[Xastir] Received station packets causing Xastir to crash

Tom Russo russo at bogodyn.org
Sat Nov 20 14:36:12 EST 2010 

On Sat, Nov 20, 2010 at 12:03:51PM -0600, we recorded a bogon-computron collision of the <n5aaa at bellsouth.net> flavor, containing:
> 
> 
> 
> 
> I am running Ubuntu 10.04 and Xastir 2.0.1 and have a problem with
> Xastir crashing after receiving packets from a specific station.   
> 
> I discovered this by running Xastir from terminal mode and turning on
> the debug level (to 1) in xastir,  The crash always seem to occur right
> after processing traffic from a specific station. Is there some setting
> I've missed that will let me block this station.  
> 
> All help appreciated.  
> 
> Is there a way to block the offending station?  

As Jason points out, the *right* thing to do is fix Xastir so it doesn't
crash on this data.  

> Channel data on Port 1
> [????????????@@`??????h?????????f???b?????????@?????????b at c???=3524.12N/08552.35W#/APRSDIGI DEER RUN, TN
> KF4TNP at CHARTER.NET, 145.450- PL127.3 WWW.KF4TNP.NET/ 16.9/23:45]
> tnc_data_clean: called to clean
> KF4TNP-3>APRS,W1ARN-1*,WIDE1-1:=3524.12N/08552.35W#/APRSDIGI DEER RUN,
> TN KF4TNP at CHARTER.NET, 145.450- PL127.3 WWW.KF4TNP.NET/ 16.9/23:45
> tnc_data_clean: clean result
> KF4TNP-3>APRS,W1ARN-1*,WIDE1-1:=3524.12N/08552.35W#/APRSDIGI DEER RUN,
> TN KF4TNP at CHARTER.NET, 145.450- PL127.3 WWW.KF4TNP.NET/ 16.9/23:45
> decode_ax25_line: start parsing
> KF4TNP-3>APRS,W1ARN-1*,WIDE1-1:=3524.12N/08552.35W#/APRSDIGI DEER RUN,
> TN KF4TNP at CHARTER.NET, 145.450- PL127.3 WWW.KF4TNP.NET/ 16.9/23:45
>         Comparing WIDE1-1 to WIDE1-1
> *** buffer overflow detected ***: xastir terminated
[...]
> /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xe5e9fd]

This is all from the routine "relay_digipeat" which suggests you are running
your Xastir as a relay (WIDE1-1) digipeater.  Unfortunately, 
"Comparing ... to ..." is the last debug statement in that routine and it
does a bunch of stuff afterward, something of which is broken.

Look in the routine "relay_digipeat" in db.c and find the string "Comparing"
around line 18219.  Subsequent to this line are a lot of fprintf(stderr,..)
calls that are all commented out with "//".  You might want to uncomment them
all to narrow down where the crash is actually happening.  

I don't think the guess that the /A is confusing things is right, because
it gets all the way down to relay_digipeat before crashing.  The packet
is fairly long, it's possible there's a hard-coded small buffer somewhere that
is getting overrun.

-- 
Tom Russo    KM5VY   SAR502   DM64ux          http://www.swcp.com/~russo/
Tijeras, NM  QRPL#1592 K2#398  SOC#236        http://kevan.org/brain.cgi?DDTNM
 "The truth will set you free, but first it will piss you off."

More information about the Xastir mailing list