Description of problem: During testing new oscap for regressions I found that running oscap --version noninteractively (exact condition in progress) causes it to abort with *** stack smashing detected ***: oscap terminated Version-Release number of selected component (if applicable): openscap-0.9.8-1.el5 How reproducible: Investigating Steps to Reproduce: 1. Run oscap --version 2. Check for exit code Actual results: Exit code 0 Expected results: Nonzero exit code and *** stack smashing detected ***: oscap terminated Additional info:
(In reply to Lukas -krtek.net- Novy from comment #0) > Description of problem: > During testing new oscap for regressions I found that running oscap > --version noninteractively (exact condition in progress) causes it to abort > with *** stack smashing detected ***: oscap terminated > > Version-Release number of selected component (if applicable): > openscap-0.9.8-1.el5 > > How reproducible: > Investigating > > Steps to Reproduce: > 1. Run oscap --version > 2. Check for exit code > > Actual results: > Exit code 0 > > Expected results: > Nonzero exit code and *** stack smashing detected ***: oscap terminated > > Additional info: Please run it through gdb and provide a backtrace. Thanks.
Reproducibily doesn't depend on noninteractively, at least on ppc64 #0 0x0f396320 in raise () from /lib/libc.so.6 #1 0x0f398024 in abort () from /lib/libc.so.6 #2 0x0f3d79a4 in __libc_message () from /lib/libc.so.6 #3 0x0f46fc68 in __stack_chk_fail () from /lib/libc.so.6 #4 0x0ff978e4 in ?? () from /usr/lib/libopenscap.so.3 #5 0x0ff32b38 in oval_probe_meta_list () from /usr/lib/libopenscap.so.3 #6 0x10005cd8 in ?? () #7 0x100060a8 in ?? () #8 0x10006e60 in ?? () #9 0x10005f94 in ?? () #10 0x0f37de20 in generic_start_main () from /lib/libc.so.6 #11 0x0f37e060 in __libc_start_main () from /lib/libc.so.6 #12 0x00000000 in ?? ()
(In reply to Lukas -krtek.net- Novy from comment #3) > Reproducibily doesn't depend on noninteractively, at least on ppc64 > > #0 0x0f396320 in raise () from /lib/libc.so.6 > #1 0x0f398024 in abort () from /lib/libc.so.6 > #2 0x0f3d79a4 in __libc_message () from /lib/libc.so.6 > #3 0x0f46fc68 in __stack_chk_fail () from /lib/libc.so.6 > #4 0x0ff978e4 in ?? () from /usr/lib/libopenscap.so.3 > #5 0x0ff32b38 in oval_probe_meta_list () from /usr/lib/libopenscap.so.3 > #6 0x10005cd8 in ?? () > #7 0x100060a8 in ?? () > #8 0x10006e60 in ?? () > #9 0x10005f94 in ?? () > #10 0x0f37de20 in generic_start_main () from /lib/libc.so.6 > #11 0x0f37e060 in __libc_start_main () from /lib/libc.so.6 > #12 0x00000000 in ?? () Thanks. Is that with openscap's debuginfo loaded? Also, would it be possible to run it through valgrind? It could give us some more hints.
