[Pkg-uml-pkgs] Bug#423167: uml_switch: corrupted unix socket
path-string
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Thu May 10 09:54:00 UTC 2007
Package: uml-utilities
Version: 20060323-3
Severity: normal
Found this in /proc/net/unix:
Num RefCount Protocol Flags Type St Inode Path
f47bfa80: 00000002 00000000 00000000 0002 01 9427 @<junk>
where <junk> is shown in the hex-dump below:
00000000: 6634 3762 6661 3830 3A20 3030 3030 3030 f47bfa80: 000000
00000010: 3032 2030 3030 3030 3030 3020 3030 3030 02 00000000 0000
00000020: 3030 3030 2030 3030 3220 3031 2020 3934 0000 0002 01 94
00000030: 3237 2040 0000 00F9 0E00 00C7 8F07 0000 27 @............
00000040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000090: 0000 0000 0000 0000 0000 0000 0000 000A ................
I see this as a sign of buffer corruption.
ls on /proc/3833/fd/ shows:
lrwx------ 1 uml-net uml-net 64 2007-05-10 09:39 0 -> /dev/null
lrwx------ 1 uml-net uml-net 64 2007-05-10 09:39 1 -> /dev/null
lrwx------ 1 uml-net uml-net 64 2007-05-10 09:39 2 -> /dev/null
lrwx------ 1 uml-net uml-net 64 2007-05-10 09:39 3 -> socket:[9426]
lrwx------ 1 uml-net uml-net 64 2007-05-10 09:39 4 -> socket:[9427]
lsof -U shows:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
uml_switc 3833 uml-net 4u unix 0xf47bfa80 9427 socket
and netstat:
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 9427 @
I suppose they manage that because they read /proc/net/unix linewise.
Older busybox netstat versions (like debian distributed 1:1.1.3-4)
manage that too because they also read /proc/net/unix linewise.
# /bin/busybox netstat -x
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 9427 @
But newer busybox (v1.6.0.svn) netstat changed to read /proc/net/unix
one character at a time using fgets in xmalloc_fgets_str from
libbb/fgets_str.c. In this case, the path string corruption confuses
function unix_do_one in networking/netstat.c which outputs a whole
bunch of "warning, got bogus unix line" error messages.
'/etc/init.d/uml-utilities restart' doesn't change things to the better.
00000000: 6434 6335 3237 3830 3A20 3030 3030 3030 d4c52780: 000000
00000010: 3032 2030 3030 3030 3030 3020 3030 3030 02 00000000 0000
00000020: 3030 3030 2030 3030 3220 3031 2035 3731 0000 0002 01 571
00000030: 3935 3939 3634 2040 0000 0067 4F00 0090 959964 @...gO...
00000040: 9302 0000 0000 0000 0000 0000 0000 0000 ................
00000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000000A0: 0000 000A ....
Path-string size varies, otherwise pretty consistent behaviour.
Cheers,
Cristian
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (99, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US, LC_CTYPE= (charmap=ISO-8859-1)
Versions of packages uml-utilities depends on:
ii adduser 3.102 Add and remove users and groups
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libncurses5 5.5-5 Shared libraries for terminal hand
ii libreadline5 5.2-2 GNU readline and history libraries
ii makedev 2.3.1-83 creates device files in /dev
uml-utilities recommends no packages.
-- no debconf information
More information about the Pkg-uml-pkgs
mailing list