BFD returning a Segmentation Fault

[Hachi]

Going to http://x.x.x.x2222/CMD_BRUTE_FORCE_MONITOR ::
Program Error
Details
A segmentation fault has occurred
http://help.directadmin.com/item.php?id=185

[root@direct ~]# tail -f /var/log/directadmin/error.log
2012:02:09-15:42:40: Socket write error: fd is connected to a pipe or socket whose reading end is closed. When this happens the writing process will also receive a SIG_PIPE signal. (Thus, the write return value is seen only if the program catches, blocks or ignores this signal.)
2012:02:09-15:47:20: *** Segmentation fault *** Log::~Log : done : User: admin : x.x.x.x : /CMD_BRUTE_FORCE_MONITOR : sort1=-1 : (null)


cd /usr/local/directadmin
killall -9 directadmin
gdb directadmin
run s

Program received signal SIGSEGV, Segmentation fault.
0x0000003ed4e79ea4 in strncpy () from /lib64/libc.so.6
(gdb) bt full

#0 0x0000003ed4e79ea4 in strncpy () from /lib64/libc.so.6
No symbol table info available.
#1 0x00000000005192e1 in ServerInfo::fill_brute_force_tokens(Send*, ConfigFile&, char const*, char const*, int, ConfigFile*) ()
No symbol table info available.
#2 0x0000000000540237 in Command::brute_force_monitor(char const*, char const*, int, ConfigFile*) ()
No symbol table info available.
#3 0x0000000000450c07 in Command::doCommand(char const*) ()
No symbol table info available.
#4 0x0000000000451203 in Command::run(char const*) ()
No symbol table info available.
#5 0x0000000000563470 in server() ()
No symbol table info available.
#6 0x0000000000563d33 in main ()
No symbol table info available.


Anyone have any ideas?

 

[zEitEr]

Anyone have any ideas?

Did you try to empty a file with BF entries?

 

[btaylor]

Hello and thanks for your reply. Nothing should have been emptied. None of our staff emptied any files and the client would not have tried to empty anything.

 

[Hachi]

[root@direct admin]# more brute_ip.data
209.85.217.135=dovecot1=1&first_entry=1328878981&last_entry=1328878981
209.85.217.136=dovecot1=1&first_entry=1328860981&last_entry=1328860981
209.85.217.138=dovecot1=1&first_entry=1328896981&last_entry=1328896981
209.85.217.139=dovecot1=2&first_entry=1328817721&last_entry=1328832181
209.85.217.158=dovecot1=3&first_entry=1328731321&last_entry=1328839381
209.85.217.160=dovecot1=1&first_entry=1328889781&last_entry=1328889781
209.85.217.161=dovecot1=1&first_entry=1328846581&last_entry=1328846581
209.85.217.163=dovecot1=1&first_entry=1328886181&last_entry=1328886181
209.85.217.166=dovecot1=1&first_entry=1328857381&last_entry=1328857381

Also tried with a blank file and the file removed -- still getting the seg fault error.

 

[daveyw]

I guess it would be time for changing to CSF/LFD instead of APF/BFD.
CSF/LFD is supported in the controlpanel, more info: http://configserver.com/cp/csf.html

It works really nice

 

[Hachi]

For the record, I was able to solve this issue with the help of John from DirectAdmin.

John: "I was able to create the debug binaries and found the issue actually be in the brute_user.data file where there were "creative" usernames tripping up the parser. (= characters where they didn't belong)
I've removed those usernames from the file which solved the issue. (although, there are 2365 pages of output, so the page load is quite slow)

I'll add a fix to the DA binaries for the next release of DA to encode the usernames so special characters don't break the parse."

Following up on his work, I backed up my brute_log_entries.list and brute_user.data files and created new, blank files. This action sped up BFD greatly, and has no affect on black/white listed IPs.

Cheers!

Matt