Debian Bug report logs - #872507
[ifcico] ifcico segfaults when started

version graph

Package: ifcico; Maintainer for ifcico is Marco d'Itri <md@linux.it>; Source for ifcico is src:ifmail (PTS, buildd, popcon).

Reported by: Ingo Juergensmann <ij@2013.bluespice.org>

Date: Thu, 17 Aug 2017 21:36:01 UTC

Severity: normal

Found in version ifmail/2.14tx8.10-23

Fixed in version ifmail/2.14tx8.10-25

Done: Marco d'Itri <md@linux.it>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#872507; Package ifcico. (Thu, 17 Aug 2017 21:36:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ingo Juergensmann <ij@2013.bluespice.org>:
New Bug report received and forwarded. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 17 Aug 2017 21:36:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ingo Juergensmann <ij@2013.bluespice.org>
To: submit@bugs.debian.org
Subject: [ifcico] ifcico segfaults when started
Date: Thu, 17 Aug 2017 23:03:16 +0200
Package: ifcico
Version: 2.14tx8.10-23
Severity: normal

--- Please enter the report below this line. ---

Hi!

I'm trying to get my Fido node running again with modem line.

When invoked by mgetty, ifcico segfaults:

08/17 22:57:03 yS0   got:  12000/ARQ/V42b[0d]
08/17 22:57:03 yS0    CND: CONNECT 12000/ARQ/V42b
08/17 22:57:03 yS0    CND: found: 12000/ARQ/V42b[0a] ** found **
08/17 22:57:03 yS0   waiting for line to clear (VTIME=3), read:  [0d] [0d]
08/17 22:57:03 yS0  warning: carrier signal is ignored
08/17 22:57:03 yS0    looking for utmp entry... (my PID: 23668)
08/17 22:57:04 yS0   tio_set_flow_control( HARD )
08/17 22:57:04 yS0   print welcome banner (/etc/issue.mgetty)
08/17 22:57:04 yS0   getlogname (FIDO AUTO_PPP), read: [0d]
08/17 22:57:04 yS0   input finished with '\r', setting ICRNL ONLCR
08/17 22:57:04 yS0   tio_set_flow_control( HARD )
08/17 22:57:04 yS0   print welcome banner (/etc/issue.mgetty)
08/17 22:57:04 yS0   getlogname (FIDO AUTO_PPP), read: [0d]
08/17 22:57:04 yS0   input finished with '\r', setting ICRNL ONLCR
08/17 22:57:04 yS0   tio_set_flow_control( HARD )
08/17 22:57:04 yS0   print welcome banner (/etc/issue.mgetty)
08/17 22:57:04 yS0   getlogname (FIDO AUTO_PPP), read:**EMSI_
08/17 22:57:04 yS0   got EMSI signature
08/17 22:57:04 yS0   input finished with '\r', setting ICRNL ONLCR
08/17 22:57:04 yS0   tio_get_rs232_lines: status: RTS CTS DSR DTR DCD
08/17 22:57:04 yS0    login: use login config file /etc/mgetty/login.config
08/17 22:57:04 yS0   match: user='_**EMSI_INQC816', key=''
08/17 22:57:04 yS0   match: user='_**EMSI_INQC816', key='/FIDO/'*** hit!
08/17 22:57:04 yS0   login: utmp entry: ftn
08/17 22:57:04 yS0    looking for utmp entry... (my PID: 23668)
08/17 22:57:04 yS0   login: user id: uucp (uid 10, gid 10)
08/17 22:57:04 yS0   calling login: cmd='/usr/lib/ifmail/ifcico',
argv[]='ifcico **EMSI_INQC816'
08/17 22:57:04 yS0   setenv: 'CALLER_ID=none'
08/17 22:57:04 yS0   setenv: 'CONNECT=12000/ARQ/V42b'
08/17 22:57:04 yS0   setenv: 'DEVICE=ttyS0'
08/17 22:57:04 ##### data dev=ttyS0, pid=23668, caller='none',
conn='12000/ARQ/V42b', name='', cmd='/usr/lib/ifmail/ifcico',
user='**EMSI_INQC816'

