| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67044
|
Sun Apr 10 01:49:01 2011 |
 | John Rouillard | rouilj+elog@cs.umb.edu | Bug report | Linux | 2.9.0 | Elog 2.9.0 buffer overflow crash bug ubuntu linux | When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
Apr 9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Apr 9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
Startup info:
Apr 9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr 9 2011, 17:49:08
Apr 9 19:35:54 unixland elogd[21584]: revision 2411
-- rouilj |
|
67052
|
Thu Apr 21 21:06:20 2011 |
| Mark Bergman | mark.bergman@uphs.upenn.edu | Bug report | Linux | 2.9.0 | Re: elog 2.8.0 as daemon crashes when editing selected threaded list |
| Mark Bergman wrote: |
|
I recently upgraded elog from 2.7.8 to 2.8.0 (and moved servers, removed unused logbooks, etc.). I'm now having a problem where elog consistently crashes when attempting to edit multiple entries. This is a very common use case, as we use a "status" field, set to "open" or "closed" to track problems. When a problem is resolved, we will go to the "list" display, set it to "threaded", "select" the thread, and then edit it, to change the status field for all posts in the thread to "closed".
Now, as soon as the "edit" button is clicked, elog crashes. This happens on every thread and logbook that I've tried. The elog logfile itself doesn't show anything useful.
However, if eLog is run with "-v" in place of "-D", it does not crash.
Environment:
CentOS 5.4
eLog 2.8.0 built Aug 5 2010, 12:24:11
|
I'm now running eLog 2.9.0 and seeing the same crashes. However, I've got some more information that may be helpful.
The crash seems to be directly related to the order of replies in the thread. For example, in this thread I am replying to the original entry. The original entry has 2 children (the entries are siblings) and no grandchildren.
In our installation, eLog crashes consistently under the following conditions:
go to the "list" display
set it to "threaded"
"select" a thread that has siblings at any generation of replies
choose "edit"
If the selected thread only has one entry at any generation, eLog does not crash.
Here's a horrible attempt at a display of two message threads. Note that in the first example, there are 2 replies at the same generation (siblings)--both the person who responded and the original submitter replied to the initial submission. After that, all replies were to successive generations.
-------------- Causes eLog to Crash ------------------
! Full Name (submitter) module failure
=> Full Name (submitter) Re: module failure
=> Full Name (replier) Re: module failure
=> Full Name (submitter) Re: Re: module failure
=> Full Name (submitter) Re: Re: Re: module failue
------------------------------------------------------
-------------- No eLog Problem ------------------
! Full Name (submitter) Labwide failure of mcc
=> Full Name (replier) Re: Labwide failure of mcc
=> Full Name (submitter) Re: Re: Labwide failure of mcc
=> Full Name (replier) Re: Re: Re: Labwide failure of mcc
------------------------------------------------------
|
|
67070
|
Mon May 30 12:28:53 2011 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | Linux | 2.9.0-2414 | elogd crashes when running mirror cron with SSL and KRB5 | When I run a mirror server and both logbooks using SSL/KRB5 then the cron job causes a segmentation fault.
I haven't tried to check it with a simple configuration yet.
My set-up: two elogd on same server, one running "german" on port 444, the other "english" on port 445.
Both are behind an apache webserver configured reverse proxy, to hide the ports for external access.
I'll try to reproduce the fault with a "minimal configuration" soon and report again.
Debug output from GDB:
run -x -c /usr/local/elog/elogd_en.cfg
Starting program: /opt/elog-2.9.0/elog/elogd -x -c /usr/local/elog/elogd_en.cfg
elogd 2.9.0 built May 30 2011, 11:14:32 revision 2414
File "/var/run/elogd.pid" exists, using "/var/run/elogd.pid.445" instead.
Falling back to default group "elog"
Falling back to default user "elog"
User "elog" not found
Falling back to default user "nobody"
FCKedit detected
Falling back to default group "elog"
Falling back to default user "elog"
User "elog" not found
Falling back to default user "nobody"
ImageMagick detected
Indexing logbooks ... done
SSLServer listening on port 445 ...
Program received signal SIGSEGV, Segmentation fault.
0x0030b7b5 in SSL_write () from /lib/libssl.so.6 |
|
67084
|
Mon Jun 20 05:31:31 2011 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | Linux | 2.9.0-2414 | segmentation fault when "restrict edit" is used and "new" is allowed for anonymous users | The simple config file below produces a segmentation fault when elogd is started,
http://localhost/Test/?cmd=New
is opened in the browser and then e.g. "Entry" is switched to "Problem".
gdb shows the following output:
(gdb) run -c /usr/local/elog/elogd.cfg
Starting program: /usr/local/sbin/elogd -c /usr/local/elog/elogd.cfg
elogd 2.9.0 built Jun 20 2011, 04:57:23 revision 2414
Falling back to default group "elog"
Falling back to default user "elog"
FCKedit detected
Falling back to default group "elog"
Falling back to default user "elog"
ImageMagick detected
Indexing logbooks ... done
Server listening on port 80 ...
Program received signal SIGSEGV, Segmentation fault.
0x080a2940 in get_user_line (lbs=0xae3c1c0, user=0x0, password=0x0, full_name=0xbfca1690 "", email=0x0, email_notify=0x0,
last_logout=0x0, inactive=0x0) at src/elogd.c:24864
24864 if (!str[0] || !user[0])
|
| Attachment 1: elogd.cfg
|
[global]
Authentication = File
Password file = passwd.txt
Restrict edit = 1
[Test]
Guest Menu commands = New, List, Login, Help
Guest List Menu commands = New, Login, Help
Comment = Test ELog
Attributes = Author, Entry, Title
List display = ID, Author, Entry, Title
Start page = ?rsort=When
# Author
Preset Author = $long_name
Locked Attributes = Author
# Entry
Options Entry = Problem{1}, Measurement{2}
|
|
67102
|
Mon Aug 15 11:36:02 2011 |
| Kester Habermann | kester.habermann@gmail.com | Bug report | Other | 2.9.0 | SEGV after upgrade from 2.7.8 to 2.9.0 | Hello,
We've been using ELOG 2.6.5 to 2.7.8 for 4 years without any major problems.
Recently we upgraded to version 2.9.0 and since we've had the daemon frequently crash with SEGV.
I've detached debugging output from one time when ELOG the crashed. We've had many crashes
it was a different logbook each time. Platform is Solaris 10 5/08 on SPARC.
Has anyone else experienced problems with 2.9.0?
Best Regards
Kester
|
| Attachment 1: elog-2.9.0-dbx.txt
|
signal SEGV (no mapping at the fault address) in show_elog_list at line 19781 in file "elogd.c"
19781 message_id = msg_list[index].lbs->el_index[msg_list[index].index].message_id;
(dbx)
(dbx) list
19781 message_id = msg_list[index].lbs->el_index[msg_list[index].index].message_id;
19782
19783 if (filtering) {
19784 status = el_retrieve(msg_list[index].lbs, message_id, date, attr_list, attrib, lbs->n_attr, text,
19785 &size, in_reply_to, reply_to, attachment, encoding, locked_by);
19786 if (status != EL_SUCCESS)
19787 break;
19788
19789 /* apply filter for attributes */
19790 for (i = 0; i < lbs->n_attr; i++) {
(dbx) print index
index = 0
(dbx) where
=>[1] show_elog_list(lbs = 0x1180200, past_n = 0, last_n = 0, page_n = 0, default_page = 1, info = (nil)), line 19781 in "elogd.c"
[2] interprete(lbook = 0xffbd89f8 "Galileo-Coord", path = 0xffbd8648 ""), line 27213 in "elogd.c"
[3] decode_get(logbook = 0xffbd89f8 "Galileo-Coord", string = 0xffbfe896 ""), line 27253 in "elogd.c"
[4] process_http_request(request = 0x13a4eb8 "GET /Galileo-Coord/", i_conn = 1), line 28001 in "elogd.c"
[5] server_loop(), line 28926 in "elogd.c"
[6] main(argc = 5, argv = 0xffbffb8c), line 29947 in "elogd.c"
(dbx) print n_msg
n_msg = 49
(dbx) print *msg_list
*msg_list = {
lbs = 0x1195dd0
index = 1667786092
string = "\001\017��-D"
number = 0
in_reply_to = 0
}
(dbx) print msg_list[index].lbs->el_index[msg_list[index].index].message_id
dbx: cannot access address 0x18da195b00
(dbx) print ms(dbx) [index].lbs->el_index[msg_list[index].index].message_id
(dbx) print msg_list[index].lbs
msg_list[index].lbs = 0x1195dd0
(dbx) print msg_list[index].lbs->el_index
msg_list[index].lbs->el_index = (nil)
(dbx) pr(dbx) g_list[index].lbs->el_index
(dbx) print *msg_list[index].lbs
*msg_list[index].lbs = {
name = ""
name_enc = ""
data_dir = ""
top_group = ""
el_index = (nil)
n_el_index = (nil)
n_attr = 0
pwd_xml_tree = (nil)
}
(dbx) print msg_list[1].lbs
msg_list[1].lbs = (nil)
(dbx) print msg_list[2].lbs
msg_list[2].lbs = (nil)
(dbx) print msg_list[3].lbs
msg_list[3].lbs = (nil)
(dbx) exit
|
|
67122
|
Tue Sep 13 11:54:16 2011 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | Linux | 2.9.0-2414 | Elog crashes with URL find npp=0 | Some user wanted to modify the URL by hand and succeeded to crash the elogd process with npp=now
It appears that npp=0 crashes elogd with the following error message:
Program received signal SIGFPE, Arithmetic exception.
0x0808eba2 in show_elog_list (lbs=0xab3c770, past_n=0, last_n=0, page_n=1,
default_page=1, info=0x0) at src/elogd.c:20214
20214 sprintf(str + strlen(str), loc("Page %d of %d"), page_n, (n_msg - 1) / n_page + 1);
I guess this bug is not OS dependent: you can crash every logbook that you can search ;-) |
|
67124
|
Tue Sep 20 04:46:55 2011 |
| Ryan | ryan.hoitt@intelsat.com | Bug report | Linux | 2.9.0-2411 | Memory Leak in V2.9.0-2411 (Mirroring Related) | I have two identical servers (IBM X337) setup on the same LAN with Ubuntu Linux 10.04 LTS with ELOGD running (Compiled from tarbell) with the same exact package install base. (Only difference between the two servers is the hostname, and the ELOGD.CFG global section)
I noticed after setting these servers up today that ELOGD crashed on the server configured to mirror. It looks like there may be a memory leak in the mirroring of ELOG.
SERVER 1 ELOGD.CFG
[global]
Mirror server = http://10.146.1.76
Mirror config = 1
Mirror cron = 0,5,10,15,20,25,30,35,40,45,50,55 * * * *
Mirror user = (* Removed for Web Post *)
port = 80
Allowed encoding = 1
Suppress default = 3
Mode commands = 1
Password file = password.pwd
Self register = 1
Admin user = (* Removed for Web Post *)
Time format = %d-%b-%y %H:%M UTC
Group 2009 = Station Log-09, DAT-09, Hours Logging-09
Group 2010 = Station Log 10, DAT-10, Hours Logging-10
Group 2011 = Station Log, DAT, Hours Logging, Operations Tasks, Viasat-1, OS-2
Group Cable Database = Cable Database
Group Provisioning = Provisioning
Group ECR = ECR SERVER 1 SYSLOGD (cat /var/log/syslog |grep elog)
Sep 19 12:14:13 riverside-log elogd[8588]: elogd 2.9.0 built Sep 19 2011, 10:32:58
Sep 19 12:14:13 riverside-log elogd[8588]: revision 2411
Sep 19 12:14:13 riverside-log elogd[8588]: Falling back to default group "elog"
Sep 19 12:14:13 riverside-log elogd[8588]: Falling back to default user "elog"
Sep 19 12:14:13 riverside-log elogd[8588]: FCKedit detected
Sep 19 12:14:13 riverside-log elogd[8590]: Falling back to default group "elog"
Sep 19 12:14:13 riverside-log elogd[8590]: Falling back to default user "elog"
Sep 19 12:14:13 riverside-log elogd[8588]: Server listening on port 80 ...
Sep 19 19:55:05 riverside-log elogd[8588]: xmalloc: not enough memory
SERVER 1 (Set to mirror off server 2) Memory Usage over 1 hour (ps aux|grep elog)
elog 8760 11.6 3.4109240 35092 ?
elog 8760 12.2 3.9137852 40204 ?
elog 8760 11.6 4.4165448 45440 ?
elog 8760 10.7 5.4221652 55548 ?
elog 8760 9.9 5.9249752 60552 ?
elog 8760 10.1 6.4278364 65680 ?
elog 8760 9.5 6.8305712 70700 ?
SERVER 2 Memory Usage over 1 hour (ps aux|grep elog)
elog 799 2.1 2.6 31744 27116 ?
elog 799 2.0 2.6 31744 27116 ?
elog 799 2.1 2.6 31744 27116 ?
elog 799 2.0 2.6 31744 27116 ?
elog 799 2.0 2.6 31744 27116 ?
elog 799 2.0 2.6 31744 27116 ?
elog 799 2.1 2.6 31744 27116 ? |
|
67139
|
Thu Oct 27 14:05:35 2011 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | All | 2.9.0 | undesired side effect of using an attribute "Entry" | If you use an attribute "Entry" then the internal variable "entry time" will expand to the last value of
"$Entry"+" time", e.g. if you use it in "Thread display = $entry time, ..."
One side effect is, that the logbook selection page defaults to use
Last submission = $entry time by $author
Which then expands to an undesired result.
This is not really a bug, rather something you'll need to keep in the back of your mind. |
|