Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: library
    • Security Level: Public
    • Labels:
      None
    • Environment:
      Debian GNU/Linux i386 sid (kept up to date)

      Description

      While trying to understand issue in MB-4493 (caused by our unusual auth behavior, which could be client "bug" as well) I tried the following from irb and here's what I got:

      >> Couchbase.new(:hostname => "localhost", :port => 9000, :bucket => "pwprotected", :username =>"Administrator", :password=>"asdasd")

          • buffer overflow detected ***: irb terminated
            ======= Backtrace: =========
            /lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xf7521f70]
            /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xe3eaa)[0xf7520eaa]
            /lib/i386-linux-gnu/i686/cmov/libc.so.6(__strcpy_chk+0x44)[0xf7520224]
            /usr/lib/libcouchbase.so.1(+0x59c1)[0xf6c1b9c1]
            ======= Memory map: ========
            08048000-08049000 r-xp 00000000 08:02 17341823 /usr/bin/ruby1.8
            08049000-0804a000 r--p 00000000 08:02 17341823 /usr/bin/ruby1.8
            0804a000-0804b000 rw-p 00001000 08:02 17341823 /usr/bin/ruby1.8
            08b9b000-08fbd000 rw-p 00000000 00:00 0 [heap]
            f6b79000-f6b95000 r-xp 00000000 08:02 17995831 /lib/i386-linux-gnu/libgcc_s.so.1
            f6b95000-f6b96000 rw-p 0001b000 08:02 17995831 /lib/i386-linux-gnu/libgcc_s.so.1
            f6b96000-f6bcb000 r--s 00000000 08:02 11171194 /var/cache/nscd/hosts
            f6bcb000-f6c11000 r-xp 00000000 08:02 17736136 /usr/lib/libevent-2.0.so.5.1.6
            f6c11000-f6c12000 rw-p 00046000 08:02 17736136 /usr/lib/libevent-2.0.so.5.1.6
            f6c12000-f6c14000 r-xp 00000000 08:02 17736875 /usr/lib/libcouchbase_libevent.so.1.0.0
            f6c14000-f6c15000 r--p 00001000 08:02 17736875 /usr/lib/libcouchbase_libevent.so.1.0.0
            f6c15000-f6c16000 rw-p 00002000 08:02 17736875 /usr/lib/libcouchbase_libevent.so.1.0.0
            f6c16000-f6c26000 r-xp 00000000 08:02 17736895 /usr/lib/libcouchbase.so.1.2.0
            f6c26000-f6c27000 r--p 0000f000 08:02 17736895 /usr/lib/libcouchbase.so.1.2.0
            f6c27000-f6c28000 rw-p 00010000 08:02 17736895 /usr/lib/libcouchbase.so.1.2.0
            f6c28000-f6c33000 r-xp 00000000 08:02 16171260 /var/lib/gems/1.8/gems/yajl-ruby-1.1.0/lib/yajl/yajl.so
            f6c33000-f6c34000 rw-p 0000a000 08:02 16171260 /var/lib/gems/1.8/gems/yajl-ruby-1.1.0/lib/yajl/yajl.so
            f6c34000-f6f52000 rw-p 00000000 00:00 0
            f6f52000-f7072000 r--p 001ee000 08:02 23382439 /usr/lib/locale/locale-archive
            f7072000-f7272000 r--p 00000000 08:02 23382439 /usr/lib/locale/locale-archive
            f7272000-f7311000 rw-p 00000000 00:00 0
            f7311000-f732e000 r-xp 00000000 08:02 17995776 /lib/i386-linux-gnu/libtinfo.so.5.9
            f732e000-f7330000 r--p 0001c000 08:02 17995776 /lib/i386-linux-gnu/libtinfo.so.5.9
            f7330000-f7331000 rw-p 0001e000 08:02 17995776 /lib/i386-linux-gnu/libtinfo.so.5.9
            f7331000-f7353000 r-xp 00000000 08:02 17995778 /lib/i386-linux-gnu/libncurses.so.5.9
            f7353000-f7354000 r--p 00021000 08:02 17995778 /lib/i386-linux-gnu/libncurses.so.5.9
            f7354000-f7355000 rw-p 00022000 08:02 17995778 /lib/i386-linux-gnu/libncurses.so.5.9
            f7355000-f7389000 r-xp 00000000 08:02 17992855 /lib/i386-linux-gnu/libreadline.so.5.2
            f7389000-f738d000 rw-p 00033000 08:02 17992855 /lib/i386-linux-gnu/libreadline.so.5.2
            f738d000-f738e000 rw-p 00000000 00:00 0
            f73b2000-f743d000 rw-p 00000000 00:00 0
            f743d000-f7593000 r-xp 00000000 08:02 17995820 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
            f7593000-f7594000 ---p 00156000 08:02 17995820 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
            f7594000-f7596000 r--p 00156000 08:02 17995820 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
            f7596000-f7597000 rw-p 00158000 08:02 17995820 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so
            f7597000-f759a000 rw-p 00000000 00:00 0
            f759a000-f75be000 r-xp 00000000 08:02 17995814 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
            f75be000-f75bf000 r--p 00023000 08:02 17995814 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
            f75bf000-f75c0000 rw-p 00024000 08:02 17995814 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so
            f75c0000-f75c9000 r-xp 00000000 08:02 17995801 /lib/i386-linux-gnu/i686/cmov/libcrypt-2.13.so
            f75c9000-f75ca000 r--p 00008000 08:02 17995801 /lib/i386-linux-gnu/i686/cmov/libcrypt-2.13.so
            f75ca000-f75cb000 rw-p 00009000 08:02 17995801 /lib/i386-linux-gnu/i686/cmov/libcrypt-2.13.so
            f75cb000-f75f2000 rw-p 00000000 00:00 0
            f75f2000-f75f4000 r-xp 00000000 08:02 17995803 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
            f75f4000-f75f5000 r--p 00001000 08:02 17995803 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
            f75f5000-f75f6000 rw-p 00002000 08:02 17995803 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
            f75f6000-f75fd000 r-xp 00000000 08:02 17995828 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so
            f75fd000-f75fe000 r--p 00006000 08:02 17995828 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so
            f75fe000-f75ff000 rw-p 00007000 08:02 17995828 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so
            f75ff000-f7600000 rw-p 00000000 00:00 0
            f7600000-f7615000 r-xp 00000000 08:02 17995797 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so
            f7615000-f7616000 r--p 00014000 08:02 17995797 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so
            f7616000-f7617000 rw-p 00015000 08:02 17995797 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so
            f7617000-f7619000 rw-p 00000000 00:00 0
            f7619000-f7703000 r-xp 00000000 08:02 17736598 /usr/lib/libruby1.8.so.1.8.7
            f7703000-f7706000 rw-p 000e9000 08:02 17736598 /usr/lib/libruby1.8.so.1.8.7
            f7706000-f7716000 rw-p 00000000 00:00 0
            f7717000-f771e000 r-xp 00000000 08:02 17736748 /usr/lib/libvbucket.so.1.1.0
            f771e000-f771f000 r--p 00006000 08:02 17736748 /usr/lib/libvbucket.so.1.1.0
            f771f000-f7720000 rw-p 00007000 08:02 17736748 /usr/lib/libvbucket.so.1.1.0Aborted
      # Subject Project Status CR V
      For Gerrit Dashboard: &For+RCBC-33=message:RCBC-33

