Hi Matevz,
I suspect that the hammering is that QUALYS sends over a line of text that
is not being handled correctly. A core file would eb handy to see what got
put in the buffer and why the return code doesn't correspond. This is
definitely a bug and, yes, likely to be there today.
Andy
On Mon, 6 Jan 2020, Matev? Tadel wrote:
> Hi,
>
> Our campus security is using Qualys to hammer all http servers/ports and this leads to crashes of our http-enabled xrootd servers about weekly. This is with 4.10, but the code around this does not seem to have changed since that release.
>
> There is some digging I did with gdb below, not sure if myBuff remains valid during processing.
>
> Let me know if you need me to do some more digging.
>
> Cheers,
> Matevz
>
> ```
> (gdb) bt
> #0 0x00007f137e64f337 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
> #1 0x00007f137e650a28 in __GI_abort () at abort.c:90
> #2 0x00007f137f87a1b9 in XrdOucString::operator[] (this=this@entry=0x7f1280750d98, i=i@entry=1) at /usr/src/debug/xrootd/xrootd/src/XrdOuc/XrdOucString.cc:1031
> #3 0x00007f137b618824 in XrdHttpProtocol::Process (this=0x7f1280750cd0, lp=<optimized out>) at /usr/src/debug/xrootd/xrootd/src/XrdHttp/XrdHttpProtocol.cc:677
> #4 0x00007f137f8989f9 in XrdLink::DoIt (this=0x7f12d9948808) at /usr/src/debug/xrootd/xrootd/src/Xrd/XrdLink.cc:441
> #5 0x00007f137f89bdaf in XrdScheduler::Run (this=0x610e58 <XrdMain::Config+440>) at /usr/src/debug/xrootd/xrootd/src/Xrd/XrdScheduler.cc:357
> #6 0x00007f137f89bef9 in XrdStartWorking (carg=<optimized out>) at /usr/src/debug/xrootd/xrootd/src/Xrd/XrdScheduler.cc:87
> #7 0x00007f137f861a27 in XrdSysThread_Xeq (myargs=0x7f12bc63da60) at /usr/src/debug/xrootd/xrootd/src/XrdSys/XrdSysPthread.cc:86
> #8 0x00007f137f415e65 in start_thread (arg=0x7f0e5fefe700) at pthread_create.c:307
> #9 0x00007f137e71788d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
>
> (gdb) up
> #1 0x00007f137e650a28 in __GI_abort () at abort.c:90
> 90 raise (SIGABRT);
> (gdb)
> #2 0x00007f137f87a1b9 in XrdOucString::operator[] (this=this@entry=0x7f1280750d98, i=i@entry=1) at /usr/src/debug/xrootd/xrootd/src/XrdOuc/XrdOucString.cc:1031
> 1031 abort();
> (gdb) p *this
> $1 = {_vptr.XrdOucString = 0x7f137fac0c10 <vtable for XrdOucString+16>, str = 0x7f1255854c50 "", len = 0, siz = 37, static blksize = -1}
> (gdb) up
> #3 0x00007f137b618824 in XrdHttpProtocol::Process (this=0x7f1280750cd0, lp=<optimized out>) at /usr/src/debug/xrootd/xrootd/src/XrdHttp/XrdHttpProtocol.cc:677
> 677 if ((rc == 2) && (tmpline[rc - 1] == '\n')) {
> (gdb) p rc
> $2 = 2
> (gdb) p tmpline
> $3 = {_vptr.XrdOucString = 0x7f137fac0c10 <vtable for XrdOucString+16>, str = 0x7f1255854c50 "", len = 0, siz = 37, static blksize = -1}
> (gdb) info local
> rc = 2
> (gdb) up
> #4 0x00007f137f8989f9 in XrdLink::DoIt (this=0x7f12d9948808) at /usr/src/debug/xrootd/xrootd/src/Xrd/XrdLink.cc:441
> 441 do {rc = Protocol->Process(this);} while (!rc && XrdSched->canStick());
> (gdb) down
> #3 0x00007f137b618824 in XrdHttpProtocol::Process (this=0x7f1280750cd0, lp=<optimized out>) at /usr/src/debug/xrootd/xrootd/src/XrdHttp/XrdHttpProtocol.cc:677
> 677 if ((rc == 2) && (tmpline[rc - 1] == '\n')) {
> (gdb) p myBuffStart
> $4 = 0x7f12541b9063 ""
> (gdb) p myBuffEnd
> $5 = 0x7f12541b907e ""
>
> (gdb) p myBuff->buff
> $10 = 0x7f12541b9000 "\005"
> (gdb) p myBuff
> $11 = (XrdBuffer *) 0x7f125405c8b0
> (gdb) p *myBuff
> $12 = {buff = 0x7f12541b9000 "\005", bsize = 1048576, bindex = 10, next = 0x7f12a4126d60, static pagesz = <optimized out>}
> (gdb) x/64s myBuff->buff
> 0x7f12541b9000: "\005"
> 0x7f12541b9002: "\v"
> 0x7f12541b9004: "\020"
> 0x7f12541b9006: ""
> 0x7f12541b9007: ""
> 0x7f12541b9008: "~"
> 0x7f12541b900a: "."
> 0x7f12541b900c: "Y\233\211\031\320\026\320\026"
> 0x7f12541b9015: ""
> 0x7f12541b9016: ""
> 0x7f12541b9017: ""
> 0x7f12541b9018: "\001"
> 0x7f12541b901a: ""
> 0x7f12541b901b: ""
> 0x7f12541b901c: ""
> 0x7f12541b901d: ""
> 0x7f12541b901e: "\001"
> 0x7f12541b9020: "\270J\237M\034}\317\021\206\036"
> 0x7f12541b902b: " \257n|W"
> 0x7f12541b9031: ""
> 0x7f12541b9032: ""
> 0x7f12541b9033: ""
> 0x7f12541b9034: "\004]\210\212\353\034\311\021\237\350\b"
> 0x7f12541b9040: "+\020H`\002"
> 0x7f12541b9046: ""
> 0x7f12541b9047: ""
> 0x7f12541b9048: "\n\002"
> 0x7f12541b904b: ""
> 0x7f12541b904c: "\370\355\024"
> 0x7f12541b9050: "NTLMSSP"
> 0x7f12541b9058: "\001"
> 0x7f12541b905a: ""
> 0x7f12541b905b: ""
> 0x7f12541b905c: "\a\262"
> 0x7f12541b905f: ""
> 0x7f12541b9060: "\n"
> 0x7f12541b9062: "\n"
> 0x7f12541b9064: "$"
> 0x7f12541b9066: ""
> 0x7f12541b9067: ""
> 0x7f12541b9068: "\004"
> 0x7f12541b906a: "\004"
> 0x7f12541b906c: " "
> 0x7f12541b906e: ""
> 0x7f12541b906f: ""
> 0x7f12541b9070: "QUALYSGUARD123"
> 0x7f12541b907f: ""
> 0x7f12541b9080: ""
> 0x7f12541b9081: ""
> 0x7f12541b9082: ""
> 0x7f12541b9083: ""
> 0x7f12541b9084: ""
> 0x7f12541b9085: "\b"
> 0x7f12541b9087: ""
> 0x7f12541b9088: ""
> 0x7f12541b9089: ""
> 0x7f12541b908a: ""
> 0x7f12541b908b: ""
> 0x7f12541b908c: "$\305\177\205"
> ```
>
>
>
> --
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1106
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1106?email_source=notifications\u0026email_token=AA7NRDQBOCVY3UCXBFKW2WDQ465SVA5CNFSM4KDMLAWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEISH7UA#issuecomment-572817360",
"url": "https://github.com/xrootd/xrootd/issues/1106?email_source=notifications\u0026email_token=AA7NRDQBOCVY3UCXBFKW2WDQ465SVA5CNFSM4KDMLAWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEISH7UA#issuecomment-572817360",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
