Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] ntpd segmentation fault on hardened/uclibc
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
quarzofen
n00b
n00b


Joined: 08 Oct 2013
Posts: 13

PostPosted: Tue Oct 08, 2013 6:02 pm    Post subject: [solved] ntpd segmentation fault on hardened/uclibc Reply with quote

Hi folks,

I just obtained a Soekris net4801. Quite old, slow, but nice hardware gizmo which I wanted to use as a router in a low requirements environment. The system runs fine: I installed a recent kernel (3.10.1) and chose the hardened/linux/uclibc/x86 profile. No problems so far. Then I wanted to run a ntp daemon from net-misc/ntp. The emerge succeeds with no problems. ntpdate from the package runs and syncs the system clock with ntp server. Unfortunately, the daemon does not run. In the message log I found segmentation faults. The are always occurring at the same strange address: 0x30303030 (see below) and ip in libz. Running ntpd -n (no fork) shows the same.

I reemerged the package (version 4.2.4_p7-r1 and 4.2.6_p5-r1) with debug settings and got more information from the error message stating
Code:
/proc/net/if_inet6:strlen(_garbage_) != 32
for both versions. This comes from the libisc source code of the ntp package (method linux_if_inet6_current for the recent version). This seems to be crazy as the content of /proc/net/if_inet6 (which is evaluated by the code in question) is absolutely valid (surprise ;-)) and contains
Code:
00000000000000000000000000000001 01 80 10 80       lo

as first line. But obviously the code does not read the string properly. The content is instead written on the stack (ascii '0' = 0x30 hex). I wrote a small test program:
Code:

#include <stdio.h>
#include <stdlib.h>

void main(void)
{
        char line[80];
        char address[33];
        char name[20];
        int ifindex, prefix, scope, flags;
        FILE* f = fopen("/proc/net/if_inet6", "r");

        while (!feof(f)) {
                fgets(line, sizeof(line) - 1, f);
                sscanf(line, "%32[a-f0-9] %x %x %x %x %16s\n",
                        address, &ifindex, &prefix, &scope, &flags, name);
                printf("addr is %s\n", address);
        }
        fclose(f);

}

Compiling this with the systems compiler (i586-gentoo-linux-uclibc, gcc 4.6.3), the binary suffers the same problem as ntpd, i.e. a segfault. The same code runs fine, when compiled and executed on a recent Debian Wheezy system.

Replacing the format string "%32[a-f0-9]" with "%s" or "%32s" solves the issue for the test program. Seems as if theres a bug in uclibc's scanf code, although I haven't invested time in verifying this.

Is there anyone out there, who can confirm this problem?

Here some additional information about the system
equery uses dhcp
Code:

 U I
 + - client     : Install the dhclient program
 + + ipv6       : Add support for IP version 6
 - - ldap       : Add LDAP support (Lightweight Directory Access Protocol)
 + - server     : Install the dhcpd and dhcrelay programs
 + + ssl        : Add support for Secure Socket Layer connections
 + + vim-syntax : Pulls in related vim syntax scripts


make.conf
Code:

CFLAGS="-march=i586 -Os -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
CHOST="i586-gentoo-linux-uclibc"

...

USE="minimal crypt curl cups ftp ipv6 jpeg lm_sensors mime perl posix python readline samba unicode usb vim-syntax -X xml xsl zlib"
FEATURES="sandbox nodoc"
UCLIBC_CPU="586"


Regards


Last edited by quarzofen on Sun Nov 03, 2013 8:43 am; edited 1 time in total
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1428

PostPosted: Wed Oct 09, 2013 3:41 pm    Post subject: Reply with quote

I would submit this as a Bug. I can do it for you if you like? If you do do it, make sure to assign it to the Hardened Category
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Back to top
View user's profile Send private message
N8Fear
Tux's lil' helper
Tux's lil' helper


Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)

PostPosted: Wed Oct 09, 2013 3:54 pm    Post subject: Reply with quote

Do you have anything in the hardened related logfiles/dmesg (grsec or pax ones)?

There was some issue related to directio on the grsec board a few months ago...
Back to top
View user's profile Send private message
quarzofen
n00b
n00b


Joined: 08 Oct 2013
Posts: 13

PostPosted: Wed Oct 09, 2013 8:27 pm    Post subject: Reply with quote

eyoung100 wrote:
I would submit this as a Bug. I can do it for you if you like? If you do do it, make sure to assign it to the Hardened Category

Thanks for your offer. It would be very nice, if you submit this a bug for me.

Meanwhile, I tried to emerge net-misc/dhcp-4.2.5_p1. This one fails to compile due to some unknown symbols like dns_rdatatype_aaaa. Turns out that the header file defining those symbols is created by a tool named gen during the compilation phase. gen is included in the dhcp package and the C source code contains again a scanf pattern like in ntpd or the small program submitted in my previous post.