==> /var/log/syslog <==
Aug 17 22:57:04 muaddib systemd[1]: mgetty.service: Main process exited,
code=killed, status=11/SEGV
Aug 17 22:57:04 muaddib systemd[1]: mgetty.service: Unit entered failed
state.
Aug 17 22:57:04 muaddib systemd[1]: mgetty.service: Failed with result
'signal'.
Aug 17 22:57:04 muaddib kernel: [2389715.757624] ifcico[23668]: segfault
at 0 ip 000055bf88ec2493 sp 00007ffd1d0b2490 error 6 in
ifcico[55bf88eb9000+3e000]
Aug 17 22:57:04 muaddib systemd[1]: mgetty.service: Service hold-off
time over, scheduling restart.
Aug 17 22:57:04 muaddib systemd[1]: Stopped Smart Modem Getty(mgetty).
Aug 17 22:57:04 muaddib systemd[1]: Started Smart Modem Getty(mgetty).


If even segfaults when called from command line:

#  /usr/lib/ifmail/ifcico
Segmentation fault

Strace shows this:

write(2, "creating directory tree for \"/va"..., 54) = 54
mkdir("/var", 0700)                     = -1 EEXIST (File exists)
write(2, "mkdir(\"/var\") errno 17\n", 23) = 23
mkdir("/var/spool", 0700)               = -1 EEXIST (File exists)
write(2, "mkdir(\"/var/spool\") errno 17\n", 29) = 29
mkdir("/var/spool/ftn", 0700)           = -1 EEXIST (File exists)
write(2, "mkdir(\"/var/spool/ftn\") errno 17"..., 33) = 33
mkdir("/var/spool/ftn/inb", 0700)       = -1 EEXIST (File exists)
write(2, "mkdir(\"/var/spool/ftn/inb\") errn"..., 37) = 37
mkdir("/var/spool/ftn/inb/tmp", 0700)   = -1 EEXIST (File exists)
write(2, "mkdir(\"/var/spool/ftn/inb/tmp\") "..., 41) = 41
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 4), ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/4", 4095) = 10
stat("/dev/pts/4", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 4), ...}) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 4), ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/4", 4095) = 10
stat("/dev/pts/4", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 4), ...}) = 0
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2335, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2335, ...}) = 0
read(3,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0\0\0"..., 4096)
= 2335
lseek(3, -1476, SEEK_CUR)               = 859
read(3,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0\0\0"..., 4096)
= 1476
close(3)                                = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV +++
Segmentation fault


... and gdb this:

(gdb) r
Starting program: /usr/lib/ifmail/ifcico

Program received signal SIGSEGV, Segmentation fault.
0x000055555555d493 in ?? ()
(gdb) bt
#0  0x000055555555d493 in ?? ()
#1  0x000055555555e5c9 in ?? ()
#2  0x000055555555eb19 in ?? ()
#3  0x000055555555fb0b in ?? ()
#4  0x000055555556ccfc in ?? ()
#5  0x000055555555f997 in ?? ()
#6  0x000055555555b4ec in ?? ()
#7  0x00007ffff78572b1 in __libc_start_main () from
/lib/x86_64-linux-gnu/libc.so.6
#8  0x000055555555b83a in ?? ()
(gdb)

Do you have any idea what might be going on?

Ingo
2:2452/413 ;)

--- System information. ---
Architecture: Kernel:       Linux 4.9.0-3-amd64

Debian Release: buster/sid
  500 unstable        www.deb-multimedia.org   500 unstable
ftp.de.debian.org   500 unstable        download.jitsi.org
--- Package information. ---
Depends               (Version) | Installed
===============================-+-===========
libc6                 (>= 2.14) | libgdbm3             (>= 1.8.3) |
ifmail                          | openbsd-inetd                   |  OR
inet-superserver            |

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net
Please don't share this address with Facebook or Google!
gpg pubkey: http://www.juergensmann.de/ij_public_key.asc

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#872507; Package ifcico. (Wed, 30 Aug 2017 21:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Ingo Jürgensmann <ij@2017.bluespice.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 30 Aug 2017 21:12:05 GMT) (full text, mbox, link).

Message #10 received at 872507@bugs.debian.org (full text, mbox, reply):

From: Ingo Jürgensmann <ij@2017.bluespice.org>
To: 872507@bugs.debian.org
Cc: md@debian.org
Subject: Config option causes segfault
Date: Wed, 30 Aug 2017 22:34:44 +0200
Hi Marco!

With the help of Kees in Linux echomail area I found out that the following config option causes the segfault: 

options                (time Any0000-2359) NoHold

When commenting this out, ifcico is working as expected. As this is not an easy to find error, I’d like to recommend to change the default config accordingly. 

-- 
Ciao...          //        http://blog.windfluechter.net
      Ingo     \X/     XMPP: ij@jabber.windfluechter.net
	
gpg pubkey:  http://www.juergensmann.de/ij_public_key.asc

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#872507; Package ifcico. (Sat, 10 Aug 2019 12:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Björn Wiberg <bjorn.wiberg@outlook.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 10 Aug 2019 12:09:03 GMT) (full text, mbox, link).

Message #15 received at 872507@bugs.debian.org (full text, mbox, reply):

From: Björn Wiberg <bjorn.wiberg@outlook.com>
To: "872507@bugs.debian.org" <872507@bugs.debian.org>
Subject: Re: Config option causes segfault
Date: Sat, 10 Aug 2019 12:07:52 +0000
[Message part 1 (text/plain, inline)]
Hello Ingo (& Marco)!

On Wed, 30 Aug 2017 22:34:44 +0200 =?utf-8?Q?Ingo_J=C3=BCrgensmann?= <ij@2017.bluespice.org> wrote:
> With the help of Kees in Linux echomail area I found out that the following config option causes the segfault:
>
> options                (time Any0000-2359) NoHold
>
> When commenting this out, ifcico is working as expected. As this is not an easy to find error, I’d like to recommend to change the default config accordingly.

I would also like to point out that from the strace output one is led to believe that /etc/localtime appears is a major part of the problem, but having ”options …” without any time-based conditions (e.g.  having only ”options NoHold”) does not always help either. Like Ingo said, removing all ”options …” is a good start, but on my system, it segfaults as soon as I have one or more ”options …” lines AND/OR ”verbose 1” (or a higher verbosity setting).

So turning on debug output changes the behavior, too.

It sounds very much like some buffer out-of-bounds problem, although to pinpoint it in the source code is easier said than done.
But perhaps adding ”verbose 1” (if this also breaks things for you) might help someone to spot the error.

Best regards
Björn

[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#872507; Package ifcico. (Sat, 24 Aug 2019 00:06:03 GMT) (full text, mbox, link).

Acknowledgement sent to Marco d'Itri <md@Linux.IT>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 24 Aug 2019 00:06:03 GMT) (full text, mbox, link).

Message #20 received at 872507@bugs.debian.org (full text, mbox, reply):

From: Marco d'Itri <md@Linux.IT>
To: Ingo Jürgensmann <ij@2017.bluespice.org>, 872507@bugs.debian.org
Subject: Re: Bug#872507: Config option causes segfault
Date: Sat, 24 Aug 2019 02:01:18 +0200
[Message part 1 (text/plain, inline)]
On Aug 30, Ingo Jürgensmann <ij@2017.bluespice.org> wrote:

> When commenting this out, ifcico is working as expected. As this is not an easy to find error, I’d like to recommend to change the default config accordingly. 
It segfaults in the parser, but I know nothing about flex so I cannot 
fix it.
I suppose that something changed in flex long ago and broke this ancient 
code.

Program received signal SIGSEGV, Segmentation fault.
0x000055555555de4f in yylex () at lex.yy.c:813
813			*yy_cp = (yy_hold_char);
(gdb) where
#0  0x000055555555de4f in yylex () at lex.yy.c:813
#1  0x000055555555d40a in yyparse () at y.tab.c:1218
#2  0x00005555555605f2 in flagexp (expr=0x5555555b34e0 "time Any0000-2359", 
    nl=0x5555555a3360 <nodebuf>) at flagexp.y:128
#3  0x0000555555561a47 in get_modem_string (ms=0x5555555b34c0, 
    nlent=0x5555555a3360 <nodebuf>) at modemstr.c:11
#4  0x0000555555573844 in rdoptions (nlent=0x5555555a3360 <nodebuf>)
    at rdoptions.c:44
#5  0x00005555555618c8 in answer (stype=0x0) at answer.c:39
#6  0x000055555555c289 in main (argc=3, argv=0x7fffffffdf98, 
    envp=0x7fffffffdfb8) at ifcico.c:258

(gdb) frame 2

(gdb) p *nl
$5 = {addr = {name = 0x0, point = 0, node = 0, net = 0, zone = 0, 
    domain = 0x0}, hub = 0, type = 0 '\000', pflag = 4 '\004', 
  name = 0x5555555905ce "Unknown", location = 0x5555555905d6 "Nowhere", 
  sysop = 0x5555555905de "Sysop", phone = 0x0, speed = 2400, flags = 0, 
  uflags = {0x0 <repeats 16 times>}}

(gdb) p expr
$7 = 0x5555555b34e0 "time Any0000-2359"

-- 
ciao,
Marco

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#872507; Package ifcico. (Sun, 25 Aug 2019 15:45:22 GMT) (full text, mbox, link).

Acknowledgement sent to Göran Weinholt <goran@weinholt.se>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 25 Aug 2019 15:45:22 GMT) (full text, mbox, link).

Message #25 received at 872507@bugs.debian.org (full text, mbox, reply):

From: Göran Weinholt <goran@weinholt.se>
To: Marco d'Itri <md@Linux.IT>
Cc: Ingo Jürgensmann <ij@2017.bluespice.org>, 872507@bugs.debian.org
Subject: Re: Bug#872507: Config option causes segfault
Date: Sun, 25 Aug 2019 17:16:20 +0200
Marco d'Itri <md@Linux.IT> writes:

> On Aug 30, Ingo Jürgensmann <ij@2017.bluespice.org> wrote:
>
>> When commenting this out, ifcico is working as expected. As this is not an easy to find error, I’d like to recommend to change the default config accordingly. 
> It segfaults in the parser, but I know nothing about flex so I cannot 
> fix it.
> I suppose that something changed in flex long ago and broke this ancient 
> code.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x000055555555de4f in yylex () at lex.yy.c:813
> 813			*yy_cp = (yy_hold_char);

yy_cp is NULL because of these lines in ifcico/flagexp.y:

| #ifdef FLEX_SCANNER  /* flex requires reinitialization */
| 	yy_init=1;
| #endif

In the generated flaglex.c, setting yy_init to 1 inhibits
initialization:

| static int yy_init = 0;		/* whether we need to initialize */
...
| 	if ( !(yy_init) )
| 		{
| 		(yy_init) = 1;
...

Regards,

-- 
Göran Weinholt
https://weinholt.se/

Reply sent to Marco d'Itri <md@linux.it>:
You have taken responsibility. (Sun, 25 Aug 2019 23:39:04 GMT) (full text, mbox, link).

Notification sent to Ingo Juergensmann <ij@2013.bluespice.org>:
Bug acknowledged by developer. (Sun, 25 Aug 2019 23:39:05 GMT) (full text, mbox, link).

