<div dir="ltr"><div><div><div>I think I've just run into this same https / RHEV SSL certificate crashing Xymonnet issue. I've emailed everyone offline, but I thought I'd also drop a message here, in case anyone else has run into it, or I missed something about a resolution. I've confirmed that this problem is not triggered on non-RHEV sites.<br><br></div>I'm using the terabithia RPMs on Scientific Linux.<br><br></div>Regards,<br></div>Thomas Leavitt<br><div><div><div><div><br>file core.4818<br>core.4818: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from 'xymonnet --report --ping --checkresponse'<br><br>gdb /usr/libexec/xymon/xymonnet core.4818<br>GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7<br>Copyright (C) 2013 Free Software Foundation, Inc.<br>License GPLv3+: GNU GPL version 3 or later <<a href="http://gnu.org/licenses/gpl.html">http://gnu.org/licenses/gpl.html</a>><br>This is free software: you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br>and "show warranty" for details.<br>This GDB was configured as "x86_64-redhat-linux-gnu".<br>For bug reporting instructions, please see:<br><<a href="http://www.gnu.org/software/gdb/bugs/">http://www.gnu.org/software/gdb/bugs/</a>>...<br>Reading symbols from /usr/libexec/xymon/xymonnet...Reading symbols from /usr/libexec/xymon/xymonnet...(no debugging symbols found)...done.<br>(no debugging symbols found)...done.<br>[New LWP 4818]<br>[Thread debugging using libthread_db enabled]<br>Using host libthread_db library "/lib64/libthread_db.so.1".<br>Core was generated by `xymonnet --report --ping --checkresponse'.<br>Program terminated with signal 6, Aborted.<br>#0 0x00007f9942cf65f7 in raise () from /lib64/libc.so.6<br>Missing separate debuginfos, use: debuginfo-install xymon-4.3.24-3.el7.x86_64<br><br><br></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 17, 2014 at 9:57 PM, Jeremy Laidman <span dir="ltr"><<a href="mailto:jlaidman@rebel-it.com.au" target="_blank">jlaidman@rebel-it.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 17 July 2014 19:57, Ing. Mario De Chenno <span dir="ltr"><<a href="mailto:mario.dechenno@unina2.it" target="_blank">mario.dechenno@unina2.it</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><u></u>
<div><div>
4.3.17<br></div></div></blockquote><div><br></div><div>OK, I think it's a bug caused by a malformed certificate. In this line:</div><div><br></div><div><font color="#000000"><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">certstart</span><span style="font-family:monospace,sans-serif;font-size:12.727272033691406px;line-height:18px;white-space:pre-wrap;background-color:rgb(248,248,248)"> </span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">=</span><span style="font-family:monospace,sans-serif;font-size:12.727272033691406px;line-height:18px;white-space:pre-wrap;background-color:rgb(248,248,248)"> </span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">strdup</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">(</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">xymon_ASN1_UTCTIME</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">(</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">X509_get_notBefore</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">(</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">peercert</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">)));</span></font></div>
<br>strdup() will segfault if it gets a null parameter. xymon_ASN1_UTCTIME() returns a null parameter if X509_get_notBefore() returns a value that's too small in size, and perhaps if it returns null.<br><br>I think something like this would be better:<br>
<font face="courier new, monospace"><br></font></div><div class="gmail_quote"><div><font color="#000000"><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">certstart_p</span><span style="font-family:monospace,sans-serif;font-size:12.727272033691406px;line-height:18px;white-space:pre-wrap;background-color:rgb(248,248,248)"> </span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">=</span><span style="font-family:monospace,sans-serif;font-size:12.727272033691406px;line-height:18px;white-space:pre-wrap;background-color:rgb(248,248,248)"> </span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">xymon_ASN1_UTCTIME</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">(</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">X509_get_notBefore</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">(</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">peercert</span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12.727272033691406px;vertical-align:baseline;font-family:monospace,sans-serif;line-height:18px;white-space:pre-wrap;background-image:initial;background-color:rgb(248,248,248);background-repeat:initial">));</span></font></div>
<div><span style="font-family:'courier new',monospace">if (certstart_p == NULL){</span><br></div></div><div class="gmail_quote"><font face="courier new, monospace"> errprintf("Invalid certificate\n");<br>
return NULL;<br>}</font></div><div class="gmail_quote"><font face="courier new, monospace">certstart = strdup(certstart_p);</font></div><div class="gmail_quote"><br></div><div class="gmail_quote">In fact probably better to use strndup() to reduce the risk of buffer overflows.</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Please note: I'm not a programmer, and the above code is untested, probably contains bugs, and may cause your house to burn down and other nasty things.</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Cheers</div><span class="HOEnZb"><font color="#888888"><div class="gmail_quote">Jeremy</div><div class="gmail_quote"><br></div></font></span></div></div>
<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote></div><br></div>