Hi! During booting, I currently see dhclient abort with a stack smashing error. I understand it is built with -fstack-protector by means of the Debian hardening-wrapper package. I first observed this when upgrading (amongst other packages) glibc from Richard's 2.13-39+hurd.rbraun.6 to current debian-ports' 2.13-39+hurd.3. As »ldd /sbin/dhclient« doesn't show any other shared library dependencies and as isc-dhcp-client itself has not recently been upgraded (debian-ports' 4.2.2.dfsg.1-5+hurd.2, installed on 2012-07-13), I'm fairly sure it is some glibc change that now triggers this behavior, though not necessarily a bug in the exact diff between these two versions; might also be some unrelated change that now causes the stack frame layout to change in a way that this bug is now triggered. Or, it may be due to some other environmental changes, but unfortunately, for cross-checking, I don't have the binary packages for Richard's 2.13-39+hurd.rbraun.6 glibc version anymore (but I do have the sources; though not yet rebuilt them myself). Richard do you still have the binary packages available somewhere?
What is being run at booting time is something like »ifup --all«, and I'm
able to reproduce the failure as follows. This is fine:
# env TZ=Europe/Berlin /sbin/dhclient -1 -v -pf /run/dhclient./dev/eth0.pid
-lf /var/lib/dhcp/dhclient./dev/eth0.leases /dev/eth0
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
can't create /var/lib/dhcp/dhclient./dev/eth0.leases: No such file or
directory
Listening on Socket//dev/eth0
Sending on Socket//dev/eth0
DHCPDISCOVER on /dev/eth0 to 255.255.255.255 port 67 interval 5
DHCPREQUEST on /dev/eth0 to 255.255.255.255 port 67
DHCPOFFER from 192.168.111.2
DHCPACK from 192.168.111.2
can't create /var/lib/dhcp/dhclient./dev/eth0.leases: No such file or
directory
bound to 192.168.111.221 -- renewal in 16252 seconds.
Likewise, a run with »env -i TZ=Europe/Berlin« also is fine. On the
other hand, as soon as TZ is unset:
# env -u TZ /sbin/dhclient -1 -v -pf /run/dhclient./dev/eth0.pid -lf
/var/lib/dhcp/dhclient./dev/eth0.leases /dev/eth0
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
can't create /var/lib/dhcp/dhclient./dev/eth0.leases: No such file or
directory
Listening on Socket//dev/eth0
Sending on Socket//dev/eth0
*** stack smashing detected ***: /sbin/dhclient terminated
Aborted
Likewise, a complete empty environment, »env -i«, also fails. With TZ
set to an invalid value, it fails even earlier:
# env TZ=iNvAlId /sbin/dhclient -1 -v -pf /run/dhclient./dev/eth0.pid -lf
/var/lib/dhcp/dhclient./dev/eth0.leases /dev/eth0
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
*** stack smashing detected ***: /sbin/dhclient terminated
Aborted
I don't see any direct TZ references in the isc-dhcp
4.2.2.dfsg.1-5+hurd.2 source package.
Unfortunately, GDB is of no help either:
# env TZ=iNvAlId gdb -q --args /sbin/dhclient -1 -v -pf
/run/dhclient./dev/eth0.pid -lf /var/lib/dhcp/dhclient./dev/eth0.leases
/dev/eth0
Reading symbols from /sbin/dhclient...(no debugging symbols found)...done.
(gdb) r
Starting program: /sbin/dhclient -1 -v -pf /run/dhclient./dev/eth0.pid -lf
/var/lib/dhcp/dhclient./dev/eth0.leases /dev/eth0
Cannot access memory at address 0x140e0ad0
Cannot access memory at address 0x140e0acc
Rebuilding isc-dhcp 4.2.2.dfsg.1-5+hurd.2 fails:
[...]
