Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 987666 - [abrt] GeoIP-1.4.8-6.fc19: geoiplookup: Process /usr/bin/geoiplookup was killed by signal 11 (SIGSEGV)
Summary: [abrt] GeoIP-1.4.8-6.fc19: geoiplookup: Process /usr/bin/geoiplookup was kill...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: GeoIP
Version: 19
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Philip Prindeville
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:897cfdbf51248e9da8f56a0d78e...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-23 20:19 UTC by Stephen John Smoogen
Modified: 2015-04-15 15:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-23 20:24:08 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (deleted)
2013-07-23 20:19 UTC, Stephen John Smoogen
no flags Details
File: cgroup (deleted)
2013-07-23 20:19 UTC, Stephen John Smoogen
no flags Details
File: core_backtrace (deleted)
2013-07-23 20:19 UTC, Stephen John Smoogen
no flags Details
File: dso_list (deleted)
2013-07-23 20:19 UTC, Stephen John Smoogen
no flags Details
File: environ (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details
File: limits (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details
File: maps (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details
File: open_fds (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details
File: proc_pid_status (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details
File: var_log_messages (deleted)
2013-07-23 20:20 UTC, Stephen John Smoogen
no flags Details

Description Stephen John Smoogen 2013-07-23 20:19:44 UTC
Description of problem:
Tried to read a gzipd file.

Version-Release number of selected component:
GeoIP-1.4.8-6.fc19

Additional info:
reporter:       libreport-2.1.5
backtrace_rating: 4
cmdline:        geoiplookup -f GeoLiteCity.dat.gz 72.240.117.247
crash_function: geoiplookup
executable:     /usr/bin/geoiplookup
kernel:         3.9.9-302.fc19.x86_64
runlevel:       N 5
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 geoiplookup at geoiplookup.c:273

Comment 1 Stephen John Smoogen 2013-07-23 20:19:48 UTC
Created attachment 777458 [details]
File: backtrace

Comment 2 Stephen John Smoogen 2013-07-23 20:19:51 UTC
Created attachment 777459 [details]
File: cgroup

Comment 3 Stephen John Smoogen 2013-07-23 20:19:54 UTC
Created attachment 777460 [details]
File: core_backtrace

Comment 4 Stephen John Smoogen 2013-07-23 20:19:57 UTC
Created attachment 777462 [details]
File: dso_list

Comment 5 Stephen John Smoogen 2013-07-23 20:20:01 UTC
Created attachment 777463 [details]
File: environ

Comment 6 Stephen John Smoogen 2013-07-23 20:20:07 UTC
Created attachment 777464 [details]
File: limits

Comment 7 Stephen John Smoogen 2013-07-23 20:20:12 UTC
Created attachment 777465 [details]
File: maps

Comment 8 Stephen John Smoogen 2013-07-23 20:20:17 UTC
Created attachment 777466 [details]
File: open_fds

Comment 9 Stephen John Smoogen 2013-07-23 20:20:22 UTC
Created attachment 777467 [details]
File: proc_pid_status

Comment 10 Stephen John Smoogen 2013-07-23 20:20:28 UTC
Created attachment 777468 [details]
File: var_log_messages

Comment 11 Philip Prindeville 2013-07-23 20:24:08 UTC
If there's anywhere in the documentation that suggests that geoiplookup works with compressed files, please point it out and I'll reopen this bug and fix the documentation.

Comment 12 Stephen John Smoogen 2013-07-23 20:31:03 UTC
The bug isn't that it didn't use the file I downloaded from

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

but that it segfaulted with a Sig 11. There are root level programs that use geoiplookup in places which a sig-11 could possibly mean a security problem. However I understand that I didn't use the program correctly.

Comment 13 Philip Prindeville 2013-07-28 15:49:22 UTC
(In reply to Stephen John Smoogen from comment #12)
> The bug isn't that it didn't use the file I downloaded from
> 
> wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
> 
> but that it segfaulted with a Sig 11. There are root level programs that use
> geoiplookup in places which a sig-11 could possibly mean a security problem.
> However I understand that I didn't use the program correctly.

That would not be a Fedora packaging issue but an upstream issue that the utility isn't verifying the file type first.

Please open a bug upstream.

Comment 14 Paul Howarth 2015-04-15 15:42:22 UTC
FWIW, this should be fixed in GeoIP 1.6.5 currently in testing.


Note You need to log in before you can comment on or make changes to this bug.