Opened 13 years ago

Closed 12 years ago

#123 closed defect (fixed)

ICMP traffic can kill [segfault] the connection viewer (parser error)

Reported by: photon Owned by: Victor Julien
Priority: major Milestone: 0.8
Component: vuurmuur-conf Version: 0.7
Keywords: conntrack icmp echo ping segmentation fault Cc:


managed to crash vuurmuur_conf with a segmentation fault by sending a single ICMP echo request to the server vuurmuur was running on.

[ vuurmur version is the current 0.7 ( from debian unstable ) ]

this is reproducible. (ICMP type 8 however must have an accept rule or the packets will not appear in conntrack.) if there is a ping running and sending packets to the ip it will even segfault the very moment the connection viewer is being opened.

it apparently did not like the format of the ICMP lines in /proc/net/ip_conntrack, which you can see in the appended debug.log output.

i was finetuning a new ( kernel config and assumed it might have something to do with it. [ however, i just checked the issue on nodes with distro kernels and noticed that they do not show any icmp entries in /proc/net/ip_conntrack so the parser couldn't have run into the string anyway. ]

not sure if it is related but in some (not all) of the cases before the crash the connection viewer printed the following "Internal Error"s:

'Error: parameter problem (in: d_list_remove_node).'

'Error: could not remove node (in: d_list_cleanup:536).'

'Error: cleaning up row 504 failed (in: hash_cleanup).'

[ when that happened and the pings have stopped meanwhile (before closing the error messages), it managed to display the ICMP entry for a second before it got cleaned up. but by sending a new packet it segfaults again. ]

here are the related log entries:

## dmesg output ## ( 'vc' here is a symlink to vuurmuur_conf )

[ 1764.726656] vc[19313]: segfault at 35 ip b76a3152 sp bfc64ea0 error 4 in[b7696000+38000]

# the following 'xxx' bytes in the ip addresses are not in the original log strings ;)

## /var/log/vuurmuur/debug.log ##

12/22/2009 06:40:31 : PID 17269 : vuurmuur_conf : parse_icmp_line: parse error: 'icmp 1 7 type=8 code=0 id=14898 packets=1708 bytes=143472 type=0 code=0 id=14898 packets=1705 bytes=143220 mark=0 secmark=0 use=2 ' 12/22/2009 06:40:31 : PID 17269 : vuurmuur_conf : parse_icmp_line: to dst: 1708P 143472B to src: P B 12/22/2009 06:40:59 : PID 19313 : vuurmuur_conf : parse_icmp_line: parse error: 'icmp 1 29 type=8 code=0 id=39500 packets=1 bytes=84 type=0 code=0 id=39500 packets=1 bytes=84 mark=0 secmark=0 use=2 ' 12/22/2009 06:40:59 : PID 19313 : vuurmuur_conf : parse_icmp_line: to dst: 1P 84B to src: P B

Change History (1)

comment:1 by Victor Julien, 12 years ago

Milestone: undecided0.8
Resolution: fixed
Status: newclosed

Should be fixed by changeset:350. Please reopen if it's still an issue.

Note: See TracTickets for help on using tickets.