search

clearlinux / cve-check-tool

Original Automated CVE Checking Tool
GNU General Public License v2.0
204 stars 78 forks source link

Intermittent Crash #17

Closed johnwhiteman closed 8 years ago

johnwhiteman commented 8 years ago

I had one crash, but unable to repeat yet. Juan saw another crash this morning and for both we saw it happening during/after an updated nvdcve-2.0-Modified.xml.gz gets loaded. Juan's old output shows the same (on a different thread), but he was using v5.2. I've instrumented the code to see where it's happening and Juan is doing the same since he has better luck getting the crash.

cd bind-utils cve-check-tool -b bind-utils.spec

Loaded: nvdcve-2.0-Modified.xml.gz Scanned 1 source file Segmentation fault (core dumped)

I don't think it's reaching the JIRA code since the output of the jira_alive() call is not showing. We'll update once we pinpoint the location in main.c.

The best reproducible we have is:

Database already created An updated nvdcve-2.0-Modified.xml.gz is uploaded Things go awry.

johnwhiteman commented 8 years ago

Juan has since updated to latest v5.4

ikeydoherty commented 8 years ago

Is this reproducible from git though? The loading of the NVD DB doesn't appear to be the issue here, as we've completed that load, then used rpm.c to scan the .spec file, and then went boom

johnwhiteman commented 8 years ago

Yes it's reproducible on git. I am trying to reproduce it with an instrumented binary. Once it happens then I'll know exactly. Juan was trying the same thing yesterday. For track_bugs(), is_jira_alive() is called. before anything, but I don't see the output. Of course, that call could be the one that is failing.

johnwhiteman commented 8 years ago

Still no luck with reproducing today. I have a script that is running in the background using a forever loop invoking cve-check-tool -b bind-utils.spec . When seg fault (or any bad exit) occurs, it will log the instrumented output then terminate. I need that data point to pinpoint.

ikeydoherty commented 8 years ago

Are we cleaning up before the bugs are dealt with.. ?

johnwhiteman commented 8 years ago

Yes. We did.

After 1,911 tries last night I finally got a crash. The likely source is somewhere in init_jira_plugin(), not in_jira_alive() as I originally suspected since network can add some randomness. Inside it there are two others calls. One is destroy_jira_plugin() and the other is parse_jira_cfg_file(). The bug seems to only get trigger when the database update occurs (see below), otherwise always works fine. What is strange is that there is no direct relationship between the update event and parsing the jira configuration file. The only global that gets passed down in self->config, but that all gets handled at the start of execution. I am debugging the three functions now, but need another segfault to fail. Running script again in background and will update my findings here when it happens again.

Running: 1775 Running: 1800 Running: 1825 Running: 1850 Running: 1875 Running: 1900 Failed: 1911 Update of db forced % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2002.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2003.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2004.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2005.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2006.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2007.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2008.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2009.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:11 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:12 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:13 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:15 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:16 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:17 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:18 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:19 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:20 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 Skipping: nvdcve-2.0-2010.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:11 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:12 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:13 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:15 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:16 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:17 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:18 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:19 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:20 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 Skipping: nvdcve-2.0-2011.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 Skipping: nvdcve-2.0-2012.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2013.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Skipping: nvdcve-2.0-2014.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:11 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:12 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:13 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:15 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:16 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:17 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:18 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:19 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:20 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:21 --:--:-- 0 Skipping: nvdcve-2.0-2015.xml.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 25 82495 25 21258 0 0 16025 0 0:00:05 0:00:01 0:00:04 16019 100 82495 100 82495 0 0 51585 0 0:00:01 0:00:01 --:--:-- 51559 Loaded: nvdcve-2.0-Modified.xml.gz Scanned 1 source file Segmentation fault (core dumped)

johnwhiteman commented 8 years ago

After 123 tries before crash I was able to track it down to g_slist_reverse() in parse_jira_cfg_file(). Again it happens only when an update precedes it. Have no clue why that makes a difference. My next step will be to programmatically force updates to reproduce on demand then go from there with debugger.

Running: 25 Running: 50 Running: 75 Running: 100 Failed: 123 Update of db forced % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ...

100 92711 100 92711 0 0 136k 0 --:--:-- --:--:-- --:--:-- 135k Loaded: nvdcve-2.0-Modified.xml.gz JLW: auto_bug is true JLW: 0000000000 Scanned 1 source file JLW: 2220000000 JLW: track_bugs() JLW: BEGIN track_bugs() JLW: 1() JLW: init_jira_plugin() init_jira_plugin()->destroy_jira_plugin() START destroy_jira_plugin(void) g_jira_cfg==NULL init_jira_plugin()->parse_jira_cfg_file() BEGIN parse_jira_cfg_file() g_slice_new key_file != NULL parse_jira_cfg_str(url) parse_jira_cfg_str(user) parse_jira_cfg_str(password) parse_jira_cfg_str(timeout_secs) parse_jira_cfg_str(verbose) g_hash_table_new() g_key_file_get_keys() g_key_file_file_get_string() g_key_file_file_get_string() g_key_file_file_get_string() g_key_file_file_get_string() g_key_file_file_get_string() g_slist_reverse() Segmentation fault (core dumped)

ikeydoherty commented 8 years ago

The revert in master should resolve this, seems I introduced the segfault :]

johnwhiteman commented 8 years ago

Hey, Ikey no problem. Happy it is resolved :). I'll confirm and close on Monday. Stop by the house we are having BBQ and beer.

ikeydoherty commented 8 years ago

Ah wouldn't mind a BBQ tell the truth.. ^^

johnwhiteman commented 8 years ago

Unable to reproduce since this morning, but will keep script going overnight.

vikash5623 commented 8 years ago

Hello Mr ikeydoherty,

I want to know how to view output by running cve-check-tool on rpm,package,moduel. When I try to run following command on source I get

root@vikas-HP-430-Notebook-PC:/home/vikas/Workspace/cve-check-tool-master# cve-check-tool -n -t srpm 389-ds-base-1.2.10.2-18.el6_3.src.rpm warning: /home/vikas/Workspace/cve-check-tool-master/389-ds-base-1.2.10.2-18.el6_3.src.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Scanned 1 source file root@vikas-HP-430-Notebook-PC:/home/vikas/Workspace/cve-check-tool-master#

I didnot wher to view the output.

Thanks & regards Vikash

ikeydoherty commented 8 years ago

Looks like it didn't find any issues, given the name I'm not greatly surprised. Use the "-a" and "-c" flags to show all output and CSV output, for debugging purposes.

vikash5623 commented 8 years ago

Dear Mr ikeydoherty,

Thanks for your reply. But I have few doubt which are as following:- Actually I want to test my module which is written in c/c++ and want to run your tool on my code and need to found out is there any CVE issue are there or not . But problem is when i tried to run your tool on my module it doesnt give any output or report, frankly speaking I dont know how to use it. Even i tried your tool for rpm but still I am not able to view it. It would be great if you help in this. Is it possible to run your tool on particular c/c++ file?

Thanks & regards Vikash

ikeydoherty commented 8 years ago

Hi

A CVE is a Common Vulnerability and Exposure. This is recorded in databases, which means a vulnerability or security issue was encountered in code and reported publicly. cve-check-tool integrates with these databases, and as such examines packaging, not code.