[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992997: milter-greylist: segfault in libGeoIP

Hello Bjørn, hello Sudip,
I just tried to locate the line where the crash happens from
the dmesg output and got to this location [1].

Unfortunately the CVS tree seems not up to date or I was using the wrong one.
At least there was a change in geoip.c in line 166 [2] [3].

Kind regards,
Bernhard

[1] https://sources.debian.org/src/geoip/1.6.12-7/libGeoIP/GeoIP.c/#L2038
[2] https://sources.debian.org/src/milter-greylist/4.6.2-3/geoip.c/#L166
[3] https://sources.debian.org/src/milter-greylist/4.6.4-1/geoip.c/#L166

From submitter:
    Aug 23 22:12:23 louie kernel: milter-greylist[192919]: segfault at 28 ip 00007fbaf22fe8d9 sp 00007fbaee77c670 error 4 in libGeoIP.so.1.6.12[7fbaf22fc000+1b000]
    Aug 23 22:12:23 louie kernel: Code: 90 e9 6b d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 8f 00 00 00 41 54 49 89 d4 53 48 89 fb 48 89 f7 48 83 ec 08 <0f> be 43 28 3c 0c 74 4f 3c 12 74 4b 48 8b 3d cc 26 03 00 48 8d 35

# https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash


"error 4" == 0b00000100
    0: no page found
    0: read access
    1: user-mode access

echo -n "find /b ..., ..., 0x" && \
echo "90 e9 6b d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 8f 00 00 00 41 54 49 89 d4 53 48 89 fb 48 89 f7 48 83 ec 08 <0f> be 43 28 3c 0c 74 4f 3c 12 74 4b 48 8b 3d cc 26 03 00 48 8d 35" \
 | sed 's/[<>]//g' | sed 's/ /, 0x/g'





# Bullseye/stable amd64 qemu VM 2021-09-13


echo "set enable-bracketed-paste off" >> /etc/inputrc; bash


apt update
apt dist-upgrade


apt install mc git git-cvs devscripts rsync rsyncgdb milter-greylist
apt install milter-greylist-dbgsym libgeoip1-dbgsym
apt build-dep libgeoip1


mkdir /home/benutzer/source/libgeoip1/orig -p
cd    /home/benutzer/source/libgeoip1/orig
apt source libgeoip1
cd


gdb -q 
set width 0
set pagination off
directory /home/benutzer/source/libgeoip1/orig/geoip-1.6.12/libGeoIP
file /usr/sbin/milter-greylist
tb main
run
pipe info target | grep "text.*Geo"
find /b ..., ..., 0x90, 0xe9, 0x6b, 0xd8, 0xff, 0xff, 0x66, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x85, 0xf6, 0x0f, 0x84, 0x8f, 0x00, 0x00, 0x00, 0x41, 0x54, 0x49, 0x89, 0xd4, 0x53, 0x48, 0x89, 0xfb, 0x48, 0x89, 0xf7, 0x48, 0x83, 0xec, 0x08, 0x0f, 0xbe, 0x43, 0x28, 0x3c, 0x0c, 0x74, 0x4f, 0x3c, 0x12, 0x74, 0x4b, 0x48, 0x8b, 0x3d, 0xcc, 0x26, 0x03, 0x00, 0x48, 0x8d, 0x35
b * (0x7ffff7f908af + 42)




benutzer@debian:~$ gdb -q 
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/source/libgeoip1/orig/geoip-1.6.12/libGeoIP
Source directories searched: /home/benutzer/source/libgeoip1/orig/geoip-1.6.12/libGeoIP:$cdir:$cwd
(gdb) file /usr/sbin/milter-greylist
Reading symbols from /usr/sbin/milter-greylist...
Reading symbols from /usr/lib/debug/.build-id/26/9d1dfedbfac4bcaccb58f1c1312cfbcf2b27a9.debug...
(gdb) tb main
Temporary breakpoint 1 at 0x6cc0: file milter-greylist.c, line 1617.
(gdb) run
Starting program: /usr/sbin/milter-greylist 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Temporary breakpoint 1, main (argc=1, argv=0x7fffffffe608) at milter-greylist.c:1617
1617    milter-greylist.c: Datei oder Verzeichnis nicht gefunden.
(gdb) pipe info target | grep "text.*Geo"
        0x00007ffff7f8e5f0 - 0x00007ffff7fa8cac is .text in /lib/x86_64-linux-gnu/libGeoIP.so.1
(gdb) find /b 0x00007ffff7f8e5f0, 0x00007ffff7fa8cac, 0x90, 0xe9, 0x6b, 0xd8, 0xff, 0xff, 0x66, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x85, 0xf6, 0x0f, 0x84, 0x8f, 0x00, 0x00, 0x00, 0x41, 0x54, 0x49, 0x89, 0xd4, 0x53, 0x48, 0x89, 0xfb, 0x48, 0x89, 0xf7, 0x48, 0x83, 0xec, 0x08, 0x0f, 0xbe, 0x43, 0x28, 0x3c, 0x0c, 0x74, 0x4f, 0x3c, 0x12, 0x74, 0x4b, 0x48, 0x8b, 0x3d, 0xcc, 0x26, 0x03, 0x00, 0x48, 0x8d, 0x35
0x7ffff7f908af
1 pattern found.
(gdb) b * (0x7ffff7f908af + 42)
Breakpoint 2 at 0x7ffff7f908d9: file GeoIP.c, line 2038.
(gdb) info b
Num     Type           Disp Enb Address            What
2       breakpoint     keep y   0x00007ffff7f908d9 in GeoIP_id_by_addr_v6_gl at GeoIP.c:2038
(gdb) display/i 0x7ffff7f908af + 42
1: x/i 0x7ffff7f908af + 42
   0x7ffff7f908d9 <GeoIP_id_by_addr_v6_gl+25>:  movsbl 0x28(%rbx),%eax
(gdb) list GeoIP.c:2036
2031
2032    int GeoIP_id_by_addr_v6_gl(GeoIP *gi, const char *addr, GeoIPLookup *gl) {
2033        geoipv6_t ipnum;
2034        int ret;
2035        if (addr == NULL) {
2036            return 0;
2037        }
2038        if (gi->databaseType != GEOIP_COUNTRY_EDITION_V6 &&
2039            gi->databaseType != GEOIP_LARGE_COUNTRY_EDITION_V6) {
2040            printf("Invalid database type %s, expected %s\n",
(gdb) 



https://sources.debian.org/src/geoip/1.6.12-7/libGeoIP/GeoIP.c/#L2038



# http://hcpnet.free.fr/milter-greylist/
mkdir /home/benutzer/source/milter-graylist/cvs -p
cd    /home/benutzer/source/milter-graylist/cvs
export CVS_RSH=ssh; cvs -danoncvs@anoncvs.fr.netbsd.org:/milter-greylist co -P milter-greylist 

cvs log | head -n100
-- seems kind of outdated ...



https://sources.debian.org/src/milter-greylist/4.6.2-3/geoip.c/#L166
https://sources.debian.org/src/milter-greylist/4.6.4-1/geoip.c/#L166
Reply to: