seg fault if digest auth contains "charset"

[User65k]

Hi,

I tried to run siege against an lighttpd with digest authentication. That results in

HTTP/1.0 401 Unauthorized
WWW-Authenticate: Digest realm="###", charset="UTF-8", nonce="###", qop="auth"
Content-Type: text/html
Content-Length: 347
Connection: close
Date: Wed, 13 Oct 2021 10:56:28 GMT
Server: lighttpd/1.4.53

unknown key [charset]
zsh: segmentation fault (core dumped)  siege -g http://###/

Sources:

• https://github.com/JoeDog/siege/blob/master/src/auth.c#L1103
• https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/4b412797b80676d41dd08cc83d530d4b4710581d?style=split&whitespace=

[JoeDog]

Do you know how to get a stack trace out of the core dump? If so, could you reply with it?

On Wed, Oct 13, 2021 at 7:01 AM User65k @.***> wrote:

Hi,

I tried to run siege against an lighttpd with digest authentication. That results in

HTTP/1.0 401 Unauthorized WWW-Authenticate: Digest realm="###", charset="UTF-8", nonce="###", qop="auth" Content-Type: text/html Content-Length: 347 Connection: close Date: Wed, 13 Oct 2021 10:56:28 GMT Server: lighttpd/1.4.53

unknown key [charset] zsh: segmentation fault (core dumped) siege -g http://###/

Sources:

• https://github.com/JoeDog/siege/blob/master/src/auth.c#L1103

• https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/4b412797b80676d41dd08cc83d530d4b4710581d?style=split&whitespace=

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/JoeDog/siege/issues/200, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJRHZSRGIHMP2NLHJDADOTUGVRKFANCNFSM5F44XAGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Jeff Fulmer 1-717-799-8226 https://www.joedog.org/ He codes

[User65k]

Sure:

           PID: 17558 (siege)
        Signal: 11 (SEGV)
  Command Line: siege -g http://###/
    Executable: /usr/bin/siege
       Message: Process 17558 (siege) of user 1000 dumped core.

                Stack trace of thread 17559:
                #0  0x00007fa89850b12d __strcasecmp_l_avx (libc.so.6 + 0x15d12d)
                #1  0x0000557c96fc1208 __get_h_a1.isra.0 (siege + 0x1e208)
                #2  0x0000557c96fb196e auth_get_digest_header.part.0 (siege + 0xe96e)
                #3  0x0000557c96fb48c9 http_get (siege + 0x118c9)
                #4  0x0000557c96fb7f95 __http (siege + 0x14f95)
                #5  0x0000557c96fb829c __http (siege + 0x1529c)
                #6  0x0000557c96fb8c12 start (siege + 0x15c12)
                #7  0x0000557c96faf191 crew_thread (siege + 0xc191)
                #8  0x00007fa89892b299 start_thread (libpthread.so.0 + 0x9299)
                #9  0x00007fa8984ae353 __clone (libc.so.6 + 0x100353)

                Stack trace of thread 17558:
                #0  0x00007fa898937a8a __futex_abstimed_wait_common64 (libpthread.so.0 + 0x15a8a)
                #1  0x00007fa89892c793 __pthread_clockjoin_ex (libpthread.so.0 + 0xa793)
                #2  0x0000557c96fabe31 main (siege + 0x8e31)
                #3  0x00007fa8983d5b75 __libc_start_main (libc.so.6 + 0x27b75)
                #4  0x0000557c96fad6fe _start (siege + 0xa6fe)

                Stack trace of thread 17560:
                #0  0x00007fa8983ec062 __sigtimedwait (libc.so.6 + 0x3e062)
                #1  0x00007fa89893555c sigwait (libpthread.so.0 + 0x1355c)
                #2  0x0000557c96fb0c4a sig_handler (siege + 0xdc4a)
                #3  0x00007fa89892b299 start_thread (libpthread.so.0 + 0x9299)
                #4  0x00007fa8984ae353 __clone (libc.so.6 + 0x100353)

[JoeDog]

Do you have a hunch as to what character is causing this?

On Thu, Oct 14, 2021 at 4:30 AM User65k @.***> wrote:

Sure:

       PID: 17558 (siege)
    Signal: 11 (SEGV)

Command Line: siege -g http://###/ Executable: /usr/bin/siege Message: Process 17558 (siege) of user 1000 dumped core.

            Stack trace of thread 17559:
            #0  0x00007fa89850b12d __strcasecmp_l_avx (libc.so.6 + 0x15d12d)
            #1  0x0000557c96fc1208 __get_h_a1.isra.0 (siege + 0x1e208)
            #2  0x0000557c96fb196e auth_get_digest_header.part.0 (siege + 0xe96e)
            #3  0x0000557c96fb48c9 http_get (siege + 0x118c9)
            #4  0x0000557c96fb7f95 __http (siege + 0x14f95)
            #5  0x0000557c96fb829c __http (siege + 0x1529c)
            #6  0x0000557c96fb8c12 start (siege + 0x15c12)
            #7  0x0000557c96faf191 crew_thread (siege + 0xc191)
            #8  0x00007fa89892b299 start_thread (libpthread.so.0 + 0x9299)
            #9  0x00007fa8984ae353 __clone (libc.so.6 + 0x100353)

            Stack trace of thread 17558:
            #0  0x00007fa898937a8a __futex_abstimed_wait_common64 (libpthread.so.0 + 0x15a8a)
            #1  0x00007fa89892c793 __pthread_clockjoin_ex (libpthread.so.0 + 0xa793)
            #2  0x0000557c96fabe31 main (siege + 0x8e31)
            #3  0x00007fa8983d5b75 __libc_start_main (libc.so.6 + 0x27b75)
            #4  0x0000557c96fad6fe _start (siege + 0xa6fe)

            Stack trace of thread 17560:
            #0  0x00007fa8983ec062 __sigtimedwait (libc.so.6 + 0x3e062)
            #1  0x00007fa89893555c sigwait (libpthread.so.0 + 0x1355c)
            #2  0x0000557c96fb0c4a sig_handler (siege + 0xdc4a)
            #3  0x00007fa89892b299 start_thread (libpthread.so.0 + 0x9299)
            #4  0x00007fa8984ae353 __clone (libc.so.6 + 0x100353)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/JoeDog/siege/issues/200#issuecomment-943134433, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJRHZXVXAJBGQPIND4IUWDUG2IKBANCNFSM5F44XAGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Jeff Fulmer 1-717-799-8226 https://www.joedog.org/ He codes

[User65k]

No, but maybe the registers help?

(gdb) info registers
rax            0x15                21
rbx            0x7fa8900217b0      140361947289520
rcx            0x0                 0
rdx            0x7fa898572320      140362087080736
rsi            0x0                 0
rdi            0x557c96fc4215      93993597420053
rbp            0x0                 0x0
rsp            0x7fa89839d138      0x7fa89839d138
r8             0x7fa89001c450      140361947268176
r9             0x7fa89839eac0      140362085165760
r10            0x61669f3c          1634115388
r11            0x38                56
r12            0x7fa890022150      140361947291984
r13            0x7fa890021f40      140361947291456
r14            0x557c96fc5e43      93993597427267
r15            0x0                 0
rip            0x7fa89850b12d      0x7fa89850b12d <__strcasecmp_l_avx+73>
eflags         0x10283             [ CF SF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
(gdb) x/s 0x7fa8900217b0
0x7fa8900217b0: "0!\002\220\250\177"
(gdb) x/s 0x7fa898572320
0x7fa898572320 <_nl_global_locale>:     "\200\345V\230\250\177"
(gdb) x/s 0x557c96fc4215
0x557c96fc4215: "MD5"
(gdb) x/s 0x7fa89839d138
0x7fa89839d138: "\b\022\374\226|U"
(gdb) x/s 0x7fa89001c450
0x7fa89001c450: ", cnonce=\"EaC/dc9ZcKp5Tus4\""
(gdb) x/s 0x7fa89839eac0
0x7fa89839eac0: "/gal/"                                              (path)
(gdb) x/s 0x7fa890022150
0x7fa890022150: "gal"                                                (value from realm)
(gdb) x/s 0x7fa890021f40
0x7fa890021f40: "6166bb5c:a601090c793d6b7b20842485ba829f31"          (value from nonce)
(gdb) x/s 0x557c96fc5e43
0x557c96fc5e43: "\""

[User65k]

Seems like the algorithm key is missing and thats causing the seg vault

[JoeDog]

Thanks, I'll check it out.

On Mon, Oct 18, 2021 at 3:56 AM User65k @.***> wrote:

Seems like the algorithm key is missing and thats causing the seg vault

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/JoeDog/siege/issues/200#issuecomment-945463957, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJRHZXPRTHNGQ5TWBHEXT3UHPHK3ANCNFSM5F44XAGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Jeff Fulmer 1-717-799-8226 https://www.joedog.org/ He codes