        Activity

        alkondratenko Aleksey Kondratenko (Inactive) created issue -
        Hide
        avsej Sergey Avseyev added a comment -

        Is it possible to get the line in libcouchbase which called strcpy?

        /usr/lib/libcouchbase.so.1(+0x59c1)[0xf6c1b9c1]

        Also what versions of libcouchbase/libvbucket/gem are you using?

        Show
        avsej Sergey Avseyev added a comment - Is it possible to get the line in libcouchbase which called strcpy? /usr/lib/libcouchbase.so.1(+0x59c1) [0xf6c1b9c1] Also what versions of libcouchbase/libvbucket/gem are you using?
        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -
        1. dpkg -l 'couchbas'
          Desired=Unknown/Install/Remove/Purge/Hold
          Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
          / Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
          / Name Version Description
          +++==========================================================================================================-==========================================================================================================================
          ii libcouchbase-dev 1.0.2-1 library for the Couchbase protocol, development files
          ii libcouchbase1 1.0.2-1 library for the Couchbase protocol
        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - dpkg -l ' couchbas ' Desired=Unknown/Install/Remove/Purge/Hold Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend / Err?=(none)/Reinst-required (Status,Err: uppercase=bad) / Name Version Description +++ ===================================================== =====================================================-========================================================================================================================== ii libcouchbase-dev 1.0.2-1 library for the Couchbase protocol, development files ii libcouchbase1 1.0.2-1 library for the Couchbase protocol
        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        gem list --local | grep couchbase
        couchbase (1.1.1)

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - gem list --local | grep couchbase couchbase (1.1.1)
        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        Program received signal SIGABRT, Aborted.
        0xf7fe0430 in __kernel_vsyscall ()
        (gdb) bt
        #0 0xf7fe0430 in __kernel_vsyscall ()
        #1 0xf7d0b941 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        #2 0xf7d0ed72 in *__GI_abort () at abort.c:92
        #3 0xf7d452f5 in __libc_message (do_abort=2, fmt=0xf7e18608 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
        #4 0xf7dc5f70 in *_GI__fortify_fail (msg=<optimized out>) at fortify_fail.c:32
        #5 0xf7dc4eaa in *_GI__chk_fail () at chk_fail.c:29
        #6 0xf7dc4224 in __strcpy_chk (dest=0x83975d0 "s", src=0x80fbfc8 "simple", destlen=6) at strcpy_chk.c:61
        #7 0xf7fc59c1 in ?? () from /usr/lib/libcouchbase.so.1
        #8 0xf7fc6a91 in ?? () from /usr/lib/libcouchbase.so.1
        #9 0xf7a27e79 in event_base_loop () from /usr/lib/libevent-2.0.so.5
        #10 0xf7fbca38 in ?? () from /usr/lib/libcouchbase_libevent.so.1
        #11 0xf7fcbdca in libcouchbase_wait () from /usr/lib/libcouchbase.so.1
        #12 0xf7fd5169 in do_connect (bucket=0x82de188) at couchbase_ext.c:1196
        #13 0xf7fd76e7 in cb_bucket_init (argc=1, argv=0xffffc960, self=4156170480) at couchbase_ext.c:1300
        #14 0xf7ef3ace in call_cfunc (argv=0xffffc960, argc=1, len=-1, recv=4156170480, func=0xf7fd7610 <cb_bucket_init>) at eval.c:5778
        #15 rb_call0 (klass=4156186100, recv=4156170480, id=2961, oid=2961, argc=1, argv=0xffffc960, body=0xf7ba5c78, flags=2) at eval.c:5928
        #16 0xf7ef3d31 in rb_call (klass=4156186100, recv=4156170480, mid=2961, argc=1, argv=0xffffc960, scope=1, self=<optimized out>) at eval.c:6176
        #17 0xf7ef40ec in rb_funcall2 (recv=4156170480, mid=2961, argc=1, argv=0xffffc960) at eval.c:6312
        #18 0xf7ef419a in rb_obj_call_init (obj=4156170480, argc=1, argv=0xffffc960) at eval.c:7825
        #19 0xf7fd456e in cb_bucket_new (argc=1, argv=0xffffc960, klass=4156186100) at couchbase_ext.c:1227
        #20 0xf7ef3ace in call_cfunc (argv=0xffffc960, argc=1, len=-1, recv=4156186100, func=0xf7fd44d0 <cb_bucket_new>) at eval.c:5778
        #21 rb_call0 (klass=4156186080, recv=4156186100, id=3361, oid=3361, argc=1, argv=0xffffc960, body=0xf7ba5cf0, flags=0) at eval.c:5928
        #22 0xf7ef3d31 in rb_call (klass=4156186080, recv=4156186100, mid=3361, argc=1, argv=0xffffc960, scope=0, self=<optimized out>) at eval.c:6176
        #23 0xf7ef9409 in rb_eval (self=4155198180, n=0xf7ab5ef8) at eval.c:3506
        #24 0xf7ef3061 in rb_call0 (klass=4156171320, recv=4155198180, id=3361, oid=15945, argc=<optimized out>, argv=<optimized out>, body=0xf7ab5ea8, flags=0) at eval.c:6079
        #25 0xf7ef3d31 in rb_call (klass=4156171320, recv=4155198180, mid=3361, argc=1, argv=0xffffce90, scope=0, self=<optimized out>) at eval.c:6176
        #26 0xf7ef9409 in rb_eval (self=4157462860, n=0xf7c9b4ac) at eval.c:3506
        #27 0xf7effb3d in ruby_exec_internal () at eval.c:1654
        #28 0xf7effb90 in ruby_exec () at eval.c:1674
        #29 0xf7f022cc in ruby_run () at eval.c:1684
        #30 0x0804868d in main (argc=6, argv=0xffffd394, envp=0xffffd3b0) at main.c:48

