Bug 493578 - ss utility, iproute2-ss061002 - Segmentation fault
ss utility, iproute2-ss061002 - Segmentation fault
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: iproute (Show other bugs)
5.3
All Linux
low Severity low
: rc
: ---
Assigned To: Marcela Mašláňová
BaseOS QE Security Team
: Regression
: 493622 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-02 06:41 EDT by Mihail Peltekov
Modified: 2013-04-12 16:09 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-21 07:04:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream commit git 69cae645b28edbba53c8601ddeba01430e5e9da0 (1.80 KB, patch)
2009-04-07 10:11 EDT, Marcela Mašláňová
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
CentOS 3475 None None None Never

  None (edit)
Description Mihail Peltekov 2009-04-02 06:41:39 EDT
when i type
[root@myserver ~]# ss
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.1.0.12:ssh x.x.x.x:4172
ESTAB 0 0 10.1.0.12:mysql 10.1.0.11:34003
Segmentation fault
[root@myserver ~]#

When ipv6 is off 

close(4) = 0
open("/proc/net/tcp6", O_RDONLY) = -1 ENOENT (No such file or directory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---


I try this on i386 and x86_64 and is the same error
Comment 1 Mihail Peltekov 2009-04-02 06:47:42 EDT
http://bugs.centos.org/view.php?id=3475
Comment 2 Marcela Mašláňová 2009-04-07 05:27:26 EDT
*** Bug 493622 has been marked as a duplicate of this bug. ***
Comment 3 Marcela Mašláňová 2009-04-07 10:09:46 EDT
You can use for the meantime: "ss -f inet"

After fixing previous problem "not showing all socket states" #446198 with upstream commit ab01dbbb94b8620c2bc85e30e107c3a9f0870a73 show up different bugs. On RHEL-5 machine could be seen this one, which could be fixed by upstream commit:
69cae645b28edbba53c8601ddeba01430e5e9da0
Comment 4 Marcela Mašláňová 2009-04-07 10:11:31 EDT
Created attachment 338509 [details]
Upstream commit git 69cae645b28edbba53c8601ddeba01430e5e9da0
Comment 7 Roberto 2009-06-08 18:14:23 EDT
In the function:

static FILE *generic_proc_open(const char *env, const char *name)
{
        char store[128];
        const char *p = getenv(env);
        FILE *fp;
        if (!p) {
                p = getenv("PROC_ROOT") ? : "/proc";
                snprintf(store, sizeof(store)-1, "%s/%s", p, name);
                p = store;
        }

        return fopen(p, "r");
}

PROC_ROOT can be something longer than 128 and cause other segfault.
Comment 8 Marcela Mašláňová 2009-06-09 02:20:26 EDT
(In reply to comment #7)
> In the function:
> 
> static FILE *generic_proc_open(const char *env, const char *name)
> {
>         char store[128];
>         const char *p = getenv(env);
>         FILE *fp;
>         if (!p) {
>                 p = getenv("PROC_ROOT") ? : "/proc";
>                 snprintf(store, sizeof(store)-1, "%s/%s", p, name);
>                 p = store;
>         }
> 
>         return fopen(p, "r");
> }
> 
> PROC_ROOT can be something longer than 128 and cause other segfault.  

If you have a reproducer for this problem, then please open a new bug. This is different problem.
Comment 9 Roberto 2009-06-09 03:55:40 EDT
(In reply to comment #8)
> (In reply to comment #7)
> > In the function:
> > 
> > static FILE *generic_proc_open(const char *env, const char *name)
> > {
> >         char store[128];
> >         const char *p = getenv(env);
> >         FILE *fp;
> >         if (!p) {
> >                 p = getenv("PROC_ROOT") ? : "/proc";
> >                 snprintf(store, sizeof(store)-1, "%s/%s", p, name);
> >                 p = store;
> >         }
> > 
> >         return fopen(p, "r");
> > }
> > 
> > PROC_ROOT can be something longer than 128 and cause other segfault.  
> 
> If you have a reproducer for this problem, then please open a new bug. This is
> different problem.  

I didn't see (i'm blind..) the snprintf out of bound comprobation and the segfault was produced because the content of PROC_ROOT was an invalid path (you fixed it in the last attachment). 

Sorry.
Comment 15 errata-xmlrpc 2009-10-21 07:04:45 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1520.html

Note You need to log in before you can comment on or make changes to this bug.