New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closing fd created by gnutls_global_init when ran with `--daemon` #271

Closed
aucampia opened this Issue Sep 5, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@aucampia

aucampia commented Sep 5, 2016

If I start nzbget 17.1 with --daemon I get the following error in nzbget log file:

Tue Sep  6 00:07:28 2016    ERROR   TLS handshake failed: Error in the system's randomness device.

And when I connected to the web user interface it crashes

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/home/iwana/.local/opt/nzbget-17.1/bin/nzbget --configfile /home/iwana/.config/'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f742eedc0a7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7f73d5ffb700 (LWP 11172))]
(gdb) thread apply 1 bt

Thread 1 (Thread 0x7f73d5ffb700 (LWP 11172)):
#0  0x00007f742eedc0a7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007f742eedd3ea in __GI_abort () at abort.c:89
#2  0x00007f742fd91b2e in rnd_func (_ctx=_ctx@entry=0x0, length=length@entry=264, data=data@entry=0x7f73c40041c0 "\030\002")
    at /var/tmp/portage/net-libs/gnutls-3.3.24/work/gnutls-3.3.24/lib/nettle/pk.c:66
#3  0x00007f742e0696b7 in nettle_mpz_random_size (x=x@entry=0x7f73d5ffa640, ctx=ctx@entry=0x0, random=random@entry=0x7f742fd91af0 <rnd_func>, bits=2112)
    at /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/bignum-random.c:53
#4  0x00007f742e069734 in nettle_mpz_random (x=x@entry=0x7f73d5ffa640, ctx=ctx@entry=0x0, random=random@entry=0x7f742fd91af0 <rnd_func>, n=n@entry=0x7f73d5ffa718)
    at /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/bignum-random.c:91
#5  0x00007f742e06abe1 in rsa_blind (m=0x7f73d5ffa6a0, ri=0x7f73d5ffa630, c=0x7f73d5ffa610, random=0x7f742fd91af0 <rnd_func>, random_ctx=0x0, pub=0x7f73d5ffa710)
    at /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/rsa-sign-tr.c:57
#6  nettle_rsa_compute_root_tr (pub=pub@entry=0x7f73d5ffa710, key=key@entry=0x7f73d5ffa740, random_ctx=random_ctx@entry=0x0, random=random@entry=0x7f742fd91af0 <rnd_func>, 
    x=x@entry=0x7f73d5ffa700, m=m@entry=0x7f73d5ffa6a0) at /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/rsa-sign-tr.c:96
#7  0x00007f742e06ae49 in nettle_rsa_pkcs1_sign_tr (pub=pub@entry=0x7f73d5ffa710, key=key@entry=0x7f73d5ffa740, random_ctx=random_ctx@entry=0x0, 
    random=random@entry=0x7f742fd91af0 <rnd_func>, length=<optimized out>, digest_info=0x7f73c40045c0 "010\r\006\t`\206H\001e\003\004\002\001\005", s=s@entry=0x7f73d5ffa700)
    at /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/rsa-pkcs1-sign-tr.c:55
#8  0x00007f742fd943d1 in _wrap_nettle_pk_sign (algo=<optimized out>, signature=0x7f73d5ffa860, vdata=0x7f73d5ffa800, pk_params=0x7f73c40022c0)
    at /var/tmp/portage/net-libs/gnutls-3.3.24/work/gnutls-3.3.24/lib/nettle/pk.c:630
#9  0x00007f742fd0de47 in gnutls_privkey_sign_data (signer=0x7f73c4002270, hash=hash@entry=GNUTLS_DIG_SHA256, flags=flags@entry=0, data=data@entry=0x7f73d5ffa850, 
    signature=signature@entry=0x7f73d5ffa860) at /var/tmp/portage/net-libs/gnutls-3.3.24/work/gnutls-3.3.24/lib/gnutls_privkey.c:788
#10 0x00007f742fd00755 in _gnutls_check_key_cert_match (res=res@entry=0x7f73c4000980) at /var/tmp/portage/net-libs/gnutls-3.3.24/work/gnutls-3.3.24/lib/gnutls_cert.c:947
#11 0x00007f742fd0c1d4 in gnutls_certificate_set_x509_key_file2 (res=0x7f73c4000980, certfile=<optimized out>, keyfile=<optimized out>, type=GNