Package: gawk Version: 1:3.1.5.dfsg-4calvin1 Followup-For: Bug #418790 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, this bug breaks the fiaif firewall package, ie. the firewall cant be properly started. Attached is the syntax.awk script and the fiaif.conf file. Running $ awk -f /usr/share/fiaif/syntax.awk < /etc/fiaif/fiaif.conf crashes with memory corruption stacktrace (also attached). Applying the suggested patch for this issue fixed the bug for me. Since this bug breaks the fiaif package I will raise the severity. Regards, Bastian - -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24treasure3 (PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gawk depends on: ii libc6 2.7-6 GNU C Library: Shared libraries gawk recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHsslNeBwlBDLsbz4RAtwrAJ9bobI8heJxMDLEeeaoSZ4ygvnhAACfc/5W F6gikLU09PgxtU+HuzR0MLg= =uJMC -----END PGP SIGNATURE-----
############################################################################### # FIAIF global configuration file. # Version $Id: fiaif.conf,v 1.37 2003/05/24 22:50:51 afu Exp $ ############################################################################### ## Reserved (illegal) and private networks ## See: www.iana.com RESERVED_NETWORKS=reserved_networks PRIVATE_NETWORKS=private_networks LOOPBACK_NET="127.0.0.1/255.0.0.0" SERVICES="/etc/services" ############################################################################### # Search path for binaries ############################################################################### BIN_PATH=/sbin:/usr/sbin:/usr/local/sbin ############################################################################### # User configurable parameters ############################################################################### ## Activate fiaif? ## Set this VARIABLE to 0 or delete the line to enable FIAIF. DONT_START=0 ## Configuration directory. All configuration files are read from this ## directory. CONF_DIR=/etc/fiaif/ ## Zone names. Only these zones are used. ## You must have a CONF_<name> entry for each below. ZONES="INT" #ZONES="EXT" ## Zone cofiguration files. ## The files are expected to be found in CONF_DIR ## Use: CONF_XXX=<filename> CONF_INT=zone.int CONF_EXT=zone.ext CONF_TUN=zone.tun #CONF_DMZ=zone.dmz ## Use iptables-save and iptables restore to speed up ## Startup scripts. You should leave this setting to 0. ## Use: SAVE_STATE=0|1 SAVE_STATE=1 ## Change values in /proc/sys/net/* ## When issuing a 'fiaif test' a list of errors and warnings are displayed. ## The SET_PROC_ERRORS, specifies that FIAIF should correct the errors, and ## The SET_PROC_WARNINGS, specifies that FIAIF should correct the warnings. ## SET_PROC_ERRORS=<0|1> ## SET_PROC_WARNINGS=<0|1> SET_PROC_ERRORS=1 SET_PROC_WARNINGS=0 ## Enable TC for any zone. ## Overrides ENABLE_TC in zone configurations. ## Use: ENABLE_TC=<0|1> ENABLE_TC=0 ## File to which commands are written when making a test. ## TEST_FILE=<file name> TEST_FILE="/tmp/fiaif.out" ## If set to one the default policy of all standard chains (input, output ## and forward) will be to ACCEPT unmatched packets. ## If set to zero, the policy will be to DROP these packets, which should ## be the default. ## DEBUG=<0|1> DEBUG=0 ## Set to one, to enable logging via ulogd. ## You need to have the ulogd installed, to enable this functionality ## Note: does not work correctly with kernel 2.4.18. ## ENABLE_ULOGD=<0|1> ENABLE_ULOG=0 ## Set to one if dropped or rejected packets should be logged. ## VERBOSE=<0|1> VERBOSE=1 ## Prefix to pre-pend to log messages ## Use: LOG_PREFIX="FIAIF_" ## This will cause log messages to have [FIAIF_DROP] or [FIAIF_MARTIAN] (etc) ## as their marker LOG_PREFIX="FIAIF_" ## Limit the number of log-messages when packets are dropped. ## Lower to avoid spamming the logs. ## Use: LOG_LEVEL=<level> ## Use: LOG_LIMIT=<limit> ## Use: LOG_BURST=<burst> ## LEVEL : defines the level (or priority) of the logged ## messages - See syslog.conf(5) for more ## If ulog is enabled, the value must be in the range ## 1..32 ## LIMIT : Maximum average matching rate: specified as a number, ## with an optional '/second', '/minute', '/hour', or '/day' ## suffix. ## BURST : Maximum initial number of packets to match: this ## number is incrementedby one every time the limit ## specified above is not reached, up to this number. LOG_LEVEL=INFO LOG_LIMIT=10/minute LOG_BURST=10 ## Load modules upon starting the firewall. The modules will be ## unloaded, when the firewall is stopped. ## MODULES=[module_name]* MODULES="ip_nat_ftp" ## The following lines allows users specified commands to ## be executed before and after FIAIF is started/stopped. ## This can be used to e.g. insert additional rules for traffic counters, ## And then save/restore these. ## Use: ## <PRE|POST>_<START|STOP>_SCTIPT[N]=<shell command> #PRE_START_SCRIPT[0]="" #PRE_START_SCRIPT[1]="" #POST_START_SCRIPT[0]="" #POST_START_SCRIPT[1]="" #PRE_STOP_SCRIPT[0]="" #PRE_STOP_SCRIPT[1]="" #POST_STOP_SCRIPT[0]="" #POST_STOP_SCRIPT[1]="" ## Specify localtion of "Type Of Services" file. ## This can either be empty or a file. TOS_FILE=type_of_services ## Specify aliases file. ## In this file, aliases for IP numbers can be specified. ALIASES=aliases
/etc/init.d/fiaif stop *** glibc detected *** awk: double free or corruption (fasttop): 0x080ac6b8 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7e4f915] /lib/i686/cmov/libc.so.6(cfree+0x90)[0xb7e53380] awk(str2wstr+0x30)[0x8071fa0] awk(do_match+0x136)[0x805b986] awk(r_tree_eval+0x4f3)[0x80819a3] awk[0x8083268] awk(interpret+0x94d)[0x8083cbd] awk(interpret+0x37d)[0x80836ed] awk(interpret+0x1de)[0x808354e] awk(do_input+0x48)[0x806bf08] awk(main+0x1112)[0x80709c2] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7dfa450] awk[0x804c991] ======= Memory map: ======== 08048000-08092000 r-xp 00000000 03:05 230431 /usr/bin/gawk 08092000-08093000 rw-p 0004a000 03:05 230431 /usr/bin/gawk 08093000-080b9000 rw-p 08093000 00:00 0 [heap] b7a00000-b7a21000 rw-p b7a00000 00:00 0 b7a21000-b7b00000 ---p b7a21000 00:00 0 b7bbd000-b7bc9000 r-xp 00000000 03:01 656641 /lib/libgcc_s.so.1 b7bc9000-b7bca000 rw-p 0000b000 03:01 656641 /lib/libgcc_s.so.1 b7be3000-b7de3000 r--p 00000000 03:05 1010277 /usr/lib/locale/locale-archive b7de3000-b7de4000 rw-p b7de3000 00:00 0 b7de4000-b7f2b000 r-xp 00000000 03:01 145913 /lib/i686/cmov/libc-2.7.so b7f2b000-b7f2c000 r--p 00147000 03:01 145913 /lib/i686/cmov/libc-2.7.so b7f2c000-b7f2e000 rw-p 00148000 03:01 145913 /lib/i686/cmov/libc-2.7.so b7f2e000-b7f31000 rw-p b7f2e000 00:00 0 b7f31000-b7f54000 r-xp 00000000 03:01 136444 /lib/i686/cmov/libm-2.7.so b7f54000-b7f56000 rw-p 00023000 03:01 136444 /lib/i686/cmov/libm-2.7.so b7f56000-b7f58000 r-xp 00000000 03:01 136442 /lib/i686/cmov/libdl-2.7.so b7f58000-b7f5a000 rw-p 00001000 03:01 136442 /lib/i686/cmov/libdl-2.7.so b7f5a000-b7f5b000 rw-p b7f5a000 00:00 0 b7f64000-b7f6d000 r--p 00000000 03:05 314301 /usr/share/locale/de/LC_MESSAGES/gawk.mo b7f6d000-b7f74000 r--s 00000000 03:05 978368 /usr/lib/gconv/gconv-modules.cache b7f74000-b7f75000 rw-p b7f74000 00:00 0 b7f75000-b7f76000 r-xp b7f75000 00:00 0 [vdso] b7f76000-b7f92000 r-xp 00000000 03:01 656548 /lib/ld-2.7.so b7f92000-b7f94000 rw-p 0001b000 03:01 656548 /lib/ld-2.7.so bfd85000-bfd9a000 rw-p bffeb000 00:00 0 [stack] /etc/init.d/fiaif: line 55: 31524 Abgebrochen awk -f ${FIAIF_SHARED}/syntax.awk -f ${FIAIF_SHARED}/fiaif_ru les.awk <${CONF_FILE} >${TMP_FILE} Syntax errors in FIAIF configuration files detected. Aborting
syntax.awk
Description: application/awk