Hello list,
today I made jabberd 2.2.11 segfault :)
First of all: I was developing an implementation of the jabberd 2.0
Component Protocol and maybe I was doing some ugly stuff - but you'll
agree me when I say that this should not make jabberd2 segfault :)
Here is what I did:
W: stream:stream xmlns:stream='http://etherx.jabber.org/streams'
xml:lang='de' version='1.0'
R: stream:stream xmlns:stream='http://etherx.jabber.org/streams'
version='1.0' id='zixbt01lq257lfyy6hvyl3si7bdehy4gg1sa1uvs'
stream:features xmlns:stream='http://etherx.jabber.org/streams'
mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanismDIGEST-MD5/mechanism
/mechanisms
/stream:features
W: auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='DIGEST-MD5' /
R: challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'[...]/challenge
W: response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'[...]/response
R: challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'[...]/challenge
W: response xmlns='urn:ietf:params:xml:ns:xmpp-sasl' /
R: success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/
W: stream:stream xmlns:stream='http://etherx.jabber.org/streams'
xml:lang='de' version='1.0'
R: stream:stream xmlns:stream='http://etherx.jabber.org/streams'
version='1.0' id='w00igzgngcl2feknpx26w6md8fna9j25k3n124oi'
stream:features xmlns:stream='http://etherx.jabber.org/streams'/
W: bind name='[...]' /
... and here it passed away.
I traced the segfault down to router/router.c on line 889 (function
_router_sx_callback):
if(NAD_NURI_L(nad, NAD_ENS(nad, 0)) != strlen(uri_COMPONENT) || \
strncmp(uri_COMPONENT, NAD_NURI(nad, NAD_ENS(nad, 0)), \
strlen(uri_COMPONENT)) != 0) {
[...]
In my case NAD_ENS(nad, 0) returned -1 and nad-nss pointed to NULL.
I'm not that deep into the jabberd2-code, but I think that at this point
exists two issues:
NAD_ENS(nad, 0) should not return -1 (even its unsigned representation
is quite too big) because it is being used as Index in the Macro
NAD_NURI_L later on.
nad-nss should not be NULL, as it is used by the Macro NAD_NURI_L
without any further checks.
Does anyone on the list have an idea why all this happens and maybe
where a good start could be if I want to write a small patch?
Kind regards,
Bernd
P.S.: I attached the debug-output from the router-process
--
\\\||///
\\ - - //
( @ @ )
-oOo--( )--oOo---
Firma Bernd Holzmüller www.tiggerswelt.net
i...@tiggerswelt.net
Mönchstrasse 25 Tel: 07 11 / 550 425-90
70191 Stuttgart Fax: 07 11 / 550 425-99
Deutschland/Germany OpenPGP/GnuPG: 0x957C378B
Wed Aug 18 00:16:01 2010 [notice] starting up
Wed Aug 18 00:16:01 2010 [info] process id is 6415, written to
/root/xmpp/router.pid
Wed Aug 18 00:16:01 2010 user.c:33 loading user table
Wed Aug 18 00:16:01 2010 user.c:85 remembering user 'jabberd'
Wed Aug 18 00:16:01 2010 [notice] loaded user table (1 users)
Wed Aug 18 00:16:01 2010 aci.c:37 loading aci
Wed Aug 18 00:16:01 2010 aci.c:56 building list for 'all'
Wed Aug 18 00:16:01 2010 aci.c:77 added 'jabberd'
Wed Aug 18 00:16:01 2010 filter.c:51 loading filter
Wed Aug 18 00:16:01 2010 filter.c:93 building filter list
Wed Aug 18 00:16:01 2010 [notice] loaded filters (0 rules)
sx (sasl_gsasl.c:913) initialising sasl plugin
sx (sasl_gsasl.c:941) sasl context initialised
sx (env.c:75) plugin initialised (index 0)
Wed Aug 18 00:16:01 2010 [notice] [0.0.0.0, port=5347] listening for incoming
connections
Wed Aug 18 00:16:03 2010 router.c:1073 accept action on fd 5
Wed Aug 18 00:16:03 2010 [notice] [127.0.0.1, port=39156] connect
sx (sx.c:51) allocated new sx for 5
Wed Aug 18 00:16:03 2010 router.c:1103 new component (0x80772e0)
127.0.0.1:39156
sx (server.c:236) doing server init for sx 5
sx (server.c:251) waiting for stream header
sx (server.c:254) tag 5 event 0 data 0x0
Wed Aug 18 00:16:03 2010 main.c:456 running time checks
Wed Aug 18 00:16:03 2010 main.c:461 next time check at 1282083423
Wed Aug 18 00:16:03 2010 router.c:1024 read action on fd 5
sx (io.c:191) 5 ready for reading
sx (io.c:197) tag 5 event 2 data 0x807e390
Wed Aug 18 00:16:03 2010 router.c:663 reading from 5
Wed Aug 18 00:16:03 2010 router.c:721 read 22 bytes
sx (io.c:216) passed 22 read bytes
sx (chain.c:93) calling io read chain
sx (io.c:240) decoded read data (22 bytes): ?xml version=1.0?
Wed Aug 18 00:16:03 2010 router.c:1024 read action on fd 5
sx (io.c:191) 5 ready for reading
sx (io.c:197) tag 5 event 2 data 0x807e7b0
Wed Aug 18 00:16:03 2010 router.c:663 reading from 5
Wed Aug 18 00:16:03 2010 router.c:721 read 92 bytes
sx (io.c:216) passed 92 read bytes
sx (chain.c:93) calling io read chain
sx (io.c:240) decoded read data (92 bytes): stream:stream
xmlns:stream='http://etherx.jabber.org/streams'