Re: [naviserver-devel] "ns_server active" request IP - proxy aware?

David Osborne Thu, 05 Oct 2017 08:25:08 -0700

Hi,

After an initial rollout we made a change to our code which massive
increased the number of times ns_server is called with the -checkforproxy
switch - we than started to get intermittent seg faults.


I can reproduce this is test with gdb.
It does seem to be related to the new section of code which checks the
headers for the X-Forwarded-For value.

The backtrace is here:
https://gist.github.com/davidqc/16cdd932509654f3d124e067a9a781bd
Naviserver is built from tip as of 3rd Oct.

I should mention I'm also getting some warnings during build on debian
jessie - not sure if serious or not:
https://gist.github.com/davidqc/a4569fa50d786349b3797c9105754be1

Can you see anything obvious going on here?

Will paste the contents of the links here also:

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa67fc700 (LWP 15992)]
Ns_SetFindCmp (set=set@entry=0x0, key=0x7ffff7ba851f "X-Forwarded-For",
cmp=0x7ffff63885a0 <__strcasecmp_avx>) at set.c:281
281     set.c: No such file or directory.
(gdb) bt
#0  Ns_SetFindCmp (set=set@entry=0x0, key=0x7ffff7ba851f "X-Forwarded-For",
cmp=0x7ffff63885a0 <__strcasecmp_avx>) at set.c:281
#1  0x00007ffff7b6d659 in Ns_SetGetCmp (set=0x0, key=<optimized out>,
cmp=<optimized out>) at set.c:330
#2  0x00007ffff7b67ce0 in AppendConn (dsPtr=dsPtr@entry=0x7fffa67fb570,
connPtr=connPtr@entry=0x6ae908, state=state@entry=0x7ffff7bafcb6 "running",
checkforproxy=checkforproxy@entry=1) at queue.c:2393
#3  0x00007ffff7b65254 in AppendConnList (checkforproxy=<optimized out>,
state=<optimized out>, firstPtr=0x6ae908, dsPtr=<optimized out>) at
queue.c:2456
#4  ServerListActive (dsPtr=0x7fffa67fb570, interp=<optimized out>,
objc=<optimized out>, objv=<optimized out>, poolPtr=0x651820,
nargs=<optimized out>) at queue.c:1041
#5  0x00007ffff7b662a3 in NsTclServerObjCmd (clientData=0x0,
interp=0x7fffc80054f0, objc=-164067936, objv=0x7fffc9a7bca0) at queue.c:1343
#6  0x00007ffff71b5e59 in TclEvalObjvInternal (interp=0x7fffc80054f0,
objc=-138771169, objv=0x7fffc9a7bca0, command=0xffffffffffffffff <error:
Cannot access memory at address 0xffffffffffffffff>,
    length=-1, flags=0) at
/tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclBasic.c:3727
#7  0x00007ffff71fc95e in TclExecuteByteCode (interp=0x0,
interp@entry=0x7fffc80054f0,
codePtr=0x7ffff7ba851f, codePtr@entry=0x7fffb4367690)
    at /tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclExecute.c:2416
#8  0x00007ffff723fce9 in TclObjInterpProcCore (interp=0x7fffc80054f0,
procNameObj=0x7fffd74b8f70, skip=1, errorProc=0x7ffff723fee0
<MakeProcError>)
    at /tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclProc.c:1763
#9  0x00007ffff71b5e59 in TclEvalObjvInternal (interp=0x7fffc80054f0,
objc=-138771169, objv=0x7fffc9a7b9c0, command=0x7fffa67fbc20
"filter_dos_check preauth", length=24, flags=0)
    at /tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclBasic.c:3727
#10 0x00007ffff71b6b29 in TclEvalEx (interp=0x2, script=0x7ffff7ba851f
"X-Forwarded-For", numBytes=-164067936, flags=-939502352, line=-911754816,
clNextOuter=clNextOuter@entry=0x0,
    outerScript=0x7fffa67fbc20 "filter_dos_check preauth") at
/tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclBasic.c:4426
#11 0x00007ffff71b6473 in Tcl_EvalEx (interp=interp@entry=0x7fffc80054f0,
script=<optimized out>, numBytes=<optimized out>, flags=flags@entry=0)
    at /tmp/buildd/tcl8.5-8.5.17/unix/../generic/tclBasic.c:4083
#12 0x00007ffff7b84f58 in NsTclFilterProc (arg=0x29da610, conn=0x6ace20,
why=NS_FILTER_PRE_AUTH) at tclrequest.c:537
#13 0x00007ffff7b59c3f in NsRunFilters (conn=conn@entry=0x6ace20,
why=why@entry=NS_FILTER_PRE_AUTH) at filter.c:160
#14 0x00007ffff7b6775d in ConnRun (connPtr=0x6ace20) at queue.c:2143
#15 NsConnThread (arg=0x6af660) at queue.c:1861
#16 0x00007ffff74b397d in NsThreadMain (arg=<optimized out>) at thread.c:232
#17 0x00007ffff74b49a9 in ThreadMain (arg=<optimized out>) at pthread.c:829
#18 0x00007ffff5e4b064 in start_thread (arg=0x7fffa67fc700) at
pthread_create.c:309
#19 0x00007ffff634c62d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111


