[Pkg-nagios-devel] Bug#361233: segfaults in nrpe server

Fri Apr 7 10:16:35 UTC 2006

Package: nagios-nrpe-server
Version: 2.0-7
Severity: important
Tags: patch

When using --no-ssl in nrpe server and running it as daemon the children
all segfault when shutting down.

While it doesn't stop nrpe server from working it floods the kernel log
on archs that do log segfaults:

Apr  7 12:14:33 angela kernel: [ 4416.747546] nrpe[17647]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:33 angela kernel: [ 4416.747905] nrpe[17645]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.810391] nrpe[17655]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.863524] nrpe[17660]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.874868] nrpe[17663]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
Apr  7 12:14:34 angela kernel: [ 4417.990873] nrpe[17674]: segfault at 0000000000000030 rip 00002ba661114dd1 rsp 00007fffffc45e20 error 4
....


The problem is that nrpe server tries to free SSL contexts even when
they aren't initialized.  Not good.  :)

Please apply:

diff -u nagios-nrpe-2.0/src/nrpe.c nagios-nrpe-2.0/src/nrpe.c

--- nagios-nrpe-2.0/src/nrpe.c
+++ nagios-nrpe-2.0/src/nrpe.c
@@ -765,9 +765,11 @@
 		syslog(LOG_ERR,"Could not read request from client, bailing out...");
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
-		syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+			}
 #endif
 
 		return;
@@ -780,8 +782,10 @@
 		syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			}
 #endif
 
 		return;
@@ -810,8 +814,10 @@
 	                }
 
 #ifdef HAVE_SSL
-		SSL_shutdown(ssl);
-		SSL_free(ssl);
+		if (ssl) {
+			SSL_shutdown(ssl);
+			SSL_free(ssl);
+			}
 #endif
 
 		return;
@@ -931,8 +937,10 @@
 #endif
 
 #ifdef HAVE_SSL
-	SSL_shutdown(ssl);
-	SSL_free(ssl);
+	if (ssl) {
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		}
 #endif
 
 	/* log info to syslog facility */
diff -u nagios-nrpe-2.0/debian/changelog nagios-nrpe-2.0/debian/changelog
--- nagios-nrpe-2.0/debian/changelog
+++ nagios-nrpe-2.0/debian/changelog
@@ -1,3 +1,9 @@
+nagios-nrpe (2.0-7.0.0.weasel3) unstable; urgency=low
+
+  * Fix segfault when freeing unused ssl context.
+
+ -- Peter Palfrader <weasel at came.sbg.ac.at>  Fri,  7 Apr 2006 11:59:59 +0200
+
 nagios-nrpe (2.0-7.0.0.weasel2) unstable; urgency=low
 
   * Apply my randomness fix patch for nrpe.



-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


