Thanks, I'll try to take a look at it tonight. I'll push it along then. On Mon, Dec 2, 2013 at 3:23 PM, Darin Perusich <[email protected]> wrote: > On Mon, Dec 2, 2013 at 3:10 PM, Darin Perusich <[email protected]> wrote: >> On Wed, Nov 27, 2013 at 12:23 PM, Darin Perusich <[email protected]> wrote: >>> On Wed, Nov 27, 2013 at 12:22 PM, Darin Perusich <[email protected]> wrote: >>>> -- >>>> Later, >>>> Darin >>>> >>>> >>>> On Wed, Nov 27, 2013 at 12:11 PM, dan (ddp) <[email protected]> wrote: >>>>> On Wed, Nov 27, 2013 at 11:41 AM, Darin Perusich <[email protected]> wrote: >>>>>> On Tue, Nov 26, 2013 at 2:15 PM, Darin Perusich <[email protected]> wrote: >>>>>>> On Tue, Nov 26, 2013 at 12:59 PM, dan (ddp) <[email protected]> wrote: >>>>>>>> On Tue, Nov 26, 2013 at 12:57 PM, Darin Perusich <[email protected]> >>>>>>>> wrote: >>>>>>>>> This "fixed" remoted. What's so special about this included zlib, >>>>>>>>> other then being 8.5 years old and getting ever more unmaintained? I >>>>>>>>> haven't had a chance to diff it against upstream yet. >>>>>>>>> >>>>>>>> >>>>>>>> I don't know actually. I remember the Debian folks mentioning >>>>>>>> differences and possibly trying to push some upstream. >>>>>>>> >>>>>>> >>>>>>> Looks I spoke to soon, I'm still getting the segfault with >>>>>>> ossec-remoted built against the provided zlib. This is giving me a bit >>>>>>> of a headache. Let me keep poking around and see if I can come up with >>>>>>> anything else. >>>>>> >>>>>> Ok, so I'm looking at this again and ossec-remoted is built with the >>>>>> provided zlib and it's still segfaulting. What other info can I >>>>>> provide to keep this moving, any additional gdb output, valgrind, >>>>>> building w/specify debug flags (other then -g)? >>>>>> >>>>> >>>>> Is the trace in gdb the same? >>>>> >>>> >>>> It is but's here's the output again. >>>> >>>> # gdb /var/ossec/bin/ossec-remoted >>>> GNU gdb (GDB) SUSE (7.5.1-2.1.1) >>>> Copyright (C) 2012 Free Software Foundation, Inc. >>>> License GPLv3+: GNU GPL version 3 or later >>>> <http://gnu.org/licenses/gpl.html> >>>> This is free software: you are free to change and redistribute it. >>>> There is NO WARRANTY, to the extent permitted by law. Type "show copying" >>>> and "show warranty" for details. >>>> This GDB was configured as "x86_64-suse-linux". >>>> For bug reporting instructions, please see: >>>> <http://www.gnu.org/software/gdb/bugs/>... >>>> Reading symbols from /var/ossec/bin/ossec-remoted...done. >>>> (gdb) set follow-fork-mode child >>>> (gdb) run -d >>>> Starting program: /var/ossec/bin/ossec-remoted -d >>>> [Thread debugging using libthread_db enabled] >>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>> 2013/11/27 12:21:22 ossec-remoted: DEBUG: Starting ... >>>> [New process 3486] >>>> [Thread debugging using libthread_db enabled] >>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>> [New process 3487] >>>> [Thread debugging using libthread_db enabled] >>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>> [New process 3488] >>>> [Thread debugging using libthread_db enabled] >>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>> [New Thread 0x7ffff6fd8700 (LWP 3489)] >>>> [New Thread 0x7ffff67d7700 (LWP 3490)] >>>> >>>> Program received signal SIGSEGV, Segmentation fault. >>>> [Switching to Thread 0x7ffff7fdf700 (LWP 3488)] >>>> 0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at msgs.c:89 >>>> warning: Source file is more recent than executable. >>>> 89 if((keys->keyentries[i -1]->fp) && (i > 10)) >>>> (gdb) where >>>> #0 0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at >>>> msgs.c:89 >>>> #1 0x0000000000404845 in HandleSecure () at secure.c:85 >>>> #2 0x0000000000404708 in HandleRemote (position=0, uid=493) at >>>> remoted.c:102 >>>> #3 0x0000000000403234 in main (argc=2, argv=0x7fffffffe1d8) at main.c:151 >>>> (gdb) list >>>> 84 if(!keys->keyentries[i]->fp) >>>> 85 { >>>> 86 int my_error = errno; >>>> 87 >>>> 88 /* Just in