Warnings:


gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -g
-Wall -fPIC -g -O2 -fstack-protector-strong -Wformat
-Werror=format-security -fno-unit-at-a-time -pipe -D_FORTIFY_SOURCE=2
-I../include -I"/usr/include/tcl8.5"  -DHAVE_CONFIG_H  -g -Wall -fPIC -g
-O2 -fstack-protector-strong -Wformat -Werror=format-security
-fno-unit-at-a-time -pipe -D_FORTIFY_SOURCE=2 -I../include
-I"/usr/include/tcl8.5"  -DHAVE_CONFIG_H   -D_FORTIFY_SOURCE=2  -c -o
cache.o cache.c
In file included from ../include/nsthread.h:503:0,
                 from ../include/ns.h:41,
                 from nsd.h:33,
                 from cache.c:37:
cache.c: In function 'Ns_CacheSetValueExpires':
cache.c:602:65: warning: passing argument 2 of
'cachePtr->uncommittedTable.createProc' from incompatible pointer type
         (void) Tcl_CreateHashEntry(&cachePtr->uncommittedTable, ePtr,
&isNew);
                                                                 ^
/usr/include/tcl8.5/tcl.h:2388:40: note: in definition of macro
'Tcl_CreateHashEntry'
  (*((tablePtr)->createProc))(tablePtr, key, newPtr)
                                        ^
cache.c:602:65: note: expected 'const char *' but argument is of type
'struct Entry *'
         (void) Tcl_CreateHashEntry(&cachePtr->uncommittedTable, ePtr,
&isNew);
                                                                 ^
/usr/include/tcl8.5/tcl.h:2388:40: note: in definition of macro
'Tcl_CreateHashEntry'
  (*((tablePtr)->createProc))(tablePtr, key, newPtr)
                                        ^
cache.c: In function 'Ns_CacheDeleteEntry':
cache.c:751:65: warning: passing argument 2 of
'ePtr->cachePtr->uncommittedTable.findProc' from incompatible pointer type
     hPtr = Tcl_FindHashEntry(&ePtr->cachePtr->uncommittedTable, ePtr);
                                                                 ^
/usr/include/tcl8.5/tcl.h:2385:38: note: in definition of macro
'Tcl_FindHashEntry'
  (*((tablePtr)->findProc))(tablePtr, key)
                                      ^
cache.c:751:65: note: expected 'const char *' but argument is of type
'struct Entry *'
     hPtr = Tcl_FindHashEntry(&ePtr->cachePtr->uncommittedTable, ePtr);
                                                                 ^
/usr/include/tcl8.5/tcl.h:2385:38: note: in definition of macro
'Tcl_FindHashEntry'
  (*((tablePtr)->findProc))(tablePtr, key)
                                      ^
cache.c: In function 'CacheTransaction':
/usr/include/tcl8.5/tcl.h:2373:2: warning: initialization from incompatible
pointer type
  ((char *) (((tablePtr)->keyType == TCL_ONE_WORD_KEYS || \
  ^
cache.c:939:28: note: in expansion of macro 'Tcl_GetHashKey'
         Ns_Entry  *entry = Tcl_GetHashKey(&cachePtr->uncommittedTable,
hPtr);

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Re: [naviserver-devel] "ns_server active" request IP - proxy aware?

Reply via email to