with debuginfo: #0 0x0f396320 in raise () from /lib/libc.so.6 #1 0x0f398024 in abort () from /lib/libc.so.6 #2 0x0f3d79a4 in __libc_message () from /lib/libc.so.6 #3 0x0f46fc68 in __stack_chk_fail () from /lib/libc.so.6 #4 0x0ff978e4 in __stack_chk_fail_local () from /usr/lib/libopenscap.so.3 #5 0x0ff32b38 in oval_probe_meta_list (output=0xf5003f8, flags=-1190863) at oval_probe.c:651 #6 0x10005cd8 in ?? () #7 0x100060a8 in ?? () #8 0x10006e60 in ?? () #9 0x10005f94 in ?? () #10 0x0f37de20 in generic_start_main () from /lib/libc.so.6 #11 0x0f37e060 in __libc_start_main () from /lib/libc.so.6 #12 0x00000000 in ?? () through valgrind: valgrind: Bad option '--leak-check=fill'; aborting. valgrind: Use --help for more information. [root@ibm-js21-01 ~]# valgrind -v --leak-check=full `which oscap` --version ==3733== Memcheck, a memory error detector ==3733== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==3733== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==3733== Command: /usr/bin/oscap --version ==3733== --3733-- Valgrind options: --3733-- -v --3733-- --leak-check=full --3733-- Contents of /proc/version: --3733-- Linux version 2.6.18-363.el5 (mockbuild.bos.redhat.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-54)) #1 SMP Mon Jun 24 11:53:19 EDT 2013 --3733-- Arch and hwcaps: PPC32, ppc32-int-flt-vmx-FX-GX --3733-- Page sizes: currently 65536, max supported 65536 --3733-- Valgrind library directory: /usr/lib/valgrind --3733-- Reading syms from /lib/ld-2.5.so (0x4400000) --3733-- Reading syms from /usr/bin/oscap (0x10000000) --3733-- Reading debug info from /usr/lib/debug/usr/bin/oscap.debug .. --3733-- .. CRC mismatch (computed bbe81047 wanted b82e5e4c) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/valgrind/memcheck-ppc32-linux (0x38000000) --3733-- object doesn't have a dynamic symbol table --3733-- Reading suppressions file: /usr/lib/valgrind/default.supp --3733-- REDIR: 0x44195a0 (strlen) redirected to 0x38049684 (vgPlain_ppc32_linux_REDIR_FOR_strlen) --3733-- REDIR: 0x44194b0 (strcmp) redirected to 0x380496ac (vgPlain_ppc32_linux_REDIR_FOR_strcmp) --3733-- REDIR: 0x44193d0 (index) redirected to 0x38049720 (vgPlain_ppc32_linux_REDIR_FOR_strchr) --3733-- Reading syms from /usr/lib/valgrind/vgpreload_core-ppc32-linux.so (0xffd0000) --3733-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-ppc32-linux.so (0xffa0000) --3733-- REDIR: 0x4419a80 (bcmp) redirected to 0xffa6100 (bcmp) --3733-- REDIR: 0x441ae60 (memcpy) redirected to 0xffa80c0 (memcpy) --3733-- REDIR: 0x441ac20 (mempcpy) redirected to 0xffa7650 (mempcpy) --3733-- Reading syms from /usr/lib/libopenscap.so.3.3.0 (0xfe80000) --3733-- Reading debug info from /usr/lib/debug/usr/lib/libopenscap.so.3.3.0.debug .. --3733-- Reading syms from /usr/lib/libcurl.so.3.0.0 (0xfe10000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libgssapi_krb5.so.2.2 (0xfdb0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libkrb5.so.3.3 (0xfce0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libk5crypto.so.3.1 (0xfc90000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libcom_err.so.2.1 (0xfc60000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libidn.so.11.5.19 (0xfc00000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libssl.so.0.9.8e (0xfb90000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libcrypto.so.0.9.8e (0xfa00000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libexslt.so.0.8.13 (0xf9c0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libxslt.so.1.1.17 (0xf960000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libgcrypt.so.11.5.2 (0xf8b0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libdl-2.5.so (0xf870000) --3733-- Reading syms from /usr/lib/libgpg-error.so.0.3.0 (0xf840000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libpthread-2.5.so (0xf7f0000) --3733-- Reading syms from /lib/librt-2.5.so (0xf7b0000) --3733-- Reading syms from /lib/libpcre.so.0.0.1 (0xf770000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /usr/lib/libxml2.so.2.6.26 (0xf5f0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libz.so.1.2.3 (0xf5b0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libm-2.5.so (0xf4c0000) --3733-- Reading syms from /lib/libc-2.5.so (0xf300000) --3733-- Reading syms from /usr/lib/libkrb5support.so.0.1 (0xf2d0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libkeyutils-1.2.so (0xf2a0000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libresolv-2.5.so (0xf250000) --3733-- Reading syms from /lib/libselinux.so.1 (0xf200000) --3733-- object doesn't have a symbol table --3733-- Reading syms from /lib/libsepol.so.1 (0xf190000) --3733-- object doesn't have a symbol table --3733-- REDIR: 0xf38c360 (memset) redirected to 0xffa6190 (memset) --3733-- REDIR: 0xf38ce20 (memcpy) redirected to 0xffa82d0 (memcpy) --3733-- REDIR: 0xf38aa60 (rindex) redirected to 0xffa56f0 (rindex) --3733-- REDIR: 0xf3856c0 (malloc) redirected to 0xffa4558 (malloc) --3733-- REDIR: 0xf38b2b0 (memchr) redirected to 0xffa5f60 (memchr) --3733-- REDIR: 0xf38cc50 (strncasecmp) redirected to 0xffa7020 (strncasecmp) --3733-- REDIR: 0xf38a7e0 (strncmp) redirected to 0xffa5ce0 (strncmp) --3733-- REDIR: 0xf38a518 (strlen) redirected to 0xffa5c20 (strlen) --3733-- REDIR: 0xf382b10 (free) redirected to 0xffa3fd8 (free) --3733-- REDIR: 0xf38c5a0 (mempcpy) redirected to 0xffa77b0 (mempcpy) --3733-- REDIR: 0xf385e40 (realloc) redirected to 0xffa464c (realloc) --3733-- REDIR: 0xf389cb0 (index) redirected to 0xffa5820 (index) --3733-- REDIR: 0xf38a980 (strncpy) redirected to 0xffa84e0 (strncpy) --3733-- REDIR: 0xf389d90 (strcmp) redirected to 0xffa5db0 (strcmp) OSCAP util (oscap) 0.9.8 Copyright 2009--2013 Red Hat Inc., Durham, North Carolina. ==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.10.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 ==== Paths ==== Schema files: /usr/share/openscap/schemas Schematron files: /usr/share/openscap/xsl Default CPE files: /usr/share/openscap/cpe Probes: /usr/libexec/openscap ==== Inbuilt CPE names ==== --3733-- REDIR: 0xf389ec0 (strcpy) redirected to 0xffa8680 (strcpy) --3733-- REDIR: 0xf38b400 (bcmp) redirected to 0xffa6070 (bcmp) --3733-- REDIR: 0xf38bef0 (memmove) redirected to 0xffa6210 (memmove) --3733-- REDIR: 0xf3851d0 (calloc) redirected to 0xffa32dc (calloc) Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 Fedora 16 - cpe:/o:fedoraproject:fedora:16 Fedora 17 - cpe:/o:fedoraproject:fedora:17 Fedora 18 - cpe:/o:fedoraproject:fedora:18 Fedora 19 - cpe:/o:fedoraproject:fedora:19 ==== Supported OVAL objects and associated OpenSCAP probes ==== system_info probe_system_info family probe_family filehash probe_filehash environmentvariable probe_environmentvariable textfilecontent54 probe_textfilecontent54 textfilecontent probe_textfilecontent variable probe_variable xmlfilecontent probe_xmlfilecontent environmentvariable58 probe_environmentvariable58 filehash58 probe_filehash58 inetlisteningservers probe_inetlisteningservers rpminfo probe_rpminfo partition probe_partition iflisteners probe_iflisteners rpmverify probe_rpmverify rpmverifyfile probe_rpmverifyfile rpmverifypackage probe_rpmverifypackage selinuxboolean probe_selinuxboolean