search

jow- / nlbwmon

Simple conntrack based traffic accounting
ISC License
154 stars 34 forks source link

"stack smashing detected" when built on a non-embedded system #13

Closed zorun closed 7 years ago

zorun commented 7 years ago

I tried to use nlbwmon on a "fully-fledged" Linux system, with glibc, libnl, etc (Arch Linux x86_64).

However, it either does nothing at all or crashes almost immediately, for instance:

# nlbwmon -i 10s -r 1s -s 172.23.184.64/26
Interval: 20170901 - Usage: 40/12840 Bytes                                          

*** stack smashing detected ***: <unknown> terminated                               
Aborted (core dumped)

This is on a laptop: 172.23.184.64/26 is my local network, connected on wlan0. When I pass -s 0.0.0.0/0 nlbwmon does not crash, but it seems to do nothing.

Here is a backtrace of the crash:

#0  0x00007f1a6908d8a0 in raise () from /usr/lib/libc.so.6                          
#1  0x00007f1a6908ef09 in abort () from /usr/lib/libc.so.6                          
#2  0x00007f1a690d0517 in __libc_message () from /usr/lib/libc.so.6                 
#3  0x00007f1a691606bf in __fortify_fail_abort () from /usr/lib/libc.so.6           
#4  0x00007f1a69160682 in __stack_chk_fail_local () from /usr/lib/libc.so.6         
#5  0x000055f7ab783ab5 in ipaddr_parse (msg=0x55f7ad886770, arg=0x7ffe41144320) at /home/zorun/tmp/nlbwmon/neigh.c:190                                                  
#6  0x00007f1a6983f5f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200        
#7  0x00007f1a6983fa29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200               
#8  0x000055f7ab783bc1 in ipaddr_to_ifindex (family=2, addr=0x7ffe41144384) at /home/zorun/tmp/nlbwmon/neigh.c:213                                                      
#9  0x000055f7ab783ee5 in update_macaddr (family=2, addr=0x7ffe41144450) at /home/zorun/tmp/nlbwmon/neigh.c:302                                                         
#10 0x000055f7ab7847d2 in parse_event (reply=0x55f7ad886670, len=164, allow_insert=false, update_mac=true) at /home/zorun/tmp/nlbwmon/nfnetlink.c:204                   
#11 0x000055f7ab7849b1 in handle_dump (msg=0x55f7ad8808d0, arg=0x7ffe411445ec) at /home/zorun/tmp/nlbwmon/nfnetlink.c:243                                               
#12 0x00007f1a6983f5f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200        
#13 0x00007f1a6983fa29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200               
#14 0x000055f7ab784ca5 in nfnetlink_dump (allow_insert=false) at /home/zorun/tmp/nlbwmon/nfnetlink.c:381                                                                
#15 0x000055f7ab7850fe in handle_refresh (tm=0x55f7ab98a960 <refresh_tm>) at /home/zorun/tmp/nlbwmon/nlbwmon.c:154                                                      
#16 0x00007f1a69a53c30 in uloop_run_timeout () from /usr/lib/libubox.so             
#17 0x000055f7ab784d4a in uloop_run () at /usr/include/libubox/uloop.h:111          
#18 0x000055f7ab785953 in server_main (argc=7, argv=0x7ffe41144908) at /home/zorun/tmp/nlbwmon/nlbwmon.c:364                                                            
#19 0x000055f7ab7859cb in main (argc=7, argv=0x7ffe41144908) at /home/zorun/tmp/nlbwmon/nlbwmon.c:377

Full backtrace:

#5  0x000055f7ab783ab5 in ipaddr_parse (msg=0x55f7ad886770, arg=0x7ffe41144320) at /home/zorun/tmp/nlbwmon/neigh.c:190
        hdr = 0x55f7ad8867c0
        ifa = 0x55f7ad8867d0
        addr = 0x55f7ad8867e0
        tb = {0x0, 0x55f7ad8867d8, 0x55f7ad8867e0, 0x55f7ad8867e8, 0x0, 0x0, 0x55f7ad8867f8, 0x0, 0x55f7ad8867f0}
        query = 0x7ffe41144320
#6  0x00007f1a6983f5f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200                                                                                           
No symbol table info available.                                                                                                                                        
#7  0x00007f1a6983fa29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200                                                                                                  
No symbol table info available.                                                                                                                                        
#8  0x000055f7ab783bc1 in ipaddr_to_ifindex (family=2, addr=0x7ffe41144384) at /home/zorun/tmp/nlbwmon/neigh.c:213                                                     
        query = {family = 2, addr = 0x7ffe41144384, ifindex = 0}                                                                                                       
        ifa = {ifa_family = 2 '\002', ifa_prefixlen = 0 '\000', ifa_flags = 0 '\000', ifa_scope = 0 '\000', ifa_index = 0}                                             
        msg = 0x55f7ad886720                                                                                                                                           
#9  0x000055f7ab783ee5 in update_macaddr (family=2, addr=0x7ffe41144450) at /home/zorun/tmp/nlbwmon/neigh.c:302                                                        
        ptr = 0x55f7ab98a6f0 <subnets>                                                                                                                                 
        key = {u32 = {2, 1622677420, 0, 0, 0}, data = {family = 2 '\002', addr = {in = {s_addr = 1622677420}, in6 = {__in6_u = {                                       
                  __u6_addr8 = "\254\027\270`", '\000' <repeats 11 times>, __u6_addr16 = {6060, 24760, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {1622677420, 0, 0, 0}}}}}}     
        res = 0x0                                                                                                                                                      
        ifindex = 2   
#10 0x000055f7ab7847d2 in parse_event (reply=0x55f7ad886670, len=164, allow_insert=false, update_mac=true) at /home/zorun/tmp/nlbwmon/nfnetlink.c:204                  
        hdr = 0x55f7ad886670                                                                                                                                           
        gnlh = 0x55f7ad886680                                                                                                                                          
        attr = {0x0, 0x55f7ad886684, 0x55f7ad8866b8, 0x55f7ad8866ec, 0x0, 0x0, 0x0, 0x55f7ad8866f4, 0x55f7ad8866fc, 0x0, 0x0, 0x55f7ad88670c, 0x55f7ad886704,          
          0x0 <repeats 12 times>}                                                                                                                                      
        tuple = {0x0, 0x55f7ad8866bc, 0x55f7ad8866d0, 0x0}                                                                                                             
        counters = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}                                                                                                                      
        r = {family = 2 '\002', proto = 0 '\000', dst_port = 0, src_mac = {ea = {ether_addr_octet = "\000\000\000\000\000"}, u64 = 0}, src_addr = {in6 = {__in6_u = {  
                __u6_addr8 = "`\270\027\254", '\000' <repeats 11 times>, __u6_addr16 = {47200, 44055, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2887235680, 0, 0, 0}}}, in = { 
              s_addr = 2887235680}}, count = 0, out_pkts = 0, out_bytes = 0, in_pkts = 0, in_bytes = 0, node = {list = {next = 0x0, prev = 0x0}, parent = 0x0,         
            left = 0x0, right = 0x0, key = 0x0, balance = 0 '\000', leader = false}}
        orig_saddr = {__in6_u = {__u6_addr8 = "`\270\027\254", '\000' <repeats 11 times>, __u6_addr16 = {47200, 44055, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2887235680,   
              0, 0, 0}}}                                                                                                                                               
        orig_daddr = {__in6_u = {__u6_addr8 = "\032\225\340[", '\000' <repeats 11 times>, __u6_addr16 = {38170, 23520, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {1541444890,   
              0, 0, 0}}}                                                                                                                                               
        reply_saddr = {__in6_u = {__u6_addr8 = "\032\225\340[", '\000' <repeats 11 times>, __u6_addr16 = {38170, 23520, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {1541444890,  
              0, 0, 0}}}                                                                                                                                               
        reply_daddr = {__in6_u = {__u6_addr8 = "`\270\027\254", '\000' <repeats 11 times>, __u6_addr16 = {47200, 44055, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2887235680,  
              0, 0, 0}}}                                                                                                                                               
        orig_pkts = 0                                                                                                                                                  
        orig_bytes = 0                                                                                                                                                 
        reply_pkts = 0                                                                                                                                                 
        reply_bytes = 0                                                                                                                                                
#11 0x000055f7ab7849b1 in handle_dump (msg=0x55f7ad8808d0, arg=0x7ffe411445ec) at /home/zorun/tmp/nlbwmon/nfnetlink.c:243                                              
        hdr = 0x55f7ad886670                                                                                                                                           
        allow_insert = 0x7ffe411445ec                                                                                                                                  
#12 0x00007f1a6983f5f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200                                                                                           
No symbol table info available.
#13 0x00007f1a6983fa29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200
No symbol table info available.
#14 0x000055f7ab784ca5 in nfnetlink_dump (allow_insert=false) at /home/zorun/tmp/nlbwmon/nfnetlink.c:381                                                               
        req = 0x55f7ad880880                                                                                                                                           
        cb = 0x55f7ad882570                                                                                                                                            
        tuple = 0x55f7ad881574                                                                                                                                         
        ip = 0x55f7ad881578                                                                                                                                            
        proto = 0x55f7ad881578                                                                                                                                         
        hdr = {nfgen_family = 0 '\000', version = 0 '\000', res_id = 0}                                                                                                
        err = -11
zorun commented 7 years ago

I still have the exact same backtrace with 64a9e8e6e64385df68da9595cf1ffd7e8e36e981 :/ (except for the different line offsets in nlbwmon source, obviously)

(gdb) bt                                                                                                                                                               
#0  0x00007f1d1e7b68a0 in raise () from /usr/lib/libc.so.6
#1  0x00007f1d1e7b7f09 in abort () from /usr/lib/libc.so.6
#2  0x00007f1d1e7f9517 in __libc_message () from /usr/lib/libc.so.6
#3  0x00007f1d1e8896bf in __fortify_fail_abort () from /usr/lib/libc.so.6
#4  0x00007f1d1e889682 in __stack_chk_fail_local () from /usr/lib/libc.so.6
#5  0x000055be18251b37 in ipaddr_parse (msg=<optimized out>, arg=0x7ffd30045840) at /home/zorun/tmp/nlbwmon/neigh.c:197
#6  0x00007f1d1f1745f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200
#7  0x00007f1d1f174a29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200
#8  0x000055be182518af in ipaddr_to_ifindex (family=family@entry=2, addr=addr@entry=0x7ffd30045874) at /home/zorun/tmp/nlbwmon/neigh.c:220
#9  0x000055be18251e77 in update_macaddr (family=2, addr=addr@entry=0x7ffd30045920) at /home/zorun/tmp/nlbwmon/neigh.c:309
#10 0x000055be182525c8 in parse_event (reply=<optimized out>, len=<optimized out>, allow_insert=false, update_mac=update_mac@entry=true)
    at /home/zorun/tmp/nlbwmon/nfnetlink.c:211
#11 0x000055be182526a3 in handle_dump (msg=<optimized out>, arg=0x7ffd30045abc) at /home/zorun/tmp/nlbwmon/nfnetlink.c:250
#12 0x00007f1d1f1745f9 in nl_recvmsgs_report () from /usr/lib/libnl-3.so.200
#13 0x00007f1d1f174a29 in nl_recvmsgs () from /usr/lib/libnl-3.so.200
#14 0x000055be182528f7 in nfnetlink_dump (allow_insert=<optimized out>) at /home/zorun/tmp/nlbwmon/nfnetlink.c:388
#15 0x000055be18252c75 in handle_refresh (tm=<optimized out>) at /home/zorun/tmp/nlbwmon/nlbwmon.c:154
#16 0x00007f1d1ed54c30 in uloop_run_timeout () from /usr/lib/libubox.so
#17 0x000055be182530d2 in uloop_run () at /usr/include/libubox/uloop.h:111
#18 server_main (argc=<optimized out>, argv=<optimized out>) at /home/zorun/tmp/nlbwmon/nlbwmon.c:364
#19 0x000055be182532a8 in main (argc=7, argv=0x7ffd30045d68) at /home/zorun/tmp/nlbwmon/nlbwmon.c:377
a7ypically commented 6 years ago

Same here. The issue is that nlmsg_parse() expects to get an array of [max+1]. The call in neigh_parse() is ok but the other two in ipaddr_parse() and link_parse() are given an array of [max] instead of [max+1]. Changing that fixed the crashes for me.