Package: librelp0 Version: 1.2.7-2 Severity: important Tags: upstream patch
Dear Maintainer, When TCP keepalive is enable in librelp0 and a new TCP connection is initialized, it fails systematically with a segmentation fault. This is particularly annoying when librelp0 is used through rsyslogd and its imrelp plugin since it makes rsyslogd fail with a segmentation fault as soon as clients with omrelp plugin try to connect to the server. Here is the server side rsyslogd configuration excerpt to reproduce this bug: module(load="imrelp") input(type="imrelp" port="2514" KeepAlive="on") After a rebuild of rsyslog and librelp without stripping, here is the backtrace given by GDB when the SIGSEGV happens: $ gdb --args rsyslogd -n (gdb) r Starting program: /usr/sbin/rsyslogd -n [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". rsyslogd: warning: ~ action is deprecated, consider using the 'stop' statement instead [try http://www.rsyslog.com/e/2307 ] [New Thread 0x7ffff4990700 (LWP 25975)] [New Thread 0x7ffff418f700 (LWP 25976)] [New Thread 0x7ffff398e700 (LWP 25977)] [New Thread 0x7ffff318d700 (LWP 25978)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff398e700 (LWP 25977)] EnableKeepAlive (sock=17, pSrv=0x6a45d0, pThis=0x0) at tcp.c:688 688 tcp.c: Aucun fichier ou dossier de ce type. (gdb) bt #0 EnableKeepAlive (sock=17, pSrv=0x6a45d0, pThis=0x0) at tcp.c:688 #1 relpTcpAcceptConnReq (ppThis=0x6af6b0, sock=sock@entry=10, pSrv=pSrv@entry=0x6a45d0) at tcp.c:717 #2 0x00007ffff57390f4 in relpSessAcceptAndConstruct (ppThis=ppThis@entry=0x7ffff398d638, pSrv=pSrv@entry=0x6a45d0, sock=sock@entry=10) at relpsess.c:191 #3 0x00007ffff5737d57 in handleConnectionRequest (sock=10, pSrv=0x6a45d0, pThis=0x6a44e0) at relp.c:589 #4 engineEventLoopRun (pThis=pThis@entry=0x6a44e0) at relp.c:770 #5 0x00007ffff57383c7 in relpEngineRun (pThis=0x6a44e0) at relp.c:950 #6 0x00007ffff59472c8 in ?? () from /usr/lib/rsyslog/imrelp.so #7 0x00000000004560a5 in thrdStarter (arg=0x7fffec000a00) at ../threads.c:212 #8 0x00007ffff79b0b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #9 0x00007ffff6ad57bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #10 0x0000000000000000 in ?? () The bug happens because the relpTcp_t * parameter of EnableKeepAlive(), named pThis, is NULL when it is called by relpTcpAcceptConnReq(). Therefore the debug print on line tcp.c:688 necessarily segfaults. The patch attached simply makes sure the relpTcp_t struct is well initialized with relpTcpConstruct() before EnableKeepAlive() is called. -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages librelp0 depends on: ii libc6 2.19-13 ii libgnutls-deb0-28 3.3.8-5 ii multiarch-support 2.19-13 librelp0 recommends no packages. librelp0 suggests no packages. -- no debconf information
Description: avoid SIGSEGV when TCP keepalive is enable Result of a GDB debug session: $ gdb --args rsyslogd -n (gdb) r Starting program: /usr/sbin/rsyslogd -n [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". rsyslogd: warning: ~ action is deprecated, consider using the 'stop' statement instead [try http://www.rsyslog.com/e/2307 ] [New Thread 0x7ffff4990700 (LWP 25975)] [New Thread 0x7ffff418f700 (LWP 25976)] [New Thread 0x7ffff398e700 (LWP 25977)] [New Thread 0x7ffff318d700 (LWP 25978)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff398e700 (LWP 25977)] EnableKeepAlive (sock=17, pSrv=0x6a45d0, pThis=0x0) at tcp.c:688 688 tcp.c: Aucun fichier ou dossier de ce type. (gdb) bt #0 EnableKeepAlive (sock=17, pSrv=0x6a45d0, pThis=0x0) at tcp.c:688 #1 relpTcpAcceptConnReq (ppThis=0x6af6b0, sock=sock@entry=10, pSrv=pSrv@entry=0x6a45d0) at tcp.c:717 #2 0x00007ffff57390f4 in relpSessAcceptAndConstruct (ppThis=ppThis@entry=0x7ffff398d638, pSrv=pSrv@entry=0x6a45d0, sock=sock@entry=10) at relpsess.c:191 #3 0x00007ffff5737d57 in handleConnectionRequest (sock=10, pSrv=0x6a45d0, pThis=0x6a44e0) at relp.c:589 #4 engineEventLoopRun (pThis=pThis@entry=0x6a44e0) at relp.c:770 #5 0x00007ffff57383c7 in relpEngineRun (pThis=0x6a44e0) at relp.c:950 #6 0x00007ffff59472c8 in ?? () from /usr/lib/rsyslog/imrelp.so #7 0x00000000004560a5 in thrdStarter (arg=0x7fffec000a00) at ../threads.c:212 #8 0x00007ffff79b0b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #9 0x00007ffff6ad57bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 #10 0x0000000000000000 in ?? () The bug happens because the relpTcp_t * parameter of EnableKeepAlive(), named pThis, is NULL when it is called by relpTcpAcceptConnReq(). Therefore the debug print on line tcp.c:688 necessarily segfaults. This patch makes sure the relpTcp_t struct is well initialized with relpTcpConstruct() before EnableKeepAlive() is called. Author: Rémi Palancher <remi-externe.palanc...@edf.fr> Origin: upstream Forwarded: no Last-Update: 2014-12-03 --- librelp-1.2.7.orig/src/tcp.c +++ librelp-1.2.7/src/tcp.c @@ -713,12 +713,12 @@ relpTcpAcceptConnReq(relpTcp_t **ppThis, ABORT_FINALIZE(RELP_RET_ACCEPT_ERR); } - if(pSrv->bKeepAlive) - EnableKeepAlive(pThis, pSrv, iNewSock); - /* construct our object so that we can use it... */ CHKRet(relpTcpConstruct(&pThis, pEngine, RELP_SRV_CONN, pSrv)); + if(pSrv->bKeepAlive) + EnableKeepAlive(pThis, pSrv, iNewSock); + /* TODO: obtain hostname, normalize (callback?), save it */ CHKRet(relpTcpSetRemHost(pThis, (struct sockaddr*) &addr)); pThis->pEngine->dbgprint("remote host is '%s', ip '%s'\n", pThis->pRemHostName, pThis->pRemHostIP);
