\000\000|",
'\000' <repeats 11 times>,
"@\226\273\367\377\177\000\000\031\000\000\000\000\000\000\000\320ie\000\000\000\000\000\020ee\000\000\000\000\000\031",
'\000' <repeats 15 times>,
"3\366\210\367\377\177\000\000\320ie\000\000\000\000\000\000"...
        cleartext_msg = '\000' <repeats 5264 times>, "@", '\000'
<repeats 35 times>,
"\001\000\000\000\002\000\000\000\060\000\000\000[\000\000\000n\000\000\000w\000\000\000|",
'\000' <repeats 11 times>,
"@\226\273\367\377\177\000\000\200\305\377\377\377\177\000\000PKe\000\000\000\000\000\200\305\377\377\377\177\000\000\220)@\000\000\000\000\000PKe\000\000\000\000\000Ȉ\210\367\377\177\000\000\000\000\000\000\000\000\000\000PKe\000\000\000\000\000\200\305\377\377\377\177\000\000\376\226\210\367\377\177\000\000PKe\000\000\000\000\000WK\210\367\377\177\000\000\000\000\000\000\000\000\000\000\034\370B\000\000\000\000\000\000\000\000\000\003\000\000\000PKe\000\000\000\000\000PKe\000\000\000\000\000\000\000\000\000\377\377\377\377\000\336\377\377\377\177\000\000\205\002C",
'\000' <repeats 13 times>,
"0\337\377\377\377\177\000\000\000\000\000\000\000\000\000\000P"...
        srcip = '\000' <repeats 16 times>
        tmp_msg = 0x6f <Address 0x6f out of bounds>
        srcmsg = '\000' <repeats 256 times>
        recv_b = 32767
        peer_info = {sin_family = 0, sin_port = 0, sin_addr = {s_addr
= 0}, sin_zero = "\000\000\000\000\000\000\000"}
        peer_size = 0
#2  0x0000000000404708 in HandleRemote (position=0, uid=493) at remoted.c:102
No locals.
#3  0x0000000000403234 in main (argc=2, argv=0x7fffffffe1d8) at main.c:151
        i = 0
        c = -1
        uid = 493
        gid = 494
        test_config = 0
        run_foreground = 0
        cfg = 0x433fe0 "/var/ossec/etc/ossec.conf"
        dir = 0x433ffa "/var/ossec"
        user = 0x434005 "ossecr"
        group = 0x43400c "ossec"
(gdb)

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to