Re: [Sshguard-users] sshguard exited on signal 6 (core dumped)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I confirm this bug.

It happens when the pipe to sshguard is closed, and caused by the  
finalization routine
called twice, one implicitly by the OS.

The fix is trivial: replace lines 153-157 in src/sshguard.c
###
     if (fw_fin() != FWALL_OK) sshguard_log(LOG_ERR, "Cound not  
finalize firewall.");

     sshguard_log_fin();

     return 0;
###

with a single call to exit() that will call the finish functions once
###
     exit(0);
###

This has been already integrated in 1.1beta3.

thanks for reporting.

On 24/giu/07, at 11:09, Hans Lambermont wrote:

> Hi all,
>
> I hope coredumping on 'syslogd reload' is not intended behaviour.
>
> System: FreeBSD 6.2-RELEASE, IPFW, sshguard-ipfw-1.0_1, syslog line :
>   auth.info;authpriv.info | exec /usr/local/sbin/sshguard -a 1
>
> ps axgwww | grep sshguard
> 51586  ??  Ss     0:00.01 /usr/local/sbin/sshguard -a 1
>
> /etc/rc.d/syslogd reload
> Reloading syslogd config files.
>
> 10:36:45 sshguard[51586]: Got exit signal, flushing blocked  
> addresses and exiting...
> 10:36:45 kernel: pid 51586 (sshguard), uid 0: exited on signal 6  
> (core dumped)
> 10:36:45 sshguard[55614]: Started successfully [(a,p,s)=(1, 420,  
> 1200)], now ready to scan.
>
> So the old sshguard dumps core, and the new one starts fine
> (and works too:
> 01:30:32 sshguard[55614]: Blocking 221.204.251.32: 2 failures over  
> 4 seconds.
> 01:30:32 sshguard[55614]: running: '/sbin/ipfw add 55021 drop ip  
> from 221.204.251.32 to me'
> 01:39:27 sshguard[55614]: Releasing 221.204.251.32 after 535 seconds.
> 01:39:27 sshguard[55614]: running: '/sbin/ipfw delete 55021'
> )
>
> Here's a backtrace of one of sshguard's coredumps:
>
> gdb /usr/local/sbin/sshguard /sshguard.core
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License,  
> and you are
> welcome to change it and/or distribute copies of it under certain  
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for  
> details.
> This GDB was configured as "i386-marcel-freebsd"...(no debugging  
> symbols found)...
> Core was generated by `sshguard'.
> Program terminated with signal 6, Aborted.
> Reading symbols from /lib/libpthread.so.2...(no debugging symbols  
> found)...done.
> Loaded symbols for /lib/libpthread.so.2
> Reading symbols from /lib/libc.so.6...(no debugging symbols  
> found)...done.
> Loaded symbols for /lib/libc.so.6
> Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols  
> found)...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  0x280a7537 in pthread_testcancel () from /lib/libpthread.so.2
> [New Thread 0x805a400 (sleeping)]
> [New Thread 0x805a200 (LWP 100231)]
> [New Thread 0x805a000 (LWP 100234)]
> (gdb) bt
> #0  0x280a7537 in pthread_testcancel () from /lib/libpthread.so.2
> #1  0x2809689a in sigaction () from /lib/libpthread.so.2
> #2  0x2809088d in pthread_kill () from /lib/libpthread.so.2
> #3  0x28090256 in raise () from /lib/libpthread.so.2
> #4  0x28169b78 in abort () from /lib/libc.so.6
> #5  0x28106fdb in _UTF8_init () from /lib/libc.so.6
> #6  0xbfbfef58 in ?? ()
> #7  0x28170dd3 in sys_nsig () from /lib/libc.so.6
> #8  0x28170cd3 in sys_nsig () from /lib/libc.so.6
> #9  0x28170d30 in sys_nsig () from /lib/libc.so.6
> #10 0x00000000 in ?? ()
> #11 0x2817bd80 in ?? () from /lib/libc.so.6
> #12 0xbfbfed18 in ?? ()
> #13 0x28107009 in _UTF8_init () from /lib/libc.so.6
> #14 0x2817bd80 in ?? () from /lib/libc.so.6
> #15 0x08050bb0 in optarg ()
> #16 0xbfbfedc8 in ?? ()
> #17 0x28107d69 in _UTF8_init () from /lib/libc.so.6
> #18 0x00000000 in ?? ()
> #19 0xbfbfed64 in ?? ()
> #20 0x2807b200 in ?? ()
> #21 0x0104887f in ?? ()
> #22 0x0bea6495 in ?? ()
> #23 0x280bef6a in ?? () from /lib/libc.so.6
> #24 0x28074558 in ?? () from /libexec/ld-elf.so.1
> #25 0x280aa4b4 in ?? () from /lib/libpthread.so.2
> #26 0x08052800 in ?? ()
> #27 0x00000000 in ?? ()
> #28 0x00000000 in ?? ()
> #29 0x00000000 in ?? ()
> #30 0x28170dc5 in sys_nsig () from /lib/libc.so.6
> #31 0x00000001 in ?? ()
> #32 0xbfbfed9c in ?? ()
> #33 0x280a83d1 in __error () from /lib/libpthread.so.2
> Previous frame inner to this frame (corrupt stack?)
>
> I hope this is enough info, I can make a debug build if needed.
>
> So, is coredumping on 'syslogd reload' intended or is this a bug,  
> or am
> I doing something wrong ?
>
> regards,
>   Hans Lambermont
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users

Re: [Sshguard-users] sshguard exited on signal 6 (core dumped)

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] sshguard exited on signal 6 (core dumped)