Bug#186114: marked as done (gnats: gnatsd will segv)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 30 Apr 2018 22:02:55 +0000
with message-id <[🔎] E1fDGsp-000Gau-O0@fasolo.debian.org>
and subject line Bug#888986: Removed package(s) from unstable
has caused the Debian Bug report #186114,
regarding gnats: gnatsd will segv
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
186114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=186114
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bugs <submit@bugs.debian.org>
• Subject: gnats: gnatsd will segv
• From: Brian White <bcwhite@precidia.com>
• Date: Mon, 24 Mar 2003 11:35:32 -0500
• Message-id: <3E7F33D4.11A38CD0@precidia.com>

Package: gnats
Version: 3.999.beta2+cvs20030310-1

While trying to set up gnats, I'm getting a "segv" from gnatsd when I
try to connect to it from another host.

An "strace" shows:

open("/var/lib/gnats/gnats-db/gnats-adm/responsible", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=1088, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(6, "#\n#\t\t  People responsible for a "..., 4096) = 1088
read(6, "", 4096)                       = 0
close(6)                                = 0
munmap(0x40016000, 4096)                = 0
open("/var/lib/gnats/gnats-db/gnats-adm/states", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=3013, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(6, "#\t\t    Possible states for a PR."..., 4096) = 3013
read(6, "", 4096)                       = 0
close(6)                                = 0
munmap(0x40016000, 4096)                = 0
open("/var/lib/gnats/gnats-db/gnats-adm/classes", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=1421, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(6, "#\t\t    Possible classes for a PR"..., 4096) = 1421
read(6, "", 4096)                       = 0
close(6)                                = 0
munmap(0x40016000, 4096)                = 0
open("/var/lib/gnats/gnats-db/gnats-adm/submitters", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=2186, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(6, "#\n#\t\t    submitters database for"..., 4096) = 2186
read(6, "", 4096)                       = 0
close(6)                                = 0
munmap(0x40016000, 4096)                = 0
read(5, "n be\n    # stored; the field con"..., 4096) = 4096
read(5, "silliness.\n#\nquery \"sql\" {\n    f"..., 4096) = 4096
brk(0x807b000)                          = 0x807b000
brk(0x807c000)                          = 0x807c000
read(5, "eply-To:\" | \"From:\" | \"Submitter"..., 4096) = 4096
brk(0x807d000)                          = 0x807d000
brk(0x807e000)                          = 0x807e000
read(5, "er-Id\" \"Responsible\" \"State\" \"Co"..., 4096) = 808
read(5, "", 4096)                       = 0
ioctl(0, SNDCTL_TMR_TIMEBASE, 0xbffff458) = -1 EINVAL (Invalid argument)
close(5)                                = 0
munmap(0x40015000, 4096)                = 0
open("/etc/gnats/gnatsd.host_access", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0444, st_size=1517, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
read(5, "#\n#                  Hosts that "..., 4096) = 1517
read(5, "", 4096)                       = 0
close(5)                                = 0
munmap(0x40015000, 4096)                = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++


The core dump shows a backtrace of:

(gdb) bt
#0  0x08049dc2 in strcpy ()
#1  0x0807d1b8 in ?? ()
#2  0x0804a0d3 in strcpy ()
#3  0x0804a3fe in strcpy ()
#4  0x0804ba19 in strcpy ()
#5  0x0804aced in strcpy ()
#6  0x4005d14f in __libc_start_main () from /lib/libc.so.6


Since this wasn't very useful, I recompiled the package from source and
installed the non-stripped version.  This turned out to be a bit of a
pain because of the lack of a "debian/rules build" command; the "gnatsd"
executable seems to be removed after the stripped version is created
during the "binary" process.

(gdb) bt
#0  0x08049dc2 in match (line=0x0, pattern=0x807cec8 "precidia.com", matchcase=0) at ./gnatsd.c:178
#1  0x0804a0d3 in validateHost (hostList=0x807d1b8, host=0x0, ipaddr=0x0, access=0xbffffb48) at ./gnatsd.c:401
#2  0x0804a3fe in verifyHostAndUser (database=0x8071de0, host=0x0, ipaddr=0x0, username=0x807d160 "", 
    passwd=0x807d070 "", access=0xbffffb88) at ./gnatsd.c:568
#3  0x0804ba19 in gnatsdChdb (nameOfDb=0x0, username=0x8064cdc "", passwd=0x8064cdc "", quiet=1, err=0xbffffbd8)
    at ./cmds.c:632
#4  0x0804aced in main (argc=1, argv=0xbffffc44) at ./gnatsd.c:1044


The problem is that function "match" is being called with a "line" of NULL.
In "validateHost" (gnatsd.c:401), is the line:

    if (match (host, hostList->admFields[HostListKey], FALSE)

however, the passed in "host" parameter is NULL.  You can trace the NULL
host up through "verifyHostAndUser" (gantsd.c:565) to "gnatsChdb" (cmds.c:632)
where it references "current_host" (a global defined at gnatsd.c:45).

How this global stayed NULL instead of being set by the "startConnection"
function (gnatsd.c:601), I don't know.

                                          Brian
                                 ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
The future is not set.  There is no fate but what we make for ourselves.  -- JC

--- End Message ---

--- Begin Message ---

• To: 98834-done@bugs.debian.org,114964-done@bugs.debian.org,149513-done@bugs.debian.org,186114-done@bugs.debian.org,186546-done@bugs.debian.org,188840-done@bugs.debian.org,190406-done@bugs.debian.org,190407-done@bugs.debian.org,280493-done@bugs.debian.org,309881-done@bugs.debian.org,325838-done@bugs.debian.org,334837-done@bugs.debian.org,442221-done@bugs.debian.org,442227-done@bugs.debian.org,702784-done@bugs.debian.org,715954-done@bugs.debian.org,716139-done@bugs.debian.org,555823-done@bugs.debian.org,
• Cc: gnats@packages.debian.org
• Subject: Bug#888986: Removed package(s) from unstable
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 30 Apr 2018 22:02:55 +0000
• Message-id: <[🔎] E1fDGsp-000Gau-O0@fasolo.debian.org>

Version: 4.1.0-5+rm

Dear submitter,

as the package gnats has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/888986

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---