Bug#361233: segfaults in nrpe server

Fri, 07 Apr 2006 03:41:26 -0700 

Package: nagios-nrpe-server
Version: 2.0-7
Severity: important
Tags: patch

When using --no-ssl in nrpe server and running it as daemon the children
all segfault when shutting down.

While it doesn't stop nrpe server from working it floods the kernel log
on archs that do log segfaults:

Apr  7 12:14:33 angela kernel: [ 4416.747546] nrpe[17647]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:33 angela kernel: [ 4416.747905] nrpe[17645]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.810391] nrpe[17655]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.863524] nrpe[17660]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.874868] nrpe[17663]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.990873] nrpe[17674]: segfault at 
0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
....


The problem is that nrpe server tries to free SSL contexts even when
they aren't initialized.  Not good.  :)

Please apply:

diff -u nagios-nrpe-2.0/src/nrpe.c nagios-nrpe-2.0/src/nrpe.c
--- nagios-nrpe-2.0/src/nrpe.c
+++ nagios-nrpe-2.0/src/nrpe.c
@@ -765,9 +765,11 @@
                syslog(LOG_ERR,"Could not read request from client, bailing 
out...");
 
 #ifdef HAVE_SSL
-               SSL_shutdown(ssl);
-               SSL_free(ssl);
-               syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+               if (ssl) {
+                       SSL_shutdown(ssl);
+                       SSL_free(ssl);
+                       syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+                       }
 #endif
 
                return;
@@ -780,8 +782,10 @@
                syslog(LOG_ERR,"Data packet from client was too short, bailing 
out...");
 
 #ifdef HAVE_SSL
-               SSL_shutdown(ssl);
-               SSL_free(ssl);
+               if (ssl) {
+                       SSL_shutdown(ssl);
+                       SSL_free(ssl);
+                       }
 #endif
 
                return;
@@ -810,8 +814,10 @@
                        }
 
 #ifdef HAVE_SSL
-               SSL_shutdown(ssl);
-               SSL_free(ssl);
+               if (ssl) {
+                       SSL_shutdown(ssl);
+                       SSL_free(ssl);
+                       }
 #endif
 
                return;
@@ -931,8 +937,10 @@
 #endif
 
 #ifdef HAVE_SSL
-       SSL_shutdown(ssl);
-       SSL_free(ssl);
+       if (ssl) {
+               SSL_shutdown(ssl);
+               SSL_free(ssl);
+               }
 #endif
 
        /* log info to syslog facility */
diff -u nagios-nrpe-2.0/debian/changelog nagios-nrpe-2.0/debian/changelog
--- nagios-nrpe-2.0/debian/changelog
+++ nagios-nrpe-2.0/debian/changelog
@@ -1,3 +1,9 @@
+nagios-nrpe (2.0-7.0.0.weasel3) unstable; urgency=low
+
+  * Fix segfault when freeing unused ssl context.
+
+ -- Peter Palfrader <[EMAIL PROTECTED]>  Fri,  7 Apr 2006 11:59:59 +0200
+
 nagios-nrpe (2.0-7.0.0.weasel2) unstable; urgency=low
 
   * Apply my randomness fix patch for nrpe.



-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to