selinuxsecuritycontext probe_selinuxsecuritycontext file probe_file interface probe_interface password probe_password process probe_process runlevel probe_runlevel shadow probe_shadow uname probe_uname xinetd probe_xinetd sysctl probe_sysctl process58 probe_process58 fileextendedattribute probe_fileextendedattribute routingtable probe_routingtable --3733-- REDIR: 0xf38dd50 (strchrnul) redirected to 0xffa62b0 (strchrnul) *** stack smashing detected ***: /usr/bin/oscap terminated ==3733== ==3733== Process terminating with default action of signal 6 (SIGABRT): dumping core ==3733== at 0xF336320: raise (in /lib/libc-2.5.so) ==3733== by 0xF338023: abort (in /lib/libc-2.5.so) ==3733== by 0xF3779A3: __libc_message (in /lib/libc-2.5.so) ==3733== by 0xF40FC67: __stack_chk_fail (in /lib/libc-2.5.so) ==3733== by 0xFF378E3: __stack_chk_fail_local (in /usr/lib/libopenscap.so.3.3.0) ==3733== by 0xFED2B37: oval_probe_meta_list (oval_probe.c:651) ==3733== by 0x10005CD7: ??? (in /usr/bin/oscap) ==3733== by 0x100060A7: ??? (in /usr/bin/oscap) ==3733== by 0x10006E5F: ??? (in /usr/bin/oscap) ==3733== by 0x10005F93: ??? (in /usr/bin/oscap) ==3733== by 0xF31DE1F: (below main) (in /lib/libc-2.5.so) ==3733== ==3733== HEAP SUMMARY: ==3733== in use at exit: 7,150 bytes in 289 blocks ==3733== total heap usage: 846 allocs, 557 frees, 205,738 bytes allocated ==3733== ==3733== Searching for pointers to 289 not-freed blocks ==3733== Checked 2,111,184 bytes ==3733== ==3733== LEAK SUMMARY: ==3733== definitely lost: 0 bytes in 0 blocks ==3733== indirectly lost: 0 bytes in 0 blocks ==3733== possibly lost: 0 bytes in 0 blocks ==3733== still reachable: 7,150 bytes in 289 blocks ==3733== suppressed: 0 bytes in 0 blocks ==3733== Reachable blocks (those to which a pointer was found) are not shown. ==3733== To see them, rerun with: --leak-check=full --show-reachable=yes ==3733== ==3733== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 7 from 5) --3733-- --3733-- used_suppression: 3 dl-hack3 --3733-- used_suppression: 4 dl-hack1 ==3733== ==3733== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 7 from 5) Aborted
version 0.9.9 #0 0x0f396320 in raise () from /lib/libc.so.6 #1 0x0f398024 in abort () from /lib/libc.so.6 #2 0x0f3d79a4 in __libc_message () from /lib/libc.so.6 #3 0x0f46fc68 in __stack_chk_fail () from /lib/libc.so.6 #4 0x0ff99c84 in __stack_chk_fail_local () from /usr/lib/libopenscap.so.3 #5 0x0ff33358 in oval_probe_meta_list (output=0xf5003f8, flags=-6171599) at oval_probe.c:509 #6 0x10005d18 in ?? () #7 0x100060e8 in ?? () #8 0x10006ea0 in ?? () #9 0x10005fd4 in ?? () #10 0x0f37de20 in generic_start_main () from /lib/libc.so.6 #11 0x0f37e060 in __libc_start_main () from /lib/libc.so.6 #12 0x00000000 in ?? () from ppc64 version 0.9.9 #0 0x0000040000c52a84 in .raise () from /lib64/libc.so.6 #1 0x0000040000c54a94 in .abort () from /lib64/libc.so.6 #2 0x0000040000c918f4 in .__libc_message () from /lib64/libc.so.6 #3 0x0000040000d2c4d8 in .__stack_chk_fail () from /lib64/libc.so.6 #4 0x000004000011495c in oval_probe_meta_list (output=0x40000db0690, flags=38) at oval_probe.c:509 #5 0x0000000010007ad0 in print_versions (action=<value optimized out>) at oscap.c:160 #6 0x0000000010007f48 in oscap_module_call (action=<value optimized out>) at oscap-tool.c:261 #7 0x0000000010008e20 in oscap_module_process (module=0x10026490, argc=2, argv=<value optimized out>) at oscap-tool.c:346 #8 0x0000000010007dec in main (argc=2, argv=0xfffffd8f728) at oscap.c:78
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Choosing mainstream 5.9, 5.9.Z or 5.10 makes no difference.