Description of problem: apcaccess crashes if run without apcupsd running Version-Release number of selected component (if applicable): apcupsd-3.14.13-1.fc22.x86_64 How reproducible: every time Steps to Reproduce: 1.run 'apcaccess` without starting the apcupsd service Actual results: *** buffer overflow detected ***: apcaccess terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x77e9d)[0x7fa5fbbbfe9d] /lib64/libc.so.6(__fortify_fail+0x37)[0x7fa5fbc5b9f7] /lib64/libc.so.6(+0x111b90)[0x7fa5fbc59b90] /lib64/libc.so.6(+0x113967)[0x7fa5fbc5b967] apcaccess(+0x44da)[0x7fa5fcbec4da] apcaccess(+0x468f)[0x7fa5fcbec68f] apcaccess(+0x2e96)[0x7fa5fcbeae96] /lib64/libc.so.6(__libc_start_main+0xf0)[0x7fa5fbb68790] apcaccess(+0x31f9)[0x7fa5fcbeb1f9] Expected results: no crash, error message about not being able to talk to apcupsd
The crash seems to happen in net_nbytes(), in apclibnis.c:77, while preparing file descriptors FD_SET(fd, &fds); for the select() call Program received signal SIGABRT, Aborted. 0x00007ffff6fa4a98 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) where #0 0x00007ffff6fa4a98 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x00007ffff6fa672a in __GI_abort () at abort.c:89 #2 0x00007ffff6fe7ea2 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff70f8696 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff70839f7 in __GI___fortify_fail (msg=msg@entry=0x7ffff70f863c "buffer overflow detected") at fortify_fail.c:31 #4 0x00007ffff7081b90 in __GI___chk_fail () at chk_fail.c:28 #5 0x00007ffff7083967 in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25 #6 0x00005555555584da in read_nbytes (fd=fd@entry=-111, ptr=ptr@entry=0x7fffffff4d76 "", nbytes=nbytes@entry=2) at apclibnis.c:77 #7 0x000055555555868f in net_recv (sockfd=-111, buff=0x7fffffffe0e0 "q\006 \230\001", maxlen=257) at apclibnis.c:170 #8 0x0000555555556e96 in do_pthreads_status (flags=0, par=<optimized out>, port=3551, host=0x7fffffffe0d0 "localhost") at apcaccess.c:60 #9 main (argc=<optimized out>, argv=<optimized out>) at apcaccess.c:223
The FD_SET() function calls __fdelt_chk() on the file descriptor, which aborts for negative file descriptors. The problem is in net_open(); according to its own API contract in the leading comments, it's supposed to return -1 (INVALID_SOCKET) on error, but instead it returns all kinds of errno-related errors. Subsequently, the check for invalid fd in do_pthreads_status at apcaccess.c:52 52 if ((sockfd = net_open(host, NULL, port)) == INVALID_SOCKET) { is ineffective and passes on bad socketfds for processing.
apcupsd-3.14.13-4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-d09886fa52
apcupsd-3.14.13-2.fc21 has been submitted as an update to Fedora 21. https://bodhi.fedoraproject.org/updates/FEDORA-2015-e8eded3b5a
apcupsd-3.14.13-2.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update apcupsd' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-e8eded3b5a
apcupsd-3.14.13-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update apcupsd' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-482e23724e
apcupsd-3.14.13-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update apcupsd' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-d09886fa52
apcupsd-3.14.13-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
apcupsd-3.14.13-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.