segfault when logging into password protected stream

[tjharman]

If I try to log into a password protected stream via the web GUI, I get a segfault and icecast-kh crashes.

Current commit is 9a172bd8d361319c0e9638bafa3aaab4587655b5

[911063.209102] icecast[2091359]: segfault at 0 ip 00001df52608d6e8 sp 000074aa9c80d060 error 6 in icecast[1df526068000+46000]
[911063.209162] Code: 8b bd b0 00 00 00 48 85 db 0f 84 43 01 00 00 be 3a 00 00 00 48 89 df e8 56 af fd ff 48 85 c0 0f 84 2d 01 00 00 48 8b 44 24 08 <c6> 00 00 4d 85 ff 74 10 48 8b 85 b8 00 00 00 48 85 c0 0f 85 28 03
[911063.209241] grsec: From 192.168.10.22: Segmentation fault occurred at 0000000000000000 in /usr/local/icecast/bin/icecast[icecast:2091359] uid/euid:65534/65534 gid/egid:65534/65534, parent /lib/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0

If I enter the (correct) credentials here, it causes the crash.

Potentially it's the C/LD Flags I'm building with, which are as follows:

CFLAGS='-march=native -O2 -fstack-protector-strong --param ssp-buffer-size=4 -fstack-clash-protection -mindirect-
LDFLAGS='-Wl,-O2 -s -pie -flto'

{8:55}~ ➭ cat /etc/debian_version
11.6

gcc version 10.2.1 20210110 (Debian 10.2.1-6)

Happy to provide any other details that may help.

Really appreciate all the work you do on icecast-kh!

[karlheyes]

just for reference, which auth are you using and any particular settings of interest?

karl

[tjharman]

<mount>
        <mount-name>/np</mount-name>
        <authentication type="htpasswd">
                <option name="filename" value="/usr/local/icecast/etc/np_auth"/>
                <option name="allow_duplicate_users" value="1"/>
        </authentication>
        <hidden>0</hidden>
</mount>

I will rebuild with some sane compiler flags including debugging and try to get a proper crash for you - my apologies I should have thought to do this before I even logged a ticket.

[tjharman]

Here's icecast built with -g only, not stripped etc, run under GDB with "back" executed after I tried to login. I don't know if this helps or not, but I hope it does!

(gdb) back
#0  0x0000174b5c426b8c in client_send_m3u (client=0x6bacac002450, path=0x6bacb0025270 "/np") at client.c:742
#1  0x0000174b5c42fb79 in command_buildm3u (client=0x6bacac002450, mount=0x6bacb0025270 "/np") at admin.c:799
#2  0x0000174b5c42e932 in admin_handle_request (client=0x6bacac002450, uri=0x6bacb002b5b7 "buildm3u") at admin.c:420
#3  0x0000174b5c40d592 in _handle_get_request (client=0x6bacac002450) at connection.c:1848
#4  0x0000174b5c40c60a in http_client_request (client=0x6bacac002450) at connection.c:1456
#5  0x0000174b5c427933 in worker (arg=0x174b5f684640) at client.c:1102
#6  0x0000174b5c44cfb7 in _start_routine (arg=0x174b5f684700) at thread.c:745
#7  0x00006bacc2df4ea7 in ?? ()
#8  0x0000000000000000 in ?? ()

[karlheyes]

that particular point should be fixed now in the master tree now

[tjharman]

I agree, this is fixed, thanks very much @karlheyes!