As compilation of those two well-known package fails, I can't believe that this should be a bug of uclibc. Thus, I recompiled the library, rebooted the system and compiled the small program again. Same result :-(

Here are some more information about the system
Code:

soekris ~ # gcc -v
Using built-in specs.
COLLECT_GCC=/usr/i586-gentoo-linux-uclibc/gcc-bin/4.6.3/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/i586-gentoo-linux-uclibc/4.6.3/lto-wrapper
Target: i586-gentoo-linux-uclibc
Configured with: /var/tmp/portage/sys-devel/gcc-4.6.3/work/gcc-4.6.3/configure --prefix=/usr --bindir=/usr/i586-gentoo-linux-uclibc/gcc-bin/4.6.3 --includedir=/usr/lib/gcc/i586-gentoo-linux-uclibc/4.6.3/include --datadir=/usr/share/gcc-data/i586-gentoo-linux-uclibc/4.6.3 --mandir=/usr/share/gcc-data/i586-gentoo-linux-uclibc/4.6.3/man --infodir=/usr/share/gcc-data/i586-gentoo-linux-uclibc/4.6.3/info --with-gxx-include-dir=/usr/lib/gcc/i586-gentoo-linux-uclibc/4.6.3/include/g++-v4 --host=i586-gentoo-linux-uclibc --build=i586-gentoo-linux-uclibc --disable-altivec --disable-fixed-point --without-cloog --without-ppl --disable-lto --disable-nls --with-system-zlib --enable-obsolete --disable-werror --enable-secureplt --disable-multilib --enable-libmudflap --disable-libssp --enable-esp --enable-libgomp --with-python-dir=/share/gcc-data/i586-gentoo-linux-uclibc/4.6.3/python --enable-checking=release --disable-libgcj --enable-libstdcxx-time --with-arch=i586 --enable-languages=c,c++,fortran --enable-shared --enable-threads=posix --disable-__cxa_atexit --enable-tls --enable-targets=all --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.6.3 p1.13, pie-0.5.2'
Thread model: posix
gcc version 4.6.3 (Gentoo Hardened 4.6.3 p1.13, pie-0.5.2)
soekris ~ # emerge --info
Portage 2.2.1 (hardened/linux/uclibc/x86, gcc-4.6.3, uclibc-0.9.33.2-r4, 3.10.1-hardened-r1soekris i586)
=================================================================
System uname: Linux-3.10.1-hardened-r1soekris-i586-Unknown-with-gentoo-2.2
KiB Mem:      121980 total,     41744 free
KiB Swap:     648184 total,    648184 free
Timestamp of tree: Wed, 09 Oct 2013 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
app-shells/bash:          4.2_p45
dev-lang/python:          2.7.3-r3, 3.2.5-r2
dev-util/cmake:           2.8.10.2-r2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.69
sys-devel/automake:       1.13.4
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.9 (virtual/os-headers)
sys-libs/uclibc:          0.9.33.2-r4
Repositories: gentoo
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i586-gentoo-linux-uclibc"
CFLAGS="-march=i586 -Os -pipe -fomit-frame-pointer"
CHOST="i586-gentoo-linux-uclibc"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=i586 -Os -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news nodoc parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo/ rsync://de-mirror.org/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="cli cracklib crypt cups curl cxx dri fortran ftp hardened iconv ipv6 jpeg lm_sensors minimal mime modules mudflap ncurses nptl openmp pax_kernel pcre pdf perl pic posix python readline samba session sndfile ssl tcpd truetype uclibc unicode usb vim-syntax x86 xattr xml xsl zlib" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="uclibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="dummy fbdev v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Back to top
View user's profile Send private message
quarzofen
n00b
n00b


Joined: 08 Oct 2013
Posts: 13

PostPosted: Thu Oct 24, 2013 8:49 pm    Post subject: Reply with quote

Hi again,

I stripped down the problem a little further. I downloaded the current hardened/uclibc stage3 file (stage3-i686-uclibc-hardened-20131005.tar.bz2) from ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo/experimental/x86/uclibc/ I unpacked it on my notebook in a blank directory (Gentoo amd64), chroot'ed and tried to compile the sample program. I replaced the !feof/fgets/sscanf loop with a simple sscanf using a static string extracted from /proc/net/if_inet6 before. But I get: Segmentation fault. So it seems that already the stage3 files, yet experimental, are broken. :-(

I also downloaded the vanilla version to my local system, chrooted and compiled: I don't get segmentation faults, but data isn't read correctly anyway. Seems as there's something really broken if I'm not doing anything seriously wrong.
Back to top
View user's profile Send private message
quarzofen
n00b
n00b


Joined: 08 Oct 2013
Posts: 13

PostPosted: Sun Nov 03, 2013 8:43 am    Post subject: Reply with quote

Hi folks,

I finally solved this issue by unmasking and upgrading to uclibc-0.9.33.2-r6.

Now, ntp and dhcp compile and run without errors. Not sure if there are other issues with other packages but those packages are essential for my use-case.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum