Bug 2256665 - conserver buffer overflow
Summary: conserver buffer overflow
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: conserver
Version: rawhide
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Lukáš Zaoral
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-01-03 17:10 UTC by Jeff Moyer
Modified: 2024-01-25 00:58 UTC (History)
3 users (show)

Fixed In Version: conserver-8.2.7-6.fc40 conserver-8.2.7-5.el9 conserver-8.2.7-6.fc39 conserver-8.2.7-5.fc38 conserver-8.2.1-5.el7 conserver-8.2.2-6.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-01-16 16:51:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Fix a buffer overflow (546 bytes, patch)
2024-01-03 17:11 UTC, Jeff Moyer
no flags Details | Diff

Description Jeff Moyer 2024-01-03 17:10:25 UTC
We experienced conserver crashes that were always preceded by the server receiving SIGHUP.  See https://github.com/bstansell/conserver/issues/93 for more details, and the corresponding upstream pull request here: https://github.com/bstansell/conserver/pull/95.

The basic issue is that FileUnopen is returning -1, and that value is used to index into an fd_set.  The fix linked above modifies FileUnopen to return a valid fd.  A more conservative fix would modify the caller to check for -1, and avoid the FD_CLR.  I will attach a patch that does the latter to this bug, as that is what we deployed internally.

Reproducible: Didn't try

Steps to Reproduce:
I believe that you would have to have active SSL connections when SIGHUP is received by the conserver process.
Actual Results:  
conserver crashes, and the logs show:

[Wed Sep 20 08:57:32 2023] conserver (46864): [ibm-hs22-5.swcert.cee.pnq.redhat.com] exit(2)
[Wed Sep 20 08:57:32 2023] conserver (46864): [ibm-hs22-5.swcert.cee.pnq.redhat.com] automatic reinitialization
*** buffer overflow detected ***: /usr/sbin/conserver terminated
[Wed Sep 20 08:57:32 2023] conserver (56606): [dell-per320-03.khw2.lab.eng.bos.redhat.com] exit(1)
[Wed Sep 20 08:57:32 2023] conserver (56606): [dell-per320-03.khw2.lab.eng.bos.redhat.com] automatic reinitialization
[Wed Sep 20 08:57:32 2023] conserver (47817): [dev203.mw.lab.eng.bos.redhat.com] exit(1)
[Wed Sep 20 08:57:32 2023] conserver (47817): [dev203.mw.lab.eng.bos.redhat.com] automatic reinitialization
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7facde1987a7]
/lib64/libc.so.6(+0x116922)[0x7facde196922]
/lib64/libc.so.6(+0x118707)[0x7facde198707]
/usr/sbin/conserver(+0x158d2)[0x558ddb5468d2]
/usr/sbin/conserver(+0x2581a)[0x558ddb55681a]
/usr/sbin/conserver(+0x1944f)[0x558ddb54a44f]
/usr/sbin/conserver(+0x78f8)[0x558ddb5388f8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7facde0a2555]
/usr/sbin/conserver(+0x7c79)[0x558ddb538c79]
...


Expected Results:  
conserver continues to run

Comment 1 Jeff Moyer 2024-01-03 17:11:38 UTC
Created attachment 2007046 [details]
Fix a buffer overflow

Comment 2 Fedora Update System 2024-01-16 16:50:32 UTC
FEDORA-2024-b42c9e53be has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-b42c9e53be

Comment 3 Fedora Update System 2024-01-16 16:51:29 UTC
FEDORA-2024-b42c9e53be has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 4 Fedora Update System 2024-01-16 16:55:55 UTC
FEDORA-EPEL-2024-485ca40cbd has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-485ca40cbd

Comment 5 Fedora Update System 2024-01-16 16:55:55 UTC
FEDORA-EPEL-2024-698eea42eb has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-698eea42eb

Comment 6 Fedora Update System 2024-01-16 16:55:56 UTC
FEDORA-2024-329d379065 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-329d379065

Comment 7 Fedora Update System 2024-01-16 16:55:56 UTC
FEDORA-2024-b643778254 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-b643778254

Comment 8 Fedora Update System 2024-01-17 00:44:46 UTC
FEDORA-EPEL-2024-a8c18697dc has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a8c18697dc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2024-01-17 01:12:59 UTC
FEDORA-EPEL-2024-698eea42eb has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-698eea42eb

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2024-01-17 01:19:17 UTC
FEDORA-EPEL-2024-485ca40cbd has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-485ca40cbd

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2024-01-17 01:44:03 UTC
FEDORA-2024-b643778254 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-b643778254`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-b643778254

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2024-01-17 18:07:00 UTC
FEDORA-2024-329d379065 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-329d379065`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-329d379065

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2024-01-25 00:37:43 UTC
FEDORA-EPEL-2024-a8c18697dc has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 Fedora Update System 2024-01-25 00:40:46 UTC
FEDORA-2024-329d379065 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2024-01-25 00:47:28 UTC
FEDORA-2024-b643778254 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Fedora Update System 2024-01-25 00:57:06 UTC
FEDORA-EPEL-2024-485ca40cbd has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 17 Fedora Update System 2024-01-25 00:58:11 UTC
FEDORA-EPEL-2024-698eea42eb has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.