Message #30 received at 872507-close@bugs.debian.org (full text, mbox, reply):

From: Marco d'Itri <md@linux.it>
To: 872507-close@bugs.debian.org
Subject: Bug#872507: fixed in ifmail 2.14tx8.10-25
Date: Sun, 25 Aug 2019 23:34:26 +0000
Source: ifmail
Source-Version: 2.14tx8.10-25

We believe that the bug you reported is fixed in the latest version of
ifmail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 872507@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco d'Itri <md@linux.it> (supplier of updated ifmail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Aug 2019 01:08:43 +0200
Source: ifmail
Architecture: source
Version: 2.14tx8.10-25
Distribution: unstable
Urgency: medium
Maintainer: Marco d'Itri <md@linux.it>
Changed-By: Marco d'Itri <md@linux.it>
Closes: 872507 929239 933938
Changes:
 ifmail (2.14tx8.10-25) unstable; urgency=medium
 .
   * Fixed a segfault in the ifcico configuration parser.
     Thanks to Göran Weinholt for the help. (Closes: #872507)
   * Fixed the command line for tfido in inetd.conf. (Closes: #933938)
   * Fixed cross compilation, thanks to Helmut Grohne. (Closes: #929239)
Checksums-Sha1:
 81755b545d81dce29e35ce77488a9c907d6faf15 1765 ifmail_2.14tx8.10-25.dsc
 a7417bf5010fa375db8ad5e8c4530d2e3db14ce6 40356 ifmail_2.14tx8.10-25.debian.tar.xz
 647d936fb1aabf2ac5329cb878fc2c3a773dc132 6702 ifmail_2.14tx8.10-25_amd64.buildinfo
Checksums-Sha256:
 9731652a974155834fdae440666c605e9a839005bdf92955e0e62c0099e61db8 1765 ifmail_2.14tx8.10-25.dsc
 f3727c560502960deb9dfec0b3260fb6d75b76b155ec5b6f28155344be9e6ba2 40356 ifmail_2.14tx8.10-25.debian.tar.xz
 92fd285a8cfcdd8caa74e0778134192c8f6dc9ae839f78d7c9ced6b07e90bbf8 6702 ifmail_2.14tx8.10-25_amd64.buildinfo
Files:
 1f2e571902583e58b0d2bb061436cc4b 1765 comm optional ifmail_2.14tx8.10-25.dsc
 0850b6b281d42a590ac7ea3eecf2fa56 40356 comm optional ifmail_2.14tx8.10-25.debian.tar.xz
 7b61800e07b9d9487a155d3095de33ae 6702 comm optional ifmail_2.14tx8.10-25_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEGBsIcS5ipP0URKfyK/WlwSLE96QFAl1jFwwACgkQK/WlwSLE
96SAFgv/YCzpTi9ejfY2psRBMGGBTWq40Ric9ttrHoERuEh3tMww4rw9wVyoNb12
zpp1yzqoxXQeNOBqJgXEkxKBXPWeDKCsc1u4mIhyk2pKofvwY93tYTz6PDUdbclK
dUR8VsRuwC7D7eJ8t2sx5Wan0FNv49hjYYL1gm5QFOI/+WzliNGe5ZC7HmiZOi+f
+lnsZ4a8VYHVvznwp1bhAU93j7ID32iH+kYFVYGYDWgYV+Qif1k8pCTIYtRailDp
Rf3DezfI7CaSMVRSixWbv2GSPi5VcpYxFXtshI/mLxRSJb4UnNdlYQhGI5cPmWqi
kAN0zFvt7oD3yWjQSvuCimWQ1P74X0PxsqiCzQw9PMACubn61pVNRuz6V9WOKAf9
EuekwFuwyBQQ3dsnK2rqiPbDWgMwL9N0SNMSOC+VpZJiJmCBT/x7S33Qd7RPJrjg
zqykvSkjS4Er79RjsLkqU0BRjieYX4eWD0JY56ycyDFNPGzFL3bR66n21fm82wUC
5CCptFOP
=+o/U
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Sep 2019 07:25:11 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jan 26 17:28:33 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.