Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buffer overflow detected #66

Open
eliotalanfoss opened this issue Aug 31, 2023 · 6 comments
Open

buffer overflow detected #66

eliotalanfoss opened this issue Aug 31, 2023 · 6 comments

Comments

@eliotalanfoss
Copy link

When running the socks server as a systemd unit, and increasing the soft limit of the number of open files in the systemd unit file to 500000, I periodically get the service crashing because the microsocks program terminates with a
*** buffer overflow detected ***: terminated
I increased the file limit in order to accomadate more connections simultaneously, but now I am running into this problem. Is it a bug?
@rofl0r
Copy link
Owner

rofl0r commented Aug 31, 2023

maybe. could you enable core dumps, rebuild microsocks with debug info make CFLAGS="-O0 -g3", and then load the core with gdb next time it happens ? that would give us a backtrace pointing to where it happens.
does this happen only with the high fd limit ?

@clyfish
Copy link

clyfish commented Jan 17, 2024
edited

Version: be54581

┌──Register group: general─────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│rax            0x0      0                                            rbx            0x0      0                                            │
│rcx            0x7fcf8f7c54fd   140529442247933                      rdx            0x0      0                                            │
│rsi            0x0      0                                            rdi            0x0      0                                            │
│rbp            0x7fcf8c1c9f90   0x7fcf8c1c9f90                       rsp            0x7fcf8c1c9ae0   0x7fcf8c1c9ae0                       │
│r8             0x7fcf8c1ca700   140529385645824                      r9             0x18     24                                           │
│r10            0x10     16                                           r11            0x0      0                                            │
│r12            0x0      0                                            r13            0x7fcf8c1ca9c0   140529385646528                      │
│r14            0x7fcf8c1ca700   140529385645824                      r15            0x0      0                                            │
│rip            0x401e89 0x401e89 <clientthread+474>                  eflags         0x10217  [ CF PF AF IF RF ]                           │
│cs             0x33     51                                           ss             0x2b     43                                           │
   ┌───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
   │0x401e75 <clientthread+454>     cmpl   $0xffffffff,-0x4(%rbp)                                                                          │
   │0x401e79 <clientthread+458>     je     0x401e85 <clientthread+470>                                                                     │
   │0x401e7b <clientthread+460>     mov    -0x4(%rbp),%eax                                                                                 │
   │0x401e7e <clientthread+463>     mov    %eax,%edi                                                                                       │
   │0x401e80 <clientthread+465>     callq  0x400eb0 <close@plt>                                                                            │
   │0x401e85 <clientthread+470>     mov    -0x10(%rbp),%rax                                                                                │
  >│0x401e89 <clientthread+474>     mov    0x24(%rax),%eax                                                                                 │
   │0x401e8c <clientthread+477>     mov    %eax,%edi                                                                                       │
   │0x401e8e <clientthread+479>     callq  0x400eb0 <close@plt>                                                                            │
   │0x401e93 <clientthread+484>     mov    -0x10(%rbp),%rax                                                                                │
   │0x401e97 <clientthread+488>     movl   $0x1,0x2c(%rax)                                                                                 │
   └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
multi-thre Thread 0x7fcf8 In: clientthread                                                                          Line: ??   PC: 0x401e89

@rofl0r
Copy link
Owner

rofl0r commented Jan 17, 2024

why are you testing a version from 2019 ? use latest git. also i don't see a usable backtrace in your paste. compile with -g3 to get source-level debug info instead of x86 asm.

@clyfish
Copy link

clyfish commented Jan 18, 2024

@rofl0r Because it was launched three years ago.
Crashed on this line:

microsocks/sockssrv.c

Line 335 in be54581

close(t->client.fd);

@rofl0r
Copy link
Owner

rofl0r commented Jan 18, 2024

well, i studied the code again and can't see anything that could cause this. i'd suggest you get the latest code, rebuild it with address sanitizer, and wait for the next crash, which will hopefully be accompanied with useful output from asan.

@clyfish
Copy link

clyfish commented Jan 18, 2024

OK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rofl0r @clyfish @eliotalanfoss