Bug#917018: wget: Unusable - permanent segmentation fault

2018-12-25 Thread rwpenney 

Hello Bernhard,

I do indeed have a ~/.wget-hsts file, and it has permissions and 
contents that seem suspiciously linked with setup of unprivileged LXC 
containers. If I remove that file, wget seems to work fine. Obviously, 
wget shouldn't just be crashing when it fails to open this file, but at 
least you've given us a good work-around.


Thanks for finding the source of the problem.

Kind regards,

RW Penney

Bug#917018: wget: Unusable - permanent segmentation fault

2018-12-24 Thread Bernhard Übelacker 
Control: fixed 917018 wget/1.19.1-1
Control: tags 917018 + upstream


Dear Maintainer, hello RW Penney,
I had a look and think I found something.
You have by any chance made something like 'chmod 000 ~/.wget-hsts' ?

Because in that case we end up in a backtrace like below.
(And stretch systems with a writeable ~/.wget-hsts are not affected.)

That is because when fp is NULL it is still tried to given to fclose().

Upstream has fixed this in commit [1].

Kind regards,
Bernhard


[1] 
http://git.savannah.gnu.org/cgit/wget.git/commit/src/hsts.c?id=40870e1271c977d9b80734690a5691a68bf05473


(gdb) bt
#0  _IO_new_fclose (fp=fp@entry=0x0) at iofclose.c:53
#1  0x555722ca in hsts_store_open (filename=) at 
../../src/hsts.c:513
#2  0x5556102c in load_hsts () at ../../src/main.c:186
#3  main (argc=argc@entry=6, argv=argv@entry=0x7fffe628) at 
../../src/main.c:1897
#4  0x769b62e1 in __libc_start_main (main=0xfb40 , 
argc=6, argv=0x7fffe628, init=, fini=, 
rtld_fini=, stack_end=0x7fffe618) at ../csu/libc-start.c:291
#5  0x5556147a in _start ()

(gdb) list hsts_store_open
492 hsts_store_open (const char *filename)
493 {
...
508   if (!fp || !hsts_read_database (store, fp, false))
509 {
510   /* abort! */
511   hsts_store_close (store);
512   xfree (store);
513   fclose (fp);
514   goto out;
515 }


From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917018#18 :
Program received signal SIGSEGV, Segmentation fault.
_IO_new_fclose (fp=0x0) at iofclose.c:53
53iofclose.c: No such file or directory.
#0  _IO_new_fclose (fp=0x0) at iofclose.c:53
#1  0x555722ca in ?? ()
#2  0x5556102c in ?? ()
#3  0x769b62e1 in __libc_start_main (main=0xfb40, argc=6, 
argv=0x7fffe848, init=, fini=, 
rtld_fini=, stack_end=0x7fffe838) at ../csu/libc-start.c:291
#4  0x5556147a in ?? ()
Detaching from program: /usr/bin/wget, process 2009


#


# stretch amd64 qemu VM


apt update
apt dist-upgrade

apt install devscripts dpkg-dev systemd-coredump gdb wget-dbgsym


mkdir source/wget/orig -p
cdsource/wget/orig
apt source wget
cd ../..



mkdir /tmp/wget-test
cd/tmp/wget-test
wget -r -k -l inf http://www.debian.org
# no crash ...


root@debian:/tmp/wget-test# uname -a
Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
root@debian:/tmp/wget-test# cat /etc/debian_version 
9.6







gdb -q \
-ex 'set backtrace past-main on' \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/wget/orig/wget-1.18/debian/patches' \
--args wget -r -k -l inf http://www.debian.org



(gdb) disassemble main
   0x55561027 <+5351>:  callq  0x55572190 
   0x5556102c <+5356>:  test   %rax,%rax

(gdb) disassemble hsts_store_open
   0x555722c5 <+309>:   callq  0xf600
   0x555722ca <+314>:   jmpq   0x555721f3 

(gdb) list hsts_store_open
490
491 hsts_store_t
492 hsts_store_open (const char *filename)
493 {
494   hsts_store_t store = NULL;
495
496   store = xnew0 (struct hsts_store);
497   store->table = hash_table_new (0, hsts_hash_func, hsts_cmp_func);
498   store->last_mtime = 0;
499   store->changed = false;
500
501   if (file_exists_p (filename))
502 {
503   if (hsts_file_access_valid (filename))
504 {
505   struct_stat st;
506   FILE *fp = fopen (filename, "r");
507
508   if (!fp || !hsts_read_database (store, fp, false))
509 {
510   /* abort! */
511   hsts_store_close (store);
512   xfree (store);
513   fclose (fp);
514   goto out;
515 }
516
517   if (fstat (fileno (fp), ) == 0)
518 store->last_mtime = st.st_mtime;
519
520   fclose (fp);
521 }
522   else
523 {
524   /*
525* If we're not reading the HSTS database,
526* then by all means act as if HSTS was disabled.
527*/
528   hsts_store_close (store);
529   xfree (store);
530
531   logprintf (LOG_NOTQUIET, "Will not apply HSTS. "
532  "The HSTS database must be a regular and 
non-world-writable file.\n");
533 }
534 }
535
536 out:
537   return store;
538 }



(gdb) disassemble /m hsts_store_open
...
512   xfree (store);
   0x555722b8 <+296>:   mov%rbx,%rdi
   0x555722bb <+299>:   xor%ebx,%ebx
   0x555722bd <+301>:   callq  0xf328

513

Bug#917018: wget: Unusable - permanent segmentation fault

2018-12-21 Thread Bernhard Übelacker 
Hello rwpenney,
just tried to reproduce and collect some information for the maintainer
on a minimal buster amd64 qemu VM.

Unfortunately I could not reproduce the crash
and after 700 files I stopped my test.

Maybe you could run the wget command like that:

gdb -q -ex 'set pagination off' -ex 'set width 0' -ex run -ex bt -ex detach 
-ex quit --args wget -r -k -l inf http://www.debian.org

Or you install a coredump collector like systemd-coredump and
provide the output of journalctl for that time.

In [1] are also some points to get more information into the backtrace.

Kind regards,
Bernhard

[1] https://wiki.debian.org/HowToGetABacktrace

Bug#917018: wget: Unusable - permanent segmentation fault

2018-12-21 Thread rwpenney 
Package: wget
Version: 1.18-5+deb9u2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

In ordinary use cases, 'wget' on Debian-9.6 ("stretch", amd64) is immediately
crashing with a segmentation fault when I try to mirror http or https websites.

A simple case is:
# wget -r -k -l inf http://www.debian.org

I have tried a variety of other URLs, and either http or https protocols.
No error messages are issued other than "Segmentation fault".

Without this basic functionality, "wget" under Debian-9 seems unusable
for http mirroring, which is a key use-case for this package.

Thanks.

-- System Information:
Debian Release: 9.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages wget depends on:
ii  libc62.24-11+deb9u3
ii  libgnutls30  3.5.8-5+deb9u4
ii  libidn11 1.33-1
ii  libnettle6   3.3-1+b2
ii  libpcre3 2:8.39-3
ii  libpsl5  0.17.0-3
ii  libuuid1 2.29.2-1+deb9u1
ii  zlib1g   1:1.2.8.dfsg-5

Versions of packages wget recommends:
ii  ca-certificates  20161130+nmu1+deb9u1

wget suggests no packages.

-- no debconf information