Mail archive
acf

Re: [Acf] haserl and luasocket

From: Nathan Angelacos <nangel_at_nothome.org>
Date: Thu, 17 Apr 2008 16:56:12 -0400

Mika Havela wrote:
> Hi Nathan.
> Ncopa created a apk on luasocket. I assume you know what it's used for.
> For the moment, I had some plans on using it for getting BGP
> information to display for the user.
> You can do 'telnet localhost bgpd' to see BGP status. You will need to
> enter password and some commands, but I was hoping to create
> acf-quagga to do it for us. But for this I need to communicate with
> the socket.
> So I started with a easy code (example from PIL book on page 83) on
> how you download a web-page.
> This works just fine when you do it on console 'lua -l socket' and run
> your commands.
> I made a testscript that downloads a page, counts the size and outputs
> the size on the screen.
>
> But... when doing this by using haserl, something goes wrong.
>
> dmesg and /var/log/messages complains about
>
> Apr 8 10:52:25 bsn2vpnc user.info kernel: acf[21775]: segfault at
> 00c0c056 eip 56318e03 esp 5fcb3a90 error 6
> Apr 8 10:52:25 bsn2vpnc user.alert kernel: grsec: From 10.82.3.201:
> signal 11 sent to /usr/share/acf/www/cgi-bin/acf[acf:21775]
> uid/euid:0/0 gid/egid:0/0, parent
> /usr/sbin/mini_httpd[mini_httpd:1580] uid/euid:65534/65534
> gid/egid:65534/65534
>
> I have tried to install a older haserl but it doesn't seem to help.
>
> It's the send() and receive() commands that causes lua/haserl/whatever
> to go wrong.
>
> Do you have any suggestions on what could be wrong?
>
> luasocket is found on Alpine 1.7.16 (and dev.alpinelinux.org)
>
> <<mika>>
>


Ok, documenting what I know so far. This should probably be copied on
the haserl mailing list but...

Using Haserl 0.9.25_rc1, I was able to duplicate the problem.


The segfault is in a memory overwrite in the socket library, but only in
haserl. When running test.lua from lua itself, valgrind is as happy as
can be.

The problem happens in line 95 of h_lua.c (lua_doscript function)

1. Wrote another program to build the lua environment just like haserl
does, and the problem doesn't happen.

2. Did a haserl -debug on my haserl script, and ran through lua. The
segfault didn't happen (valgrind was happy) - so the haserl parser isn't
  making garbage.

3. Made the test program 'include" all the includes from h_lua.c,
including config.h, in case there was some funny include mess. Test
program did not fail.

4. hacked haserl to not load the library, not load environ variables, or
anything. Segfault happened.

5. Modified lua_doscript to run my test code (e.g. I took main() from my
test program, and replaced the guts of lua_doscript. So lua_doscript
itself opened a new lua state, read the script from stdin, and executed
it. The Segfault happened.

Number 5 is interesting. It means that embedding the test program (that
works) inside of haserl causes the segfault. Yet the test program did
not use any haserl functions!

At this point I'm a little lost as to why the problem happens, but
here's the documentation on what was done so far.
Received on Thu Apr 17 2008 - 16:56:12 GMT