make[3]: Entering directory
`/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/common'
gcc -DHAVE_CONFIG_H -I. -I../includes -I.. -DLOCALSTATEDIR='"/var"'
-D_FORTIFY_SOURCE=2 -DLDAP_CONFIGURATION -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall
-D_PATH_DHCLIENT_SCRIPT='"/sbin/dhclient-script"'
-D_PATH_DHCPD_CONF='"/etc/dhcp/dhcpd.conf"'
-D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"' -DNOMINUM -I../bind/include
-MT alloc.o -MD -MP -MF .deps/alloc.Tpo -c -o alloc.o alloc.c
In file included from ../bind/include/isc/sockaddr.h:26:0,
from ../bind/include/isc/socket.h:66,
from ../includes/omapip/isclib.h:57,
from ../includes/dhcpd.h:95,
from alloc.c:35:
../bind/include/isc/net.h:184:8: error: redefinition of ‘struct in6_pktinfo’
In file included from ../includes/dhcpd.h:39:0,
from alloc.c:35:
/usr/include/netinet/in.h:471:8: note: originally defined here
make[3]: *** [alloc.o] Fehler 1
make[3]: Leaving directory
`/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/common'
make[2]: *** [all-recursive] Fehler 1
make[2]: Leaving directory
`/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/common'
make[1]: *** [all-recursive] Fehler 1
make[1]: Leaving directory
`/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1'
make: *** [build-ldap-stamp] Fehler 2
$ cat -n < bind/include/isc/net.h | grep -C 3 [\ ]*184
181
182 #ifndef ISC_PLATFORM_HAVEIN6PKTINFO
183 /*% IPv6 packet info */
184 struct in6_pktinfo {
185 struct in6_addr ipi6_addr; /*%< src/dst IPv6 address */
186 unsigned int ipi6_ifindex; /*%< send/recv interface
index */
187 };
$ cat -n < /usr/include/netinet/in.h | grep -C 3 [\ ]*471
468
469 #ifdef __USE_GNU
470 /* IPv6 packet information. */
471 struct in6_pktinfo
472 {
473 struct in6_addr ipi6_addr; /* src/dst IPv6 address */
474 unsigned int ipi6_ifindex; /* send/recv interface index */
configure:23208: checking for in6_pktinfo
configure:23227: gcc -c -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -Wall
-D_PATH_DHCLIENT_SCRIPT='"/sbin/dhclient-script"'
-D_PATH_DHCPD_CONF='"/etc/dhcp/dhcpd.conf"'
-D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"' -DNOMINUM -I./bind/include
-D_FORTIFY_SOURCE=2 conftest.c >&5
conftest.c: In function 'main':
conftest.c:52:20: error: storage size of 'xyzzy' isn't known
conftest.c:52:20: warning: unused variable 'xyzzy' [-Wunused-variable]
configure:23227: $? = 1
configure: failed program was:
[...]
| #include <sys/types.h>
| #include <sys/socket.h>
| #include <netinet/in.h>
|
|
|
| int
| main ()
| {
| struct in6_pktinfo xyzzy; return (0);
| ;
| return 0;
| }
configure:23232: result: no -- disabling runtime ipv6 support
Forcing a -D_GNU_SOURCE into debian/rules' CFLAGS "solves" this problem,
and (luckily!) I can still reproduce the crash with the resulting
dhclient binary (and GDB still doesn't like it...). If I manually re-do
the link command of dhclient, but remove »-fstack-protector
--param=ssp-buffer-size=4« from that command line (but all the object
files keep it enabled), GDB is of more help (so this is to be filed as an
Open Issue for GCC/GDB).
# env TZ=iNvAlId gdb -q --args
~thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/client/dhclient -1 -v
-pf /run/dhclient./dev/eth0.pid -lf /var/lib/dhcp/dhclient./dev/eth0.leases
/dev/eth0
Reading symbols from
/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/client/dhclient...done.
(gdb) break __stack_chk_fail
Breakpoint 1 at 0x804d3d0
(gdb) r
Starting program:
/media/erich/home/thomas/tmp/isc-dhcp-client/debian/isc-dhcp-4.2.2.dfsg.1/client/dhclient
-1 -v -pf /run/dhclient./dev/eth0.pid -lf
/var/lib/dhcp/dhclient./dev/eth0.leases /dev/eth0
[...]
Breakpoint 1, __stack_chk_fail () at stack_chk_fail.c:29
29 stack_chk_fail.c: No such file or directory.
(gdb) bt
#0 __stack_chk_fail () at stack_chk_fail.c:29
#1 0x0819b514 in __stack_chk_fail_local ()
#2 0x08071b9b in discover_interfaces (state=state@entry=2) at
discover.c:1331
#3 0x08052468 in main (argc=8, argv=0x1024e04) at dhclient.c:478
So in discover_interfaces it fails. And now I wonder if there's a
coincidence between that function, right near its beginning calling
getifaddrs (via begin_iface_scan), and the Debian eglibc changelog
mentioning »patches/hurd-i386/tg-ifaddrs_v6.diff: New patch, fixes IPv6
addresses in getifaddrs« -- though that patch, while apparently applied
to the 2.13-39+hurd.3 binary packages, does not actually seem to be
present in the source package I retrieved? Am I confused or is Debian
packaging?
Grüße,
Thomas
pgplVII0Hjk49.pgp
Description: PGP signature
