Hi Alexander, The problem is that version 3.3.12 is the only one available on the Redhat Repository.
--------------------------------------- Yum info mnogosearch Loaded plugins: product-id, rhnplugin, security, subscription-manager Updating certificate-based repositories. Unable to read consumer identity Installed Packages Name : mnogosearch Arch : x86_64 Version : 3.3.12 Release : 01.static Size : 15 M Repo : installed Summary : Full-featured MySQL based web search engine. URL : http://www.mnogosearch.org/ License : GNU GPL Version 2 Description : mnoGoSearch is a full-featured MySQL based web search engine. mnoGoSearch consists of : two parts. The first part is an indexing mechanism (indexer). The indexer walks over : html hypertext references and stores found words and new references into a database. : The second part is a web CGI front-end to provide search using data collected by the : indexer. : : A PHP and a Perl front-ends are also available from our site http://www.mnogosearch.org/. : : mnoGoSearch first release took place in November 1998. The search engine was named : UDMSearch until the project was acquired by Lavtech.Com Corp. in October 2000 and : its name changed to mnoGoSearch. -------------------------------------------------- Best regards, Philippe -----Original Message----- From: Alexander Barkov [mailto:b...@mnogosearch.org] Sent: 20 March 2013 09:50 To: Philippe DE ROCHAMBEAU Cc: general@mnogosearch.org Subject: Re: [General] Buffer overflow Hi Philippe, So you're actually running mnogosearch-3.3.12 (not 3.3.13 as you reported in the first letter). This problem should be fixed in 3.3.13. This is from the 3.3.13 ChangeLog: > Bug#4803 "buffer overflow detected with search.cgi" was fixed. Please download 3.3.13 from our site and reinstall. Greetings. On 03/20/2013 12:32 PM, Philippe DE ROCHAMBEAU wrote: > Hi, > > uname --all > Linux xxx 2.6.32-279.22.1.el6.x86_64 #1 SMP Sun Jan 13 09:21:40 EST 2013 > x86_64 x86_64 x86_64 GNU/Linux > > --------------- > > [root@xxx cgi-bin]# ./search.cgi "a" > *** buffer overflow detected ***: ./search.cgi terminated > ======= Backtrace: ========= > [0x52dae5] > [0x52da7e] > [0x52d523] > [0x52d408] > [0x440c98] > [0x44d247] > [0x4171dd] > [0x404566] > [0x4b6056] > [0x405201] > ======= Memory map: ======== > 00400000-00685000 r-xp 00000000 fd:00 334904 > /var/www/cgi-bin/search.cgi > 00885000-008e0000 rw-p 00285000 fd:00 334904 > /var/www/cgi-bin/search.cgi > 008e0000-008ec000 rw-p 00000000 00:00 0 > 02484000-0251d000 rw-p 00000000 00:00 0 > [heap] > 399c400000-399c420000 r-xp 00000000 fd:00 318247 > /lib64/ld-2.12.so > 399c420000-399c61f000 ---p 00020000 fd:00 318247 > /lib64/ld-2.12.so > 399c61f000-399c620000 r--p 0001f000 fd:00 318247 > /lib64/ld-2.12.so > 399c620000-399c621000 rw-p 00020000 fd:00 318247 > /lib64/ld-2.12.so > 399c621000-399c622000 rw-p 00000000 00:00 0 > 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 > /lib64/libc-2.12.so > 399cd89000-399cf89000 ---p 00189000 fd:00 318254 > /lib64/libc-2.12.so > 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 > /lib64/libc-2.12.so > 399cf8d000-399cf8e000 rw-p 0018d000 fd:00 318254 > /lib64/libc-2.12.so > 399cf8e000-399cf93000 rw-p 00000000 00:00 0 > 7fc85941b000-7fc859541000 rw-p 00000000 00:00 0 > 7fc85994d000-7fc859a95000 rw-p 00000000 00:00 0 > 7fc859a95000-7fc859aa1000 r-xp 00000000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7fc859aa1000-7fc859ca1000 ---p 0000c000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7fc859ca1000-7fc859ca2000 r--p 0000c000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7fc859ca2000-7fc859ca3000 rw-p 0000d000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7fff73931000-7fff73946000 rw-p 00000000 00:00 0 > [stack] > 7fff739ff000-7fff73a00000 r-xp 00000000 00:00 0 > [vdso] > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 > [vsyscall] > Aborted (core dumped) > > > ------------------ > > [root@xxx cgi-bin]# gdb search.cgi > GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6) > Copyright (C) 2010 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from /var/www/cgi-bin/search.cgi...Missing separate debuginfo > for /var/www/cgi-bin/search.cgi > Try: yum --disablerepo='*' --enablerepo='*-debug*' install > /usr/lib/debug/.build-id/c9/14b8eda4e31a052fb8a432cd1fc5f3e1ee56f0.debug > (no debugging symbols found)...done. > (gdb) run "a" > Starting program: /var/www/cgi-bin/search.cgi "a" > *** buffer overflow detected ***: /var/www/cgi-bin/search.cgi terminated > ======= Backtrace: ========= > [0x52dae5] > [0x52da7e] > [0x52d523] > [0x52d408] > [0x440c98] > [0x44d247] > [0x4171dd] > [0x404566] > [0x4b6056] > [0x405201] > ======= Memory map: ======== > 00400000-00685000 r-xp 00000000 fd:00 334904 > /var/www/cgi-bin/search.cgi > 00885000-008e0000 rw-p 00285000 fd:00 334904 > /var/www/cgi-bin/search.cgi > 008e0000-00985000 rw-p 00000000 00:00 0 > [heap] > 399c400000-399c420000 r-xp 00000000 fd:00 318247 > /lib64/ld-2.12.so > 399c420000-399c61f000 ---p 00020000 fd:00 318247 > /lib64/ld-2.12.so > 399c61f000-399c620000 r--p 0001f000 fd:00 318247 > /lib64/ld-2.12.so > 399c620000-399c621000 rw-p 00020000 fd:00 318247 > /lib64/ld-2.12.so > 399c621000-399c622000 rw-p 00000000 00:00 0 > 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 > /lib64/libc-2.12.so > 399cd89000-399cf89000 ---p 00189000 fd:00 318254 > /lib64/libc-2.12.so > 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 > /lib64/libc-2.12.so > 399cf8d000-399cf8e000 rw-p 0018d000 fd:00 318254 > /lib64/libc-2.12.so > 399cf8e000-399cf93000 rw-p 00000000 00:00 0 > 7ffff776c000-7ffff7892000 rw-p 00000000 00:00 0 > 7ffff7c9e000-7ffff7de6000 rw-p 00000000 00:00 0 > 7ffff7de6000-7ffff7df2000 r-xp 00000000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7ffff7df2000-7ffff7ff2000 ---p 0000c000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7ffff7ff2000-7ffff7ff3000 r--p 0000c000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7ffff7ff3000-7ffff7ff4000 rw-p 0000d000 fd:00 318269 > /lib64/libnss_files-2.12.so > 7ffff7ffe000-7ffff7fff000 r-xp 00000000 00:00 0 > [vdso] > 7ffffffea000-7ffffffff000 rw-p 00000000 00:00 0 > [stack] > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 > [vsyscall] > > Program received signal SIGABRT, Aborted. > 0x000000000047199b in ?? () > (gdb) > > ------------------------- > > (gdb) backtrace > #0 0x000000000047199b in ?? () > #1 0x00000000004be10b in ?? () > #2 0x00000000004ca57e in ?? () > #3 0x000000000052dae5 in ?? () > #4 0x000000000052da7e in ?? () > #5 0x000000000052d523 in ?? () > #6 0x000000000052d408 in ?? () > #7 0x0000000000440c98 in ?? () > #8 0x000000000044d247 in ?? () > #9 0x00000000004171dd in ?? () > #10 0x0000000000404566 in ?? () > #11 0x00000000004b6056 in ?? () > #12 0x0000000000405201 in ?? () > #13 0x00007fffffffe5d8 in ?? () > #14 0x0000000000000000 in ?? () > (gdb) > > > ---------------------- > > [root@xxx cgi-bin]# rpm -qi mnogosearch > Name : mnogosearch Relocations: (not relocatable) > Version : 3.3.12 Vendor: (none) > Release : 01.static Build Date: Thu 15 Dec 2011 > 02:18:31 PM CET > Install Date: Thu 21 Feb 2013 06:08:24 PM CET Build Host: > bar.myoffice.izhnet.ru > Group : Applications/Internet Source RPM: > mnogosearch-3.3.12-01.static.src.rpm > Size : 16239228 License: GNU GPL Version 2 > Signature : (none) > URL : http://www.mnogosearch.org/ > Summary : Full-featured MySQL based web search engine. > Description : > mnoGoSearch is a full-featured MySQL based web search engine. mnoGoSearch > consists of > two parts. The first part is an indexing mechanism (indexer). The indexer > walks over > html hypertext references and stores found words and new references into a > database. > The second part is a web CGI front-end to provide search using data collected > by the > indexer. > > A PHP and a Perl front-ends are also available from our site > http://www.mnogosearch.org/. > > mnoGoSearch first release took place in November 1998. The search engine was > named > UDMSearch until the project was acquired by Lavtech.Com Corp. in October 2000 > and > its name changed to mnoGoSearch. > [root@xxx cgi-bin]# > > -------------------------------- > > Philippe > > > > -----Original Message----- > From: general-boun...