icecast-kh
icecast-kh copied to clipboard
Published
20 hours ago •
karlheyes
karlheyes
kh22 (rev ea3554b) crashes (segfault) when serving XSL files protected using htpasswd authentication.
Hi Karl,
I encountered a bug that crashes the current icecast2-kh (revision ea3554b) icecast.xml.txt
Authentication is functioning properly for streams and static files, but it causes icecast to crash when attempting to protect xslt files: status.xsl / status2.xsl.
Below is the backtrace of the crash that occurs when requesting an XSLT file.
(gdb) backtrace full
#0 0x000055555557edf1 in _xslt_transform (doc=0x7fffdc002770, xslfilename=0x7fffdc0011c0 "/home/patrice/icecast-kh/web/status2.xsl", client=0x7fffe0000fa0, admin=<optimized out>) at xslt.c:661
x = 0x7fffdc006f80
#1 0x000055555557f789 in xslt_transform (doc=<optimized out>, xslfilename=<optimized out>, client=<optimized out>) at xslt.c:671
No locals.
#2 0x000055555557988b in stats_transform_xslt (client=client@entry=0x7fffe0000fa0, uri=0x7fffe8021370 "/status2.xsl") at stats.c:1157
doc = <optimized out>
mount = 0x0
ret = <optimized out>
xslpath = 0x7fffdc0011c0 "/home/patrice/icecast-kh/web/status2.xsl"
#3 0x000055555558d417 in add_authenticated_listener (mount=<optimized out>, mount@entry=0x7fffe8021370 "/status2.xsl", mountinfo=<optimized out>, client=client@entry=0x7fffe0000fa0) at auth.c:537
ret = 0
__func__ = "add_authenticated_listener"
#4 0x000055555558dfd0 in auth_postprocess_listener (auth_user=0x7fffe8021320) at auth.c:585
ret = <optimized out>
auth = <optimized out>
mountinfo = <optimized out>
mount = 0x7fffe8021370 "/status2.xsl"
client = 0x7fffe0000fa0
ret = <optimized out>
client = <optimized out>
auth = <optimized out>
mountinfo = <optimized out>
mount = <optimized out>
__func__ = "auth_postprocess_listener"
#5 auth_new_listener (auth_user=0x7fffe8021320) at auth.c:274
client = <optimized out>
client = <optimized out>
__func__ = "auth_new_listener"
#6 auth_new_listener (auth_user=0x7fffe8021320) at auth.c:251
client = <optimized out>
__func__ = "auth_new_listener"
#7 0x000055555558e15d in auth_run_thread (arg=arg@entry=0x555555612090) at auth.c:397
auth_user = 0x7fffe8021320
pending = <optimized out>
handler = 0x555555612090
auth = 0x555555611510
id = 5
__func__ = "auth_run_thread"
#8 0x000055555559c871 in _start_routine (arg=0x7fffe8010a70) at thread.c:768
start = 0x7fffe8010a70
start_routine = 0x55555558e060 <auth_run_thread>
real_arg = 0x555555612090
thread = 0x7fffe80213b0
#9 0x00007ffff75ccac3 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#10 0x00007ffff765e850 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
My environnent : Ubuntu 22 LTS x86_64
root@ice03:~/icecast-kh/web# dpkg -l | grep xslt
ii libnginx-mod-http-xslt-filter 1.18.0-6ubuntu14.4 amd64 XSLT Transformation module for Nginx
ii libxslt1-dev:amd64 1.1.34-4ubuntu0.22.04.1 amd64 XSLT 1.0 processing library - development kit
ii libxslt1.1:amd64 1.1.34-4ubuntu0.22.04.1 amd64 XSLT 1.0 processing library - runtime library
ii xsltproc 1.1.34-4ubuntu0.22.04.1 amd64 XSLT 1.0 command line processor
it seem that _xslt_transform expect the request to be attached to a worker, but since it's authenticated, the request seem to be threaded. client->worker is empty when authenticated.
# manually triggered backtrace when the xslt_transform is not protected by authentication :
#0 _xslt_transform (doc=0x7fffe8007af0, xslfilename=xslfilename@entry=0x7fffe8006540 "/home/patrice/icecast-kh/web/status2.xsl", client=client@entry=0x7fffe0000e40, admin=0) at xslt.c:662
#1 0x000055555557f75f in xslt_transform (doc=<optimized out>, xslfilename=xslfilename@entry=0x7fffe8006540 "/home/patrice/icecast-kh/web/status2.xsl", client=client@entry=0x7fffe0000e40) at xslt.c:673
#2 0x000055555557988b in stats_transform_xslt (client=client@entry=0x7fffe0000e40, uri=0x7fffe80033f0 "/status2.xsl") at stats.c:1157
#3 0x000055555558d3e7 in add_authenticated_listener (mount=<optimized out>, mount@entry=0x7fffe80033f0 "/status2.xsl", mountinfo=<optimized out>, client=client@entry=0x7fffe0000e40) at auth.c:537
#4 0x000055555558e774 in auth_add_listener (mount=mount@entry=0x7fffe80033f0 "/status2.xsl", client=client@entry=0x7fffe0000e40) at auth.c:741
#5 0x0000555555564c49 in _handle_get_request (client=0x7fffe0000e40) at connection.c:1898
#6 0x000055555557c49a in worker (arg=arg@entry=0x555555642b80) at client.c:876
#7 0x000055555559c841 in _start_routine (arg=0x555555642c70) at thread.c:768
#8 0x00007ffff75ccac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#9 0x00007ffff765e850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
# backtrace of an xslt protected with htpasswd auth :
#0 _xslt_transform (doc=0x7fffdc000ba0, xslfilename=xslfilename@entry=0x7fffe8001870 "/home/patrice/icecast-kh/web/status.xsl", client=client@entry=0x7fffe0000ba0, admin=0) at xslt.c:662
#1 0x000055555557f75f in xslt_transform (doc=<optimized out>, xslfilename=xslfilename@entry=0x7fffe8001870 "/home/patrice/icecast-kh/web/status.xsl", client=client@entry=0x7fffe0000ba0) at xslt.c:673
#2 0x000055555557988b in stats_transform_xslt (client=client@entry=0x7fffe0000ba0, uri=0x555555608020 "/status.xsl") at stats.c:1157
#3 0x000055555558d3e7 in add_authenticated_listener (mount=<optimized out>, mount@entry=0x555555608020 "/status.xsl", mountinfo=<optimized out>, client=client@entry=0x7fffe0000ba0) at auth.c:537
#4 0x000055555558dfa0 in auth_postprocess_listener (auth_user=0x7fffe80017c0) at auth.c:585
#5 auth_new_listener (auth_user=0x7fffe80017c0) at auth.c:274
#6 auth_new_listener (auth_user=0x7fffe80017c0) at auth.c:251
#7 0x000055555558e12d in auth_run_thread (arg=arg@entry=0x55555560fb20) at auth.c:397
#8 0x000055555559c841 in _start_routine (arg=0x7fffe8001870) at thread.c:768
#9 0x00007ffff75ccac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#10 0x00007ffff765e850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81