Bug 251911 - Parsing log file with aureport causes segmentation fault
Parsing log file with aureport causes segmentation fault
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
5.1
All Linux
high Severity high
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-13 09:17 EDT by Eduard Benes
Modified: 2007-11-16 20:14 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0602
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 12:05:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eduard Benes 2007-08-13 09:17:05 EDT
Description of problem:
I run into segfaults while using ausearch during verification of bug # 226780 
with new packages (audit-1.5.5-3.el5). The ausearch segfaults for all archs, 
but not at all systems (ie, it works on i386-client while segfaults on i386-
server). This is most likely caused by some newly generated record.

Version-Release number of selected component (if applicable):
audit-1.5.5-3.el5

Steps to Reproduce:
1. Follow the "steps to reproduce" for bug # 226780.
2. After running ausearch in the last step, you will most likely get 
segmentation fault. (Caused by some record generated during the bug 
reproduction?)
  
Actual results:
Parsing audit.log with ausearch causes segmentation fault.

Expected results:
No segmentation fault ...

Additional info:
Up to now I wasn't able to track down the exact record that is causing the 
segfault.
Here goes the traceback:
< snip >
[root/sysadm_r/SystemLow@pipa01 ~]# gdb ausearch
GNU gdb Red Hat Linux (6.5-16.el5rh)
...
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db 
library "/lib64/libthread_db.so.1".

(gdb) run --start recent -k executable
Starting program: /sbin/ausearch --start recent -k executable
[Thread debugging using libthread_db enabled]
[New Thread 46912496171232 (LWP 15822)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496171232 (LWP 15822)]
parse_user (n=<value optimized out>, s=0x7fff612e4a00) at ausearch-parse.c:722
722                                     *term = 0;
(gdb) bt
#0  parse_user (n=<value optimized out>, s=0x7fff612e4a00) at ausearch-
parse.c:722
#1  0x0000000000408543 in extract_search_items (l=0x7fff612e49d0) at ausearch-
parse.c:176
#2  0x00000000004069a9 in match (l=0x7fff612e49d0) at ausearch-match.c:51
#3  0x0000000000402135 in process_log_fd () at ausearch.c:185
#4  0x00000000004024e6 in main (argc=<value optimized out>, argv=<value 
optimized out>) at ausearch.c:152
#5  0x0000003682e1d8a4 in __libc_start_main () from /lib64/libc.so.6
#6  0x0000000000401dd9 in _start ()
< /snip >
Comment 1 Eduard Benes 2007-08-13 11:20:38 EDT
This bug affects also aureport tool:

[root/sysadm_r/SystemLow@pipa01 ~]# aureport 

Summary Report
======================
Segmentation fault
[root/sysadm_r/SystemLow@pipa01 ~]# gdb aureport
GNU gdb Red Hat Linux (6.5-16.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db 
library "/lib64/libthread_db.so.1".

(gdb) run
Starting program: /sbin/aureport 
[Thread debugging using libthread_db enabled]
[New Thread 46912496171232 (LWP 2360)]

Summary Report
======================

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496171232 (LWP 2360)]
parse_user (n=<value optimized out>, s=0x7fff4f501bd0) at ausearch-parse.c:722
722                                     *term = 0;
(gdb) bt
#0  parse_user (n=<value optimized out>, s=0x7fff4f501bd0) at ausearch-
parse.c:722
#1  0x0000000000406213 in extract_search_items (l=0x7fff4f501ba0) at ausearch-
parse.c:176
#2  0x0000000000407ba0 in scan (l=0x7fff4f501ba0) at aureport-scan.c:190
#3  0x0000000000401af7 in process_log_fd (filename=0x1f4cc030 "/var/log/audit/
audit.log") at aureport.c:205
#4  0x0000000000401ff2 in main (argc=<value optimized out>, argv=<value 
optimized out>) at aureport.c:160
#5  0x0000003682e1d8a4 in __libc_start_main () from /lib64/libc.so.6
#6  0x0000000000401739 in _start ()
(gdb) 

Comment 2 Steve Grubb 2007-08-13 12:29:17 EDT
aureport bug is understood. A struct was not getting cleared at program init and
free was segfaulting on invalid pointers. Ausearch bug was not reproducible.
Comment 6 RHEL Product and Program Management 2007-08-13 13:46:33 EDT
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 7 Steve Grubb 2007-08-13 14:22:50 EDT
The ausearch bug reported above is a known bug fixed under bz 249759.
(audit-1.5.5-3 was being used for testing.) The aureport bug is new, though.
Comment 11 errata-xmlrpc 2007-11-07 12:05:06 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0602.html

Note You need to log in before you can comment on or make changes to this bug.