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - Program received signal SIGABRT, Aborted. 0xf7fe0430 in __kernel_vsyscall () (gdb) bt #0 0xf7fe0430 in __kernel_vsyscall () #1 0xf7d0b941 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0xf7d0ed72 in *__GI_abort () at abort.c:92 #3 0xf7d452f5 in __libc_message (do_abort=2, fmt=0xf7e18608 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #4 0xf7dc5f70 in *_ GI __fortify_fail (msg=<optimized out>) at fortify_fail.c:32 #5 0xf7dc4eaa in *_ GI __chk_fail () at chk_fail.c:29 #6 0xf7dc4224 in __strcpy_chk (dest=0x83975d0 "s", src=0x80fbfc8 "simple", destlen=6) at strcpy_chk.c:61 #7 0xf7fc59c1 in ?? () from /usr/lib/libcouchbase.so.1 #8 0xf7fc6a91 in ?? () from /usr/lib/libcouchbase.so.1 #9 0xf7a27e79 in event_base_loop () from /usr/lib/libevent-2.0.so.5 #10 0xf7fbca38 in ?? () from /usr/lib/libcouchbase_libevent.so.1 #11 0xf7fcbdca in libcouchbase_wait () from /usr/lib/libcouchbase.so.1 #12 0xf7fd5169 in do_connect (bucket=0x82de188) at couchbase_ext.c:1196 #13 0xf7fd76e7 in cb_bucket_init (argc=1, argv=0xffffc960, self=4156170480) at couchbase_ext.c:1300 #14 0xf7ef3ace in call_cfunc (argv=0xffffc960, argc=1, len=-1, recv=4156170480, func=0xf7fd7610 <cb_bucket_init>) at eval.c:5778 #15 rb_call0 (klass=4156186100, recv=4156170480, id=2961, oid=2961, argc=1, argv=0xffffc960, body=0xf7ba5c78, flags=2) at eval.c:5928 #16 0xf7ef3d31 in rb_call (klass=4156186100, recv=4156170480, mid=2961, argc=1, argv=0xffffc960, scope=1, self=<optimized out>) at eval.c:6176 #17 0xf7ef40ec in rb_funcall2 (recv=4156170480, mid=2961, argc=1, argv=0xffffc960) at eval.c:6312 #18 0xf7ef419a in rb_obj_call_init (obj=4156170480, argc=1, argv=0xffffc960) at eval.c:7825 #19 0xf7fd456e in cb_bucket_new (argc=1, argv=0xffffc960, klass=4156186100) at couchbase_ext.c:1227 #20 0xf7ef3ace in call_cfunc (argv=0xffffc960, argc=1, len=-1, recv=4156186100, func=0xf7fd44d0 <cb_bucket_new>) at eval.c:5778 #21 rb_call0 (klass=4156186080, recv=4156186100, id=3361, oid=3361, argc=1, argv=0xffffc960, body=0xf7ba5cf0, flags=0) at eval.c:5928 #22 0xf7ef3d31 in rb_call (klass=4156186080, recv=4156186100, mid=3361, argc=1, argv=0xffffc960, scope=0, self=<optimized out>) at eval.c:6176 #23 0xf7ef9409 in rb_eval (self=4155198180, n=0xf7ab5ef8) at eval.c:3506 #24 0xf7ef3061 in rb_call0 (klass=4156171320, recv=4155198180, id=3361, oid=15945, argc=<optimized out>, argv=<optimized out>, body=0xf7ab5ea8, flags=0) at eval.c:6079 #25 0xf7ef3d31 in rb_call (klass=4156171320, recv=4155198180, mid=3361, argc=1, argv=0xffffce90, scope=0, self=<optimized out>) at eval.c:6176 #26 0xf7ef9409 in rb_eval (self=4157462860, n=0xf7c9b4ac) at eval.c:3506 #27 0xf7effb3d in ruby_exec_internal () at eval.c:1654 #28 0xf7effb90 in ruby_exec () at eval.c:1674 #29 0xf7f022cc in ruby_run () at eval.c:1684 #30 0x0804868d in main (argc=6, argv=0xffffd394, envp=0xffffd3b0) at main.c:48
        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        simple is pwprotected's bucket password. Not sure if it's good idea to use it at all btw

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - simple is pwprotected's bucket password. Not sure if it's good idea to use it at all btw
        Hide
        avsej Sergey Avseyev added a comment -

        http://review.couchbase.org/14641 it was fixed

        try to use

        deb http://packages.couchbase.com/preview/ubuntu oneiric oneiric/main

        or

        deb http://packages.couchbase.com/preview/ubuntu lucid lucid/main

        And then install preview couchbase gem: gem install couchbase --pre

        (you'll also get Views API btw)

        Show
        avsej Sergey Avseyev added a comment - http://review.couchbase.org/14641 it was fixed try to use deb http://packages.couchbase.com/preview/ubuntu oneiric oneiric/main or deb http://packages.couchbase.com/preview/ubuntu lucid lucid/main And then install preview couchbase gem: gem install couchbase --pre (you'll also get Views API btw)
        Hide
        avsej Sergey Avseyev added a comment -

        The problem fixed in libcouchbase 1.0.3: http://couchbase.com/develop/c/current

        Show
        avsej Sergey Avseyev added a comment - The problem fixed in libcouchbase 1.0.3: http://couchbase.com/develop/c/current
        avsej Sergey Avseyev made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        avsej Sergey Avseyev made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        brett19 Brett Lawson made changes -
        Workflow jira [ 16857 ] Couchbase SDK Workflow [ 44820 ]

          People

          • Assignee:
            avsej Sergey Avseyev
            Reporter:
            alkondratenko Aleksey Kondratenko (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes