Bug#380439: tinyscheme: Segmentation fault on (let (x 1))
On Thu, Aug 10, 2006 at 05:59:53AM +0300, Panu Kalliokoski wrote: > (Just to make sure: you do know it should probably be (let ((x 1)))?) Of course I do. This was just a typo. :-) Nevertheless, a program should never segfault, no matter how bad the input was. Greets, Volker -- Volker Grabsch ---<<(())>>--- Administrator NotJustHosting GbR -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#626185: awstats can't handle bad request log entries
Package: awstats Followup-For: Bug #626185 This issue is essentially the same as Bug #706076 from Apr 2013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706076 Unfortunately, that one was closed prematurely, which is why this bug still exists after 1.5 years. This is really a hassle to system administrators, and essentially describes a possible DOS attack against AWstats. Please do take it serious! To reproduce, all you need is a locally running Apache. Then, the following command: wget https://localhost:80/ triggers the following line in Apache's access.log: 127.0.0.1 - - [11/Jan/2015:18:48:38 +] "\x16\x03" 500 572 "-" "-" If you (or some malicious/dumb client) does this 50 times quickly, AWstats refuses to process this "invalid" log. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#626185: awstats can't handle bad request log entries
Package: awstats Followup-For: Bug #626185 Okay, so these are the exact steps how to reproduce this, using a QEMU/KVM virtual machine running the latest Debian/Stable. If you still can't reproduce this, please provide the Apache log line you got instead, so I can analyze why you can't reproduce this. --- Part A: Setup virtual machine A.1. Download latest Debian/Stable Netinst ISO debian-7.8.0-amd64-netinst.iso A.2. Verify its checksum echo '9792020579824057723446a92ab97d50fdb7af15d265ff4be9081a963e36b3e3e6f44127766219320bc863c6a7ec378388a9d6faa7b51c3f74b259dc9049e071 debian-7.8.0-amd64-netinst.iso' | shasum -c A.3. Create image for QEMU/KVM qemu-img create test.raw 2G A.4. Boot from ISO image qemu-system-x86_64 -boot once=d -enable-kvm -m 1G -hda test.raw -cdrom debian-7.8.0-amd64-netinst.iso A.5. Run installer using all default settings A.6. Finally reboot --- Part B: Within the virtual machine B.1. Login into the virtual machine as root, run the following commands there B.2. Update to latest updates, just to be sure apt-get update apt-get upgrade B.3. Install Apache, using just he default configuration apt-get install apache2-mpm-prefork B.4. Perform invalid HTTP request wget -qO- https://localhost:80 B.5. Show last log line tail -1 /var/log/apache2/access.log B.6. The output of the last command is (timestamp replaced with "..."): ::1 - - [...] "\x16\x03" 501 289 "-" "-" -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706076: awstats: Awstats stops working if first log line is a SSL error
Package: awstats
Followup-For: Bug #706076
Both workarounds,
- Use NbOfLinesForCorruptedLog in awstats
- Adopt apache log configuration to hide such messages
have problematic side effects. I agree that the right solution is to:
(1) log invalid request names only on 400 ("Bad Request") responses
and to
(2) make AWstats deal with at least these log lines
I'm aware that (2) is covered by #626185 and has been forwarded to
upsteam. Unforunately, it hasn't been solved by upstream for more
than 3.5 years.
Nevertheless, I'm glad to read that at least (1) will be solved in
Debian/Jessie, leading to log entries such as:
::1 - - [18/Jan/2015:14:43:27 +0300] "\x16\x03" 400 0 "-" "-"
Any chance that this behaviour will be backported to Debian/Wheezy?
Do you believe it is worth the effort to escalate this to the apache2
package?
> PS: Please remember, we are talking about #706076, so please
> stop posting this to unrelated bugreports.
I'm very sorry for this, but at the time of that writing, #706076 was
unarchived but still closed, so I was unable to extend to that report
(with "reportbug"). Remember, you reopened #706076 with this very
posting.
> > Install Apache, using just the default configuration
>
> It was too hard to specify which configuration you use or should I guess?
I wonder how this matches your appeal in #626185 to be polite and
helpful.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#762162: geeqie: segfault on startup
Package: geeqie Version: 1:1.2-1 Followup-For: Bug #762162 Dear Maintainer, I have the same problem with geeqie. The output of: gdb -batch -n -ex run -ex bt -ex 'thread apply all bt full' --args geeqie is: [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x75e8e610 in g_markup_escape_text () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #0 0x75e8e610 in g_markup_escape_text () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #1 0x779e0317 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #2 0x76166bdb in g_object_set_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #3 0x7616746c in g_object_set () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #4 0x7798ccee in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #5 0x7798b3ba in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #6 0x77983056 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #7 0x77810353 in gtk_activatable_do_set_related_action () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #8 0x7798d154 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #9 0x76166bdb in g_object_set_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #10 0x7616746c in g_object_set () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x7780c7cc in gtk_action_create_tool_item () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #12 0x779ccdef in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #13 0x779cbfc2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #14 0x779cbfc2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #15 0x779cf7af in gtk_ui_manager_ensure_update () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #16 0x779cf811 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 #17 0x0047120e in layout_menu_recent_update (lw=0x797800) at layout_util.c:1214 #18 0x004a5c4f in end_element (context=0x77b4b0, element_name=0x77b5d0 "layout", user_data=0x77b290, error=0x7fffe2e0) at rcfile.c:1141 #19 0x75e8d267 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #20 0x75e8df3e in g_markup_parse_context_parse () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #21 0x004a5ccd in load_config_from_buf (buf=, size=20270, startup=startup@entry=1) at rcfile.c:1173 #22 0x004a5d8d in load_config_from_file (utf8_path=utf8_path@entry=0x77b210 "/home/vog/.config/geeqie/geeqierc.xml", startup=startup@entry=1) at rcfile.c:1195 #23 0x0047cfae in load_options (options=) at options.c:260 #24 0x00419c20 in main (argc=1, argv=0x7fffe618) at main.c:827 Thread 1 (Thread 0x77fc1980 (LWP 8304)): #0 0x75e8e610 in g_markup_escape_text () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #1 0x779e0317 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #2 0x76166bdb in g_object_set_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #3 0x7616746c in g_object_set () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #4 0x7798ccee in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #5 0x7798b3ba in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #6 0x77983056 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #7 0x77810353 in gtk_activatable_do_set_related_action () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #8 0x7798d154 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #9 0x76166bdb in g_object_set_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #10 0x7616746c in g_object_set () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 No symbol table info available. #11 0x7780c7cc in gtk_action_create_tool_item () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #12 0x779ccdef in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #13 0x779cbfc2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #14 0x779cbfc2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #15 0x779cf7af in gtk_ui_manager_ensure_update () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 No symbol table info available. #16 0x779cf811 in ?? () from /usr/lib/x86_
Bug#380439: tinyscheme: Segmentation fault on (let (x 1))
Package: tinyscheme Version: 1.37-3 Severity: important To reproduce the bug, type this at the command line: $ tinyscheme TinyScheme 1.37 > (let (x 1)) Segmentation fault -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.3-satapm Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages tinyscheme depends on: ii libc6 2.3.6-13 GNU C Library: Shared libraries tinyscheme recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