case we run out of file descriptiors */ >>>> 89 if((keys->keyentries[i -1]->fp) && (i > 10)) >>>> 90 { >>>> 91 fclose(keys->keyentries[i -1]->fp); >>>> 92 >>>> 93 if(keys->keyentries[i -2]->fp) >>> >>> >>> (gdb) bt full >>> #0 0x0000000000424726 in OS_StartCounter (keys=0x6525a0 <keys>) at >>> msgs.c:89 >>> my_error = 13 >>> i = 0 >>> rids_file = >>> "/queue/rids/001\000\000\256\377\377\377\177\000\000\022*\226R\000\000\000\000\340\347\273\367\377\177\000\000\300\325e\000\000\000\000\000\260\256\377\377\377\177\000\000!tB", >>> '\000' <repeats 13 times>, "BLC", '\000' <repeats 13 times>, >>> "\020\000\000\000\060\000\000\000\300\256\377\377\377\177\000\000\000\256\377\377\377\177\000\000\000\000\000\000\000\000\000\000@KC\000\000\000\000\000H\000\000\000\000\000\000\000@\002\000\000\000\000\000\000\001\000\000\000\000\000\000\000\005", >>> '\000' <repeats 88 times>"\256, >>> \377\377\377\177\000\000צ\377\377\377\177\000\000" >>> #1 0x0000000000404845 in HandleSecure () at secure.c:85 >>> agentid = 0 >>> buffer = '\000' <repeats 1928 times>, >>> "\002\030\336\367\377\177", '\000' <repeats 67 times>"\300, >>> \000\000\000\000\000\000\254\260\000\000\000\000\000\000\254\260", >>> '\000' <repeats 14 times>, "\005\000\000\000\000\000\000\000\000\260 >>> \000\000\000\000\000\000\320 \000\000\000\000\000\030\303 >>> \000\000\000\000\000H\307 >>> \000\000\000\000\000\000\260\000\000\000\000\000\000\003", '\000' >>> <repeats 31 times>"\320, \004", '\000' <repeats 14 times>, "P", '\000' >>> <repeats 39 times>, >>> "\003\000\000\000\060\000\000\000[\000\000\000n\000\000\000w\000\000\000|", >>> '\000' <repeats 11 times>, >>> "@\226\273\367\377\177\000\000\031\000\000\000\000\000\000\000\320ie\000\000\000\000\000\020ee\000\000\000\000\000\031", >>> '\000' <repeats 15 times>, >>> "3\366\210\367\377\177\000\000\320ie\000\000\000\000\000\000"... >>> cleartext_msg = '\000' <repeats 5264 times>, "@", '\000' >>> <repeats 35 times>, >>> "\001\000\000\000\002\000\000\000\060\000\000\000[\000\000\000n\000\000\000w\000\000\000|", >>> '\000' <repeats 11 times>, >>> "@\226\273\367\377\177\000\000\200\305\377\377\377\177\000\000PKe\000\000\000\000\000\200\305\377\377\377\177\000\000\220)@\000\000\000\000\000PKe\000\000\000\000\000Ȉ\210\367\377\177\000\000\000\000\000\000\000\000\000\000PKe\000\000\000\000\000\200\305\377\377\377\177\000\000\376\226\210\367\377\177\000\000PKe\000\000\000\000\000WK\210\367\377\177\000\000\000\000\000\000\000\000\000\000\034\370B\000\000\000\000\000\000\000\000\000\003\000\000\000PKe\000\000\000\000\000PKe\000\000\000\000\000\000\000\000\000\377\377\377\377\000\336\377\377\377\177\000\000\205\002C", >>> '\000' <repeats 13 times>, >>> "0\337\377\377\377\177\000\000\000\000\000\000\000\000\000\000P"... >>> srcip = '\000' <repeats 16 times> >>> tmp_msg = 0x6f <Address 0x6f out of bounds> >>> srcmsg = '\000' <repeats 256 times> >>> recv_b = 32767 >>> peer_info = {sin_family = 0, sin_port = 0, sin_addr = {s_addr >>> = 0}, sin_zero = "\000\000\000\000\000\000\000"} >>> peer_size = 0 >>> #2 0x0000000000404708 in HandleRemote (position=0, uid=493) at >>> remoted.c:102 >>> No locals. >>> #3 0x0000000000403234 in main (argc=2, argv=0x7fffffffe1d8) at main.c:151 >>> i = 0 >>> c = -1 >>> uid = 493 >>> gid = 494 >>> test_config = 0 >>> run_foreground = 0 >>> cfg = 0x433fe0 "/var/ossec/etc/ossec.conf" >>> dir = 0x433ffa "/var/ossec" >>> user = 0x434005 "ossecr" >>> group = 0x43400c "ossec" >>> (gdb) >> >> >> So we've figured this out, and it can be chalked up a bug in the error >> handling of the code. The owner of /var/ossec/queue/rids was user >> "ossec" and not "ossecr", this was causing the segfault, and instead >> of giving a permission denied error or something to that effect. >> >> a patch will be forth coming > > Here's the patch. I don't have a bitbucket account so this will have > to do for now. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out.
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
