On Tue, 24 Sep 2024, I wrote:
Next step would be digging deeper and finding the root causes of these buffer overflows and to fix them, maybe some upstream xymon developer, since my C skills are quite limited :-(
According to systemd coredumpctl we have at least coredumps in xymond_client, xymond_rrd and xymond_alert. Here is the output of gdb bt full for them (maybe someone else understands more of what the root cause is): xymond_client: ============== #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 tid = <optimized out> ret = 0 pd = <optimized out> old_mask = {__val = {0}} ret = <optimized out> #1 0x00007fd7c6fe1e9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78 No locals. #2 0x00007fd7c6f92fb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 ret = <optimized out> #3 0x00007fd7c6f7d472 in __GI_abort () at ./stdlib/abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140721929553312, 3558782228032748576, 1675727637748588544, 94097479924736, 94097479924736, 140721929553552, 94097479835289, 140721929553696}}, sa_flags = 2, sa_restorer = 0x7ffc609f85a0} #4 0x00007fd7c6fd6430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd7c70f0210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffc609f86f0, reg_save_area = 0x7ffc609f8680}} fd = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> #5 0x00007fd7c706f0f2 in __GI___fortify_fail (msg=msg@entry=0x7fd7c70f01b6 "buffer overflow detected") at ./debug/fortify_fail.c:26 No locals. #6 0x00007fd7c706dc00 in __GI___chk_fail () at ./debug/chk_fail.c:28 No locals. #7 0x00007fd7c706d835 in ___snprintf_chk (s=s@entry=0x5594c6dd7c02 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31, format=format@entry=0x5594c6dc1e99 "%02x") at ./debug/snprintf_chk.c:29 mode = <optimized out> ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc609f8800, reg_save_area = 0x7ffc609f8740}} ret = <optimized out> #8 0x00005594c6db7581 in snprintf (__fmt=0x5594c6dc1e99 "%02x", __n=35, __s=0x5594c6dd7c02 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54 No locals. #9 md5hash ( input=input@entry=0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44 ctx = 0x5594c83023a0 md_value = "\301tJ\342^\312T\032bGjɨ\f\267I" md_string = "c1", '\000' <repeats 30 times> i = 1 p = 0x5594c6dd7c02 <md_string+2> "" #10 0x00005594c6db2c39 in prepare_fromnet () at ./lib/loadhosts_file.c:104 sres = 0x5594c83023a0 sendstat = <optimized out> fdata = 0x5594c83023e0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"... fhash = <optimized out> contentmd5 = '\000' <repeats 32 times> sres = <optimized out> sendstat = <optimized out> fdata = <optimized out> fhash = <optimized out> #11 load_hostnames (hostsfn=0x7ffc609fb889 "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142 prepresult = <optimized out> ip1 = 0 ip2 = 0 ip3 = 0 ip4 = 0 groupid = <optimized out> pageidx = <optimized out> hostname = '\000' <repeats 40 times>, "z\033\036\307\327\177\000\000\000\000\000\000\000\000\000\000\300\215\237`\374\177\000\000 \220 \307\327\177\000\000h\345\035\307\327\177\000\000\006\000\000\000\004\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\003\000\000\000\000\000\000\020\003\000\000\000\000\000\000\b\000\000\000\000\000\000\000\003\000\000\000\004\000\000\000\360\n\032\000\000\000\000\000\360\n\032\000\000\000\000\000\360\n\032\000\000\000\000\000\034\000\000\000\000\000\000\000\034\000\000\000\000\000\000\000\020\000\000\000\000\000\000\000\001\000\000\000\004", '\000' <repeats 27 times>... dgname = 0x0 dgname_buflen = 0 curtoppage = <optimized out> curpage = <optimized out> pgtail = <optimized out> htree = <optimized out> cfgdata = <optimized out> inbol = <optimized out> ineol = <optimized out> insavchar = 0 '\000' #12 0x00005594c6d83b59 in main (argc=<optimized out>, argv=0x7ffc609f9c48) at ./xymond/xymond_client.c:2181 eoln = <optimized out> restofmsg = <optimized out> p = <optimized out> metadata = {0x41564952 <error: Cannot access memory at address 0x41564952>, 0x0, 0x62696c5f5f004554 <error: Cannot access memory at address 0x62696c5f5f004554>, 0x5f796c7261655f63 <error: Cannot access memory at address 0x5f796c7261655f63>, 0x60 <error: Cannot access memory at address 0x60>, 0x0, 0x18 <error: Cannot access memory at address 0x18>, 0x0 <repeats 14 times>} metacount = <optimized out> nowtimer = 308 msg = 0x7fd7c6ed2010 "@@client#1/xymon12.sail.spinnaker.de|1727205554.416384|127.0.0.1|xymon12.sail.spinnaker.de|linux|linux|\nclient xymon12,sail,spinnaker,de.linux linux\n[date]\nTue Sep 24 21:19:09 CEST 2024\n[uname]\nLinux "... running = 1 argi = <optimized out> seq = 1 sa = {__sigaction_handler = {sa_handler = 0x5594c6d84450 <sig_handler>, sa_sigaction = 0x5594c6d84450 <sig_handler>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0} nextconfigload = 908 configfn = <optimized out> collectors = 0x5594c83022a0 xymond_rrd: =========== #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 tid = <optimized out> ret = 0 pd = <optimized out> old_mask = {__val = {0}} ret = <optimized out> #1 0x00007f892b9cee9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78 No locals. #2 0x00007f892b97ffb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 ret = <optimized out> #3 0x00007f892b96a472 in __GI_abort () at ./stdlib/abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140720416982192, 3558782991895767008, 8200057225952544256, 94861342943168, 94861342943168, 140720416982432, 94861342820529, 140720416982576}}, sa_flags = 2, sa_restorer = 0x7ffc067784b0} #4 0x00007f892b9c3430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f892badd210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffc06778600, reg_save_area = 0x7ffc06778590}} fd = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> #5 0x00007f892ba5c0f2 in __GI___fortify_fail (msg=msg@entry=0x7f892badd1b6 "buffer overflow detected") at ./debug/fortify_fail.c:26 No locals. #6 0x00007f892ba5ac00 in __GI___chk_fail () at ./debug/chk_fail.c:28 No locals. #7 0x00007f892ba5a835 in ___snprintf_chk (s=s@entry=0x5646a0a627c2 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31, format=format@entry=0x5646a0a448b1 "%02x") at ./debug/snprintf_chk.c:29 mode = <optimized out> ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc06778710, reg_save_area = 0x7ffc06778650}} ret = <optimized out> #8 0x00005646a0a2a481 in snprintf (__fmt=0x5646a0a448b1 "%02x", __n=35, __s=0x5646a0a627c2 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54 No locals. #9 md5hash ( input=input@entry=0x5646a26010d0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44 ctx = 0x5646a26000c0 md_value = "\301tJ\342^\312T\032bGjɨ\f\267I" md_string = "c1", '\000' <repeats 30 times> i = 1 p = 0x5646a0a627c2 <md_string+2> "" #10 0x00005646a0a3d699 in prepare_fromnet () at ./lib/loadhosts_file.c:104 sres = 0x5646a26000c0 sendstat = <optimized out> fdata = 0x5646a26010d0 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"... fhash = <optimized out> contentmd5 = '\000' <repeats 32 times> sres = <optimized out> sendstat = <optimized out> fdata = <optimized out> fhash = <optimized out> #11 load_hostnames (hostsfn=0x7ffc0677f88c "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142 prepresult = <optimized out> ip1 = 0 ip2 = 0 ip3 = 0 ip4 = 0 groupid = <optimized out> pageidx = <optimized out> hostname = '\000' <repeats 16 times>, "/usr/lib/xymon/server/etc/rrddefinitions.cfg", '\000' <repeats 3404 times>... dgname = 0x0 dgname_buflen = 0 curtoppage = <optimized out> curpage = <optimized out> pgtail = <optimized out> htree = <optimized out> cfgdata = <optimized out> inbol = <optimized out> ineol = <optimized out> insavchar = 0 '\000' #12 0x00005646a0a0d08f in main (argc=<optimized out>, argv=<optimized out>) at ./xymond/xymond_rrd.c:329 eoln = <optimized out> ctlbuf = '\000' <repeats 4095 times> restofmsg = 0x0 metacount = <optimized out> testname = 0x0 sender = 0x0 ldef = 0x0 n = <optimized out> now = 458 classname = 0x0 pagepaths = 0x0 gotcachectlmessage = <optimized out> metadata = {0x0 <repeats 21 times>} p = <optimized out> hostname = 0x0 tstamp = <optimized out> childstat = 0 msg = 0x7f892877e010 "@@status#8/xymon12.sail.spinnaker.de|1727205704.508355|127.0.0.1||xymon12.sail.spinnaker.de|xymongen|1727207504|green||green|1727205584|0||0||1727205554|linux||0|\nstatus xymon12,sail,spinnaker,de.xymo"... argi = <optimized out> sa = {__sigaction_handler = {sa_handler = 0x5646a0a0d740 <sig_handler>, sa_sigaction = 0x5646a0a0d740 <sig_handler>}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0} exthandler = <optimized out> extids = <optimized out> processor = <optimized out> ctlsockaddr = {sun_family = 1, sun_path = "/var/lib/xymon/tmp/rrdctl.1656", '\000' <repeats 77 times>} ctlsocket = 3 usebackfeedqueue = 0 xymond_alert: ============= #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 tid = <optimized out> ret = 0 pd = <optimized out> old_mask = {__val = {0}} ret = <optimized out> #1 0x00007f7ae955de9f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78 No locals. #2 0x00007f7ae950efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 ret = <optimized out> #3 0x00007f7ae94f9472 in __GI_abort () at ./stdlib/abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {0, 0, 0, 0, 0, 0, 0, 0, 140729827760864, 3558781987793485696, 18061915719574039552, 93857240661856, 93857240661856, 140729827761104, 93857240583353, 140729827761248}}, sa_flags = 2, sa_restorer = 0x7ffe37649ae0} #4 0x00007f7ae9552430 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7ae966c210 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffe37649c30, reg_save_area = 0x7ffe37649bc0}} fd = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> #5 0x00007f7ae95eb0f2 in __GI___fortify_fail (msg=msg@entry=0x7f7ae966c1b6 "buffer overflow detected") at ./debug/fortify_fail.c:26 No locals. #6 0x00007f7ae95e9c00 in __GI___chk_fail () at ./debug/chk_fail.c:28 No locals. #7 0x00007f7ae95e9835 in ___snprintf_chk (s=s@entry=0x555cd77d3f62 <md_string+2> "", maxlen=maxlen@entry=35, flag=flag@entry=2, slen=slen@entry=31, format=format@entry=0x555cd77c0cb9 "%02x") at ./debug/snprintf_chk.c:29 mode = <optimized out> ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffe37649d40, reg_save_area = 0x7ffe37649c80}} ret = <optimized out> #8 0x0000555cd77ba6d1 in snprintf (__fmt=0x555cd77c0cb9 "%02x", __n=35, __s=0x555cd77d3f62 <md_string+2> "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:54 No locals. #9 md5hash ( input=input@entry=0x555cd81e5390 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"...) at ./lib/digest.c:44 ctx = 0x555cd81e5350 md_value = "\301tJ\342^\312T\032bGjɨ\f\267I" md_string = "c1", '\000' <repeats 30 times> i = 1 p = 0x555cd77d3f62 <md_string+2> "" #10 0x0000555cd77b5d89 in prepare_fromnet () at ./lib/loadhosts_file.c:104 sres = 0x555cd81e5350 sendstat = <optimized out> fdata = 0x555cd81e5390 "#\n# Master configuration file for Xymon\n#\n# This file defines several things:\n#\n# 1) By adding hosts to this file, you define hosts that are monitored by Xymon\n# 2) By adding \"page\", \"subpage\", \"group"... fhash = <optimized out> contentmd5 = '\000' <repeats 32 times> sres = <optimized out> sendstat = <optimized out> fdata = <optimized out> fhash = <optimized out> #11 load_hostnames (hostsfn=0x7ffe3764f88f "/usr/lib/xymon/server/etc/hosts.cfg", extrainclude=extrainclude@entry=0x0, fqdn=fqdn@entry=1) at ./lib/loadhosts_file.c:142 prepresult = <optimized out> ip1 = 0 ip2 = 0 ip3 = 0 ip4 = 0 groupid = <optimized out> pageidx = <optimized out> hostname = '\000' <repeats 3720 times>... dgname = 0x0 dgname_buflen = 0 curtoppage = <optimized out> curpage = <optimized out> pgtail = <optimized out> htree = <optimized out> cfgdata = <optimized out> inbol = <optimized out> ineol = <optimized out> insavchar = 0 '\000' #12 0x0000555cd77a09a8 in main (argc=3, argv=0x7ffe3764d1c8) at ./xymond/xymond_alert.c:533 msg = <optimized out> seq = 0 argi = <optimized out> alertcolors = 56 alertinterval = 1800 configfn = <optimized out> checkfn = <optimized out> loadresult = <optimized out> reloadconfigtime = 0 checkpointinterval = <optimized out> acklogfn = '\000' <repeats 2888 times>... acklogfd = 0x0 notiflogfn = "P\003\000\000\000\000\000\000 \000\000\000\000\000\000\000 \000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\004\000\000\000\004\000\000\000p\003\000\000\000\000\000\000p\003\000\000\000\000\000\000p\003\000\000\000\000\000\000D\000\000\000\000\000\000\000D\000\000\000\000\000\000\000\004\000\000\000\000\000\000\000\a\000\000\000\004\000\000\000\320\350\034\000\000\000\000\000\320\350\034\000\000\000\000\000\320\350\034\000\000\000\000\000\020\000\000\000\000\000\000\000\220\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000S\345td\004\000\000\000P\003\000\000\000\000\000\000P\003\000\000\000\000\000\000P\003\000\000\000\000\000\000 \000\000\000\000\000\000\000 \000\000\000\000\000\000\000\b\000\000\000\000\000\000\000"... notiflogfd = 0x0 tracefn = <optimized out> sa = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0} configchanged = <optimized out> lastxmit = 0 Greetings Roland