Re: [vchkpw] qmailadmin buffer overflow
Catching up on old emails -- were you able to resolve this? I can't recall if this thread continued on the mailing list or not. -Tom On Sep 19, 2012, at 6:35 AM, Bob Hutchinson wrote: On 19/09/12 11:52, Tom Collins wrote: I'm offline, with limited Internet connectivity, so apologies if someone else has already responded. I think you need to recompile QmailAdmin and manually install the binary. The installation process strips debug information that would probably show up in this dump and help isolate the problem. OK, I will look into doing this at a quiet time. I notice that there is a binary in the source tree which is much larger and which says it's unstripped, I might just try that one first. -Tom (Sent from my phone; forgive my brevity) On Sep 18, 2012, at 5:45 PM, Bob Hutchinson hutchli...@midwales.com wrote: Not sure if this is the right place to post but I don't know where else. I am using qmailadmin in a standard shupp toaster, on a 64bit machine. qmailadmin-1.2.15 I getting a WSOD after adding a new mailinglist. The mailinglist is made and all appears correct. Each line in the apache error log is prepended by something like this: [Tue Sep 18 14:54:30 2012] [error] [client 1.2.3.4] The referer is someting like this: http://myserver.net/cgi-bin/qmailadmin/com/addmailinglist?user=postmasterdom=adomain.co.uktime=1347976179 replaced with xxx Here is the log snippet pruned for easier reading: *** buffer overflow detected ***: /usr/lib/cgi-bin/qmailadmin terminated, referer: xxx === Backtrace: =, referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f12e3f8e007], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f12e3f8cf00], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x1075eb)[0x7f12e3f8c5eb], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7f12e3f8c4c8], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x409534], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x4107bc], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x402fb5], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f12e3ea676d], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x403551], referer: xxx === Memory map: , referer: xxx 0040-00431000 r-xp ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 0063-00631000 r--p 0003 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00631000-00632000 rw-p 00031000 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00632000-0063d000 rw-p 00:00 0 , referer: xxx 0078d000-007ae000 rw-p 00:00 0[heap], referer: xxx 7f12e3c6f000-7f12e3c84000 r-xp ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3c84000-7f12e3e83000 ---p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e83000-7f12e3e84000 r--p 00014000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e84000-7f12e3e85000 rw-p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e85000-7f12e4038000 r-xp ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4038000-7f12e4237000 ---p 001b3000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4237000-7f12e423b000 r--p 001b2000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423b000-7f12e423d000 rw-p 001b6000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423d000-7f12e4242000 rw-p 00:00 0 , referer: xxx 7f12e4242000-7f12e424b000 r-xp ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e424b000-7f12e444b000 ---p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444b000-7f12e444c000 r--p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444c000-7f12e444d000 rw-p a000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444d000-7f12e447b000 rw-p 00:00 0 , referer: xxx 7f12e447b000-7f12e449d000 r-xp ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e4688000-7f12e468b000 rw-p 00:00 0 , referer: xxx 7f12e4697000-7f12e469d000 rw-p 00:00 0 , referer: xxx 7f12e469d000-7f12e469e000 r--p 00022000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e469e000-7f12e46a rw-p 00023000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7fff3851d000-7fff3853e000 rw-p 00:00 0[stack], referer: xxx 7fff385ff000-7fff3860 r-xp 00:00 0[vdso], referer: xxx ff60-ff601000 r-xp 00:00 0 [vsyscall], referer: xxx -- - Bob Hutchinson Midwales dot com - -- - Bob Hutchinson Midwales dot com -
Re: [vchkpw] qmailadmin buffer overflow
On 15/10/12 15:34, Tom Collins wrote: Catching up on old emails -- were you able to resolve this? I can't recall if this thread continued on the mailing list or not. No, I haven't resolved it and I haven't done the testing either ;-( It's been a busy month but I would like to get to the bottom of this. -Tom On Sep 19, 2012, at 6:35 AM, Bob Hutchinson wrote: On 19/09/12 11:52, Tom Collins wrote: I'm offline, with limited Internet connectivity, so apologies if someone else has already responded. I think you need to recompile QmailAdmin and manually install the binary. The installation process strips debug information that would probably show up in this dump and help isolate the problem. OK, I will look into doing this at a quiet time. I notice that there is a binary in the source tree which is much larger and which says it's unstripped, I might just try that one first. -Tom (Sent from my phone; forgive my brevity) On Sep 18, 2012, at 5:45 PM, Bob Hutchinson hutchli...@midwales.com wrote: Not sure if this is the right place to post but I don't know where else. I am using qmailadmin in a standard shupp toaster, on a 64bit machine. qmailadmin-1.2.15 I getting a WSOD after adding a new mailinglist. The mailinglist is made and all appears correct. Each line in the apache error log is prepended by something like this: [Tue Sep 18 14:54:30 2012] [error] [client 1.2.3.4] The referer is someting like this: http://myserver.net/cgi-bin/qmailadmin/com/addmailinglist?user=postmasterdom=adomain.co.uktime=1347976179 replaced with xxx Here is the log snippet pruned for easier reading: *** buffer overflow detected ***: /usr/lib/cgi-bin/qmailadmin terminated, referer: xxx === Backtrace: =, referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f12e3f8e007], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f12e3f8cf00], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x1075eb)[0x7f12e3f8c5eb], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7f12e3f8c4c8], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x409534], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x4107bc], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x402fb5], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f12e3ea676d], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x403551], referer: xxx === Memory map: , referer: xxx 0040-00431000 r-xp ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 0063-00631000 r--p 0003 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00631000-00632000 rw-p 00031000 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00632000-0063d000 rw-p 00:00 0 , referer: xxx 0078d000-007ae000 rw-p 00:00 0[heap], referer: xxx 7f12e3c6f000-7f12e3c84000 r-xp ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3c84000-7f12e3e83000 ---p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e83000-7f12e3e84000 r--p 00014000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e84000-7f12e3e85000 rw-p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e85000-7f12e4038000 r-xp ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4038000-7f12e4237000 ---p 001b3000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4237000-7f12e423b000 r--p 001b2000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423b000-7f12e423d000 rw-p 001b6000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423d000-7f12e4242000 rw-p 00:00 0 , referer: xxx 7f12e4242000-7f12e424b000 r-xp ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e424b000-7f12e444b000 ---p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444b000-7f12e444c000 r--p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444c000-7f12e444d000 rw-p a000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444d000-7f12e447b000 rw-p 00:00 0 , referer: xxx 7f12e447b000-7f12e449d000 r-xp ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e4688000-7f12e468b000 rw-p 00:00 0 , referer: xxx 7f12e4697000-7f12e469d000 rw-p 00:00 0 , referer: xxx 7f12e469d000-7f12e469e000 r--p 00022000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e469e000-7f12e46a rw-p 00023000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7fff3851d000-7fff3853e000 rw-p 00:00 0[stack], referer: xxx 7fff385ff000-7fff3860 r-xp 00:00 0[vdso], referer: xxx ff60-ff601000 r-xp 00:00 0 [vsyscall], referer: xxx --
Re: [vchkpw] qmailadmin buffer overflow
That should be just fine. Keep a copy of the currently-installed version to switch back to after debugging. -Tom (Sent from my phone; forgive my brevity) On Sep 19, 2012, at 3:35 PM, Bob Hutchinson hutchli...@midwales.com wrote: OK, I will look into doing this at a quiet time. I notice that there is a binary in the source tree which is much larger and which says it's unstripped, I might just try that one first. !DSPAM:505b528534213501068019!
Re: [vchkpw] qmailadmin buffer overflow
I'm offline, with limited Internet connectivity, so apologies if someone else has already responded. I think you need to recompile QmailAdmin and manually install the binary. The installation process strips debug information that would probably show up in this dump and help isolate the problem. -Tom (Sent from my phone; forgive my brevity) On Sep 18, 2012, at 5:45 PM, Bob Hutchinson hutchli...@midwales.com wrote: Not sure if this is the right place to post but I don't know where else. I am using qmailadmin in a standard shupp toaster, on a 64bit machine. qmailadmin-1.2.15 I getting a WSOD after adding a new mailinglist. The mailinglist is made and all appears correct. Each line in the apache error log is prepended by something like this: [Tue Sep 18 14:54:30 2012] [error] [client 1.2.3.4] The referer is someting like this: http://myserver.net/cgi-bin/qmailadmin/com/addmailinglist?user=postmasterdom=adomain.co.uktime=1347976179 replaced with xxx Here is the log snippet pruned for easier reading: *** buffer overflow detected ***: /usr/lib/cgi-bin/qmailadmin terminated, referer: xxx === Backtrace: =, referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f12e3f8e007], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f12e3f8cf00], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x1075eb)[0x7f12e3f8c5eb], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7f12e3f8c4c8], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x409534], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x4107bc], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x402fb5], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f12e3ea676d], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x403551], referer: xxx === Memory map: , referer: xxx 0040-00431000 r-xp ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 0063-00631000 r--p 0003 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00631000-00632000 rw-p 00031000 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00632000-0063d000 rw-p 00:00 0 , referer: xxx 0078d000-007ae000 rw-p 00:00 0[heap], referer: xxx 7f12e3c6f000-7f12e3c84000 r-xp ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3c84000-7f12e3e83000 ---p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e83000-7f12e3e84000 r--p 00014000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e84000-7f12e3e85000 rw-p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e85000-7f12e4038000 r-xp ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4038000-7f12e4237000 ---p 001b3000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4237000-7f12e423b000 r--p 001b2000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423b000-7f12e423d000 rw-p 001b6000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423d000-7f12e4242000 rw-p 00:00 0 , referer: xxx 7f12e4242000-7f12e424b000 r-xp ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e424b000-7f12e444b000 ---p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444b000-7f12e444c000 r--p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444c000-7f12e444d000 rw-p a000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444d000-7f12e447b000 rw-p 00:00 0 , referer: xxx 7f12e447b000-7f12e449d000 r-xp ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e4688000-7f12e468b000 rw-p 00:00 0 , referer: xxx 7f12e4697000-7f12e469d000 rw-p 00:00 0 , referer: xxx 7f12e469d000-7f12e469e000 r--p 00022000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e469e000-7f12e46a rw-p 00023000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7fff3851d000-7fff3853e000 rw-p 00:00 0[stack], referer: xxx 7fff385ff000-7fff3860 r-xp 00:00 0[vdso], referer: xxx ff60-ff601000 r-xp 00:00 0 [vsyscall], referer: xxx -- - Bob Hutchinson Midwales dot com - !DSPAM:5059a45e34211364084616!
Re: [vchkpw] qmailadmin buffer overflow
On 19/09/12 11:52, Tom Collins wrote: I'm offline, with limited Internet connectivity, so apologies if someone else has already responded. I think you need to recompile QmailAdmin and manually install the binary. The installation process strips debug information that would probably show up in this dump and help isolate the problem. OK, I will look into doing this at a quiet time. I notice that there is a binary in the source tree which is much larger and which says it's unstripped, I might just try that one first. -Tom (Sent from my phone; forgive my brevity) On Sep 18, 2012, at 5:45 PM, Bob Hutchinson hutchli...@midwales.com wrote: Not sure if this is the right place to post but I don't know where else. I am using qmailadmin in a standard shupp toaster, on a 64bit machine. qmailadmin-1.2.15 I getting a WSOD after adding a new mailinglist. The mailinglist is made and all appears correct. Each line in the apache error log is prepended by something like this: [Tue Sep 18 14:54:30 2012] [error] [client 1.2.3.4] The referer is someting like this: http://myserver.net/cgi-bin/qmailadmin/com/addmailinglist?user=postmasterdom=adomain.co.uktime=1347976179 replaced with xxx Here is the log snippet pruned for easier reading: *** buffer overflow detected ***: /usr/lib/cgi-bin/qmailadmin terminated, referer: xxx === Backtrace: =, referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f12e3f8e007], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7f12e3f8cf00], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(+0x1075eb)[0x7f12e3f8c5eb], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7f12e3f8c4c8], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x409534], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x4107bc], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x402fb5], referer: xxx /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f12e3ea676d], referer: xxx /usr/lib/cgi-bin/qmailadmin[0x403551], referer: xxx === Memory map: , referer: xxx 0040-00431000 r-xp ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 0063-00631000 r--p 0003 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00631000-00632000 rw-p 00031000 ca:01 12699746 /usr/lib/cgi-bin/qmailadmin, referer: xxx 00632000-0063d000 rw-p 00:00 0 , referer: xxx 0078d000-007ae000 rw-p 00:00 0[heap], referer: xxx 7f12e3c6f000-7f12e3c84000 r-xp ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3c84000-7f12e3e83000 ---p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e83000-7f12e3e84000 r--p 00014000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e84000-7f12e3e85000 rw-p 00015000 ca:01 10092763 /lib/x86_64-linux-gnu/libgcc_s.so.1, referer: xxx 7f12e3e85000-7f12e4038000 r-xp ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4038000-7f12e4237000 ---p 001b3000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e4237000-7f12e423b000 r--p 001b2000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423b000-7f12e423d000 rw-p 001b6000 ca:01 10092730 /lib/x86_64-linux-gnu/libc-2.15.so, referer: xxx 7f12e423d000-7f12e4242000 rw-p 00:00 0 , referer: xxx 7f12e4242000-7f12e424b000 r-xp ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e424b000-7f12e444b000 ---p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444b000-7f12e444c000 r--p 9000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444c000-7f12e444d000 rw-p a000 ca:01 10092783 /lib/x86_64-linux-gnu/libcrypt-2.15.so, referer: xxx 7f12e444d000-7f12e447b000 rw-p 00:00 0 , referer: xxx 7f12e447b000-7f12e449d000 r-xp ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e4688000-7f12e468b000 rw-p 00:00 0 , referer: xxx 7f12e4697000-7f12e469d000 rw-p 00:00 0 , referer: xxx 7f12e469d000-7f12e469e000 r--p 00022000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7f12e469e000-7f12e46a rw-p 00023000 ca:01 10092751 /lib/x86_64-linux-gnu/ld-2.15.so, referer: xxx 7fff3851d000-7fff3853e000 rw-p 00:00 0[stack], referer: xxx 7fff385ff000-7fff3860 r-xp 00:00 0[vdso], referer: xxx ff60-ff601000 r-xp 00:00 0 [vsyscall], referer: xxx -- - Bob Hutchinson Midwales dot com - -- - Bob Hutchinson Midwales dot com - !DSPAM:5059ca2a34211204981993!