Bug 1411021

Summary: http-parser update breaks ocserv
Product: [Fedora] Fedora EPEL Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: http-parserAssignee: Igor Gnatenko <ignatenko>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: dennis, dwmw2, extras-qa, ignatenko, mcepl, mcepl, mrunge, nmavrogi, piotr1212, sgallagh, tchollingsworth
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1374081 Environment:
Last Closed: 2018-02-02 08:22:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1374081    
Bug Blocks:    

Description Nikos Mavrogiannopoulos 2017-01-07 15:00:38 UTC 
The same F23 bug was reported on EL7 as well:
https://gitlab.com/ocserv/ocserv/issues/89


Please add an ABI check as part of the upgrade cycle.

+++ This bug was initially created as a clone of Bug #1374081 +++

http-parser recently got updated from 2.0-9.20121128gitcd01361.fc23 to 2.7.1-2.fc23.

Since then, ocserv segfaults when accepting connections:

[root@shinybook tests]# valgrind  /usr/sbin/ocserv -d 1 -f -c configs/test-user-cert.config
==2261== Memcheck, a memory error detector
==2261== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2261== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==2261== Command: /usr/sbin/ocserv -d 1 -f -c configs/test-user-cert.config
==2261== 
Skipping unknown option 'cookie-validity'
Parsing plain auth method subconfig using legacy format
Setting 'certificate+plain' as primary authentication method
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[2261]: main: not using control unix socket
ocserv[2261]: main: initialized ocserv 0.10.12
ocserv[2263]: sec-mod: reading supplemental config from files
ocserv[2263]: sec-mod: sec-mod initialized (socket: ./ocserv-socket.2261)
ocserv[2261]: main: processed 1 CA certificate(s)
ocserv[2272]: worker:  tlslib.c:379: no certificate was found
==2272== Conditional jump or move depends on uninitialised value(s)
==2272==    at 0x5E1FFC4: http_parser_execute (http_parser.c:1927)
==2272==    by 0x11B6B0: vpn_server (worker-vpn.c:520)
==2272==    by 0x115869: main (main.c:1265)
==2272== 
==2272== Use of uninitialised value of size 8
==2272==    at 0x5E1FFE3: http_parser_execute (http_parser.c:1927)
==2272==    by 0xBFAD1AF: ???
==2272==    by 0x11B6B0: vpn_server (worker-vpn.c:520)
==2272==    by 0x115869: main (main.c:1265)
==2272== 
==2272== Jump to the invalid address stated on the next line
==2272==    at 0x6F6974616D726F66: ???
==2272==    by 0x6F6973726576206B: ???
==2272==    by 0x2022302E31223D6D: ???
==2272==    by 0x676E69646F636E64: ???
==2272==    by 0x22382D465455223C: ???
==2272==    by 0x666E6F633C0A3E3E: ???
==2272==    by 0x20687475612D6768: ???
==2272==    by 0x223D746E65696C62: ???
==2272==    by 0x70797420226E7075: ???
==2272==    by 0x2274696E69223D64: ???
==2272==    by 0x6F69737265763C3D: ???
==2272==    by 0x76223D6F6877206D: ???
==2272==  Address 0x6f6974616d726f66 is not stack'd, malloc'd or (recently) free'd
==2272== 
==2272== 
==2272== Process terminating with default action of signal 11 (SIGSEGV)
==2272==  Bad permissions for mapped region at address 0x6F6974616D726F66
==2272==    at 0x6F6974616D726F66: ???
==2272==    by 0x6F6973726576206B: ???
==2272==    by 0x2022302E31223D6D: ???
==2272==    by 0x676E69646F636E64: ???
==2272==    by 0x22382D465455223C: ???
==2272==    by 0x666E6F633C0A3E3E: ???
==2272==    by 0x20687475612D6768: ???
==2272==    by 0x223D746E65696C62: ???
==2272==    by 0x70797420226E7075: ???
==2272==    by 0x2274696E69223D64: ???
==2272==    by 0x6F69737265763C3D: ???
==2272==    by 0x76223D6F6877206D: ???
==2272== 
==2272== HEAP SUMMARY:
==2272==     in use at exit: 249,462 bytes in 851 blocks
==2272==   total heap usage: 3,114 allocs, 2,263 frees, 1,302,359 bytes allocated
==2272== 
==2272== LEAK SUMMARY:
==2272==    definitely lost: 8,448 bytes in 2 blocks
==2272==    indirectly lost: 0 bytes in 0 blocks
==2272==      possibly lost: 42,521 bytes in 30 blocks
==2272==    still reachable: 125,789 bytes in 818 blocks
==2272==         suppressed: 72,704 bytes in 1 blocks
==2272== Rerun with --leak-check=full to see details of leaked memory
==2272== 
==2272== For counts of detected and suppressed errors, rerun with: -v
==2272== Use --track-origins=yes to see where uninitialised values come from
==2272== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
ocserv[2261]: main: [::1]:54118 user disconnected (rx: 0, tx: 0)
ocserv[2261]: main: main.c:521: Child 2272 died with sigsegv

--- Additional comment from David Woodhouse on 2016-09-07 18:35:02 EDT ---

Rebuilding ocserv against the new http-parser 'fixes' it. Did the library break binary compatibility without updating its soname?
Comment 1 Fedora Update System 2017-01-09 10:12:48 UTC 
ocserv-0.11.6-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-63c298b073
Comment 2 Fedora Update System 2017-01-10 10:19:44 UTC 
ocserv-0.11.6-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-63c298b073
Comment 3 Stephen Gallagher 2017-01-16 13:08:47 UTC 
*** Bug 1413463 has been marked as a duplicate of this bug. ***
Comment 4 Fedora Update System 2017-01-20 15:20:40 UTC 
ocserv-0.11.6-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.