Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

core dump linked to authentication

 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Bug Reports
View previous topic :: View next topic  
Author Message
brunonieuwenhuys



Joined: 20 Apr 2010
Posts: 5

PostPosted: Tue Apr 20, 2010 9:10 pm    Post subject: core dump linked to authentication Reply with quote

We believe we have found a bug in Icecast in version 2.3.2 (not the the released code but a version that was taken from a tag around the 2009.03.24 and it looks that it also affects the last version in the trunk.

We studied a core dump generated by icecast.
We found that the crash occurred in the following icecast code:
static void auth_remove_listener (auth_t *auth, auth_client *auth_user)
{
client_t *client = auth_user->client;

if (client->auth->release_listener)
client->auth->release_listener (auth_user);
auth_release (client->auth);
client->auth = NULL;
/* client is going, so auth is not an issue at this point */
client->authenticated = 0;
}

Because client->auth was NULL and so it tried to dereference a NULL pointer:
(gdb) p client->auth->release_listener
Cannot access memory at address 0x10
(gdb) p client->auth
$3 = (struct auth_tag *) 0x0
(gdb) p auth_user
$4 = (auth_client *) 0x7f10d2126b80
(gdb) p auth_user->client
$6 = (client_t *) 0x7f1123690f00

we compare the sources of icecast we used with the 'mainstream' version (icecast-2.3.2) and found that the authentication functionality in question has some significant changes, in particular icecast-2.3.2 has a few more checks for client->auth being not NULL, and the version we used has some functions added that reset this pointer to NULL under some circumstances. This is what probably caused the crash. We have checked in trunk and the situation is similar.

So we added a check for the pointer not being NULL;
But this triggered another core dump.

(gdb) bt
#0 auth_run_thread (arg=<value optimized out>) at auth.c:306
#1 0x000000000042039a in _start_routine (arg=0x7fa1f5e66ba0) at thread.c:657
#2 0x00007fa20a9cefc7 in ?? ()
#3 0x0000000000000000 in ?? ()


The code it crashed on is:

auth->head = auth_user->next;
if (auth->head == NULL)
auth->tailp = &auth->head;
auth->pending_count--;


We checked the value of auth->pending_count, and it was invalid, and at least auth->tailp was also invalid.

I hope this helps to solve the problem
_________________
www.adswizz.com
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Bug Reports All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber