Re: cf-monitord - required?

Wed, 02 Dec 2009 06:45:32 -0800 

I didn't think cf-monitord was required, I am just taking stabs in the dark on 
this one. cf-serverd has been crashing a few times a day now and it is driving 
me crazy trying to figure it out. It has nothing to do with cfengine (as far as 
I can tell), but with the low level SSL functions. Maybe someone on this list 
can help me.

It always crashes in the same spot:

unnamed block in sha1_block_data_order(c = 0x2020a5e8, p = 0x2003a527, num = 
67064724), line 269 in "sha_locl.h"
sha1_block_data_order(c = 0x2020a5e8, p = 0x2003a527, num = 67064724), line 269 
in "sha_locl.h"
SHA1_Update(c = 0x2020a5e8, data_ = 0x2003a511, len = 4294967244), line 325 in 
"md32_common.h"
m_sha1.update(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266), line 77 
in "m_sha1.c"
EVP_DigestUpdate(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266), line 
316 in "digest.c" <<<<<<<
ssleay_rand_bytes(buf = "  \271`", num = 22), line 485 in "md_rand.c" <<<<<<<
RAND_bytes(buf = "  \271`", num = 32), line 227 in "rand_lib.c"
bnrand(pseudorand = 0, rnd = 0x2020a4d8, bits = 256, top = 0, bottom = 0), line 
152 in "bn_rand.c"
BN_rand(rnd = 0x2020a4d8, bits = 256, top = 0, bottom = 0), line 213 in 
"bn_rand.c"
AuthenticationDialogue(conn = 0x2021a898, recvbuffer = "", recvlen = 280), line 
2369 in "server.c"
BusyWithConnection(conn = 0x2021a898), line 1018 in "server.c"
HandleConnection(conn = 0x2021a898), line 885 in "server.c"
_pthread_body(??) at 0xd0111780

I see this as the culprit:
EVP_DigestUpdate(ctx = 0x204077a0, data = 0x2003a511, count = 4294967266), line 
316 in "digest.c"

That "count=4294967266" number is a dead give away. Some negative number just 
got stuffed into a wrong type. It all starts in

ssleay_rand_bytes(buf = "  \271`", num = 22), line 485 in "md_rand.c":


                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                if (k > 0)
                        {
                        MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); 
<<<<<<<
                        MD_Update(&m,&(state[0]),k);
                        }


k=40
MD_DIGEST_LENGTH is 20
st_idx=1053
st_num=1023

So a negative number is being sent to MD_Update (MD_DIGEST_LENGTH/2-k = -30) 
which eventually causes an overflow. The SSL code is the definition of 
insanity, I have no idea what is going on inside it.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to