Welcome to the Builder Academy

Question SYSERR: Write to socket: Connection reset by peer

More
23 Jan 2018 11:46 #7429 by cunning
Guys, i just went through a years worth of core i had, but it was not easy. I also did see this crash 3x last year. I suspected a buffer overflow as well. I have yet to dig into that one because of my normal every day job. Now that i see its more of an issue, I will dig into this a little more.


I had that same issue with Aliases. Once an alias was over 256 characters it corrupted the entire ASCII chain of aliases. I had to go back to the get_line() limit of 256 and noticed that we could handle 512 characters in the buffers we had local.

Please Log in or Create an account to join the conversation.

More
23 Jan 2018 19:23 - 23 Jan 2018 19:24 #7433 by Treblin
Here is the requested output:
Code:
(gdb) up #1 0x00326a89 in free () from /lib/libc.so.6 (gdb) up #2 0x0809d541 in close_socket (d=0x938cf70) at comm.c:2094 2094 free(d->history[cnt]); (gdb) print *d $1 = {descriptor = 154734240, host = "p!A", '\000' <repeats 37 times>, bad_pws = 0 '\000', idle_tics = 0 '\000', connected = 32, desc_num = 6, login_time = 1516187435, showstr_head = 0x0, showstr_vector = 0x0, showstr_count = 0, showstr_page = 0, str = 0x0, backstr = 0x0, max_str = 0, mail_to = 0, has_prompt = 0, inbuf = "\000ET http://www.boxun.com/ HTTP/1.1\r\nHost: www.boxun.com\r\nConne ction: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,"..., last_input = "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537. 36 (KHTML, like Gecko)", '\000' <repeats 425 times>, small_outbuf = "Attempting to Detect Client, Please Wait...\r\n\377\375\030Col lecting Protocol Information... Please Wait.\r\n", '\000' <repeats 926 times>, output = 0x93901d0 "Attempting to Detect Client, Please Wait...\r\n\377\375\03 0Collecting Protocol Information... Please Wait.\r\n", history = 0x8bde4b0, history_pos = 1, bufptr = 97, bufspace = 926, large_outbuf = 0x0, input = { head = 0x0, tail = 0x9390c88}, character = 0x0, original = 0x0, snooping = 0x0, snoop_by = 0x0, next = 0x0, olc = 0x0, pProtocol = 0x9390ea8, events = 0x9390a30} (gdb) print d->history[0] $2 = 0x9390b00 ".1" (gdb) print d->history[1] $3 = 0x9390b08 "(\v9\t: www.boxun.com" (gdb) print d->history[2] $4 = 0x9390b48 "p\v9\tection: keep-alive" (gdb) print d->history[3] $5 = 0x9390b98 "\310\v9\tpt-Encoding: gzip, deflate" (gdb) print d->history[4] $6 = 0x9390bf8 "\200\f9\tpt: */*" (gdb) print d->output $7 = 0x93901d0 "Attempting to Detect Client, Please Wait...\r\n\377\375\030Collecting Protocol Information... Please Wait.\r\n"
Last edit: 23 Jan 2018 19:24 by Treblin.

Please Log in or Create an account to join the conversation.

More
23 Jan 2018 21:00 #7435 by thomas
Ok, some observations:

Nothing in this code is overflowing.
d->history[] is totally messed up. I can recognize the contents as http headers, though the first 4 bytes of each is garbage.

The first four bytes of d->history[1] are 0x28 0x0b 0x39 0x09, or the byte representation of 0x9390b28.

Please run the command
x/40xb 0x9390b28.

This should list out memory contents at that location. It might provide a clue...

Please Log in or Create an account to join the conversation.

More
23 Jan 2018 21:58 #7436 by Treblin
Code:
#0 0x003223d0 in _int_free () from /lib/libc.so.6 (gdb) up #1 0x00326a89 in free () from /lib/libc.so.6 (gdb) up #2 0x0809d541 in close_socket (d=0x938cf70) at comm.c:2094 2094 free(d->history[cnt]); (gdb) x/40xb 0x9390b28 0x9390b28: 0x68 0x0b 0x39 0x09 0x19 0x00 0x00 0x00 0x9390b30: 0x00 0x00 0x00 0x00 0x3a 0x20 0x77 0x77 0x9390b38: 0x77 0x2e 0x62 0x6f 0x78 0x75 0x6e 0x2e 0x9390b40: 0x63 0x6f 0x6d 0x00 0x21 0x00 0x00 0x00 0x9390b48: 0x70 0x0b 0x39 0x09 0x65 0x63 0x74 0x69

Please Log in or Create an account to join the conversation.

More
04 Feb 2018 18:42 #7537 by JTP
Any luck find out why it crashes with some connections ?

Please Log in or Create an account to join the conversation.

More
05 Feb 2018 22:13 #7540 by Treblin
Not sure if Thomas has had any luck tracking it down. Luckily this hasn't been a prevalent issue at least for myself. I've had it happen just the one time.

Please Log in or Create an account to join the conversation.

Time to create page: 0.333 seconds