Menu
▾
▴
[Sshguard-users] Fwd: sshguard using 100% CPU
|
From: Sebastian H. <seb...@gm...> - 2009-03-02 15:24:37
|
further investigation shows a problem in blacklist_load():
# cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/sbin/sshguard
==9364== Memcheck, a memory error detector.
==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9364== Using LibVEX rev 1732, a library for dynamic binary translation.
==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9364== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9364== For more details, rerun with: -v
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
==9364== by 0x804D6D5: blacklist_lookup_address (sshguard_blacklist.c:199)
==9364== by 0x804BAD9: report_address (sshguard.c:368)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
==9364== by 0x804BC28: report_address (sshguard.c:372)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9364==
==9364== Syscall param open(filename) points to unaddressable byte(s)
==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
==9364== by 0x804BC28: report_address (sshguard.c:372)
==9364== by 0x804C415: main (sshguard.c:240)
==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
But currently sshguard is not yet running at 100%... It's idle as it should.
---------- Weitergeleitete Nachricht ----------
Betreff: sshguard using 100% CPU
Datum: Montag 02 März 2009
Von: Sebastian Held <seb...@gm...>
An: ssh...@li...
Hello,
sshguard (svn rev. 74 + mod, but same issue is found in pristine rev 74) is started like this:
cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w 192.168.90.86 -w 192.168.90.52 >&/dev/null &
After a short time (around an hour) CPU utilization increases to 100%.
A core dump is attached. There was only one sshguard process running.
Stacktrace:
# gdb /usr/local/sbin/sshguard core.23814
GNU gdb 6.6.50.20070726-cvs
Copyright (C) 2007 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/local/sbin/sshguard'.
#0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
431 for (pos = 0; pos < list_size(& hell); ) {
(gdb) bt full
#0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
now = 1235994775
tmpel = (attacker_t *) 0x8060128
ret = 0
pos = 0
#1 0xb7fc9192 in ?? ()
No symbol table info available.
#2 0x00000000 in ?? ()
No symbol table info available.
(gdb) p *tmpel
$2 = {attack = {address = {value = "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4}, service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
pardontime = 0, numhits = 4}
(gdb)
br,
Sebastian
-------------------------------------------------------
|