@mnogosearch.org > [mailto:general-boun...@mnogosearch.org] On Behalf Of Alexander Barkov > Sent: 19 March 2013 18:54 > To: general@mnogosearch.org > Subject: Re: [General] Buffer overflow > > Hi, > > What are exactly your Linux distribution and version? > > Does it crash on all queries, or on a certain query only? > > Please try to run search.cgi from command line like this: > > ./search.cgi "query words" > > where "query words" are the search words that make it crash. > > Does it crash when started from command line? > > If so, it would be nice to get a gdb backtrace. > > Please do the following: > > gdb search cgi > (gdb) run "query words" > (gdb) backtrace > > Thanks. > > > On 03/19/2013 08:31 PM, Philippe DE ROCHAMBEAU wrote: >> Hello, >> >> When I type a word in the Search Form Input field and press Search!, I >> get a buffer overflow error. >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] *** buffer >> overflow detected ***: /var/www/cgi-bin/search.cgi terminated >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] ======= >> Backtrace: ========= >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52dae5] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52da7e] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52d523] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x52d408] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x440c98] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x44d247] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x4171dd] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x404566] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x4b6056] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] [0x405201] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] ======= >> Memory map: ======== >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 00400000-00685000 r-xp 00000000 fd:00 334904 >> /var/www/cgi-bin/search.cgi >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 00885000-008e0000 rw-p 00285000 fd:00 334904 >> /var/www/cgi-bin/search.cgi >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 008e0000-008ec000 rw-p 00000000 00:00 0 >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 01ee0000-01f6d000 rw-p 00000000 00:00 0 [heap] >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399c400000-399c420000 r-xp 00000000 fd:00 318247 >> /lib64/ld-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399c420000-399c61f000 ---p 00020000 fd:00 318247 /lib64/ld-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399c61f000-399c620000 r--p 0001f000 fd:00 318247 /lib64/ld-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399c620000-399c621000 rw-p 00020000 fd:00 318247 /lib64/ld-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399c621000-399c622000 rw-p 00000000 00:00 0 >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399cc00000-399cd89000 r-xp 00000000 fd:00 318254 /lib64/libc-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399cd89000-399cf89000 ---p 00189000 fd:00 318254 /lib64/libc-2.12.so >> >> [Tue Mar 19 17:24:45 2013] [error] [client xxx.xxx.xxx.xxx] >> 399cf89000-399cf8d000 r--p 00189000 fd:00 318254 >> >> Configuration: mnogosearch 3.3.13 on Linux 2.6.32 >> >> Any help would be greatly appreciated. >> >> Philippe >> >> P In order to preserve the environment, please do not print this >> message unless it is necessary. >> >> >> >> _______________________________________________ >> General mailing list >> General@mnogosearch.org >> http://lists.mnogosearch.org/listinfo/general >> > _______________________________________________ > General mailing list > General@mnogosearch.org > http://lists.mnogosearch.org/listinfo/general > P In order to preserve the environment, please do not print this message > unless it is necessary. > P In order to preserve the environment, please do not print this message unless it is necessary. _______________________________________________ General mailing list General@mnogosearch.org http://lists.mnogosearch.org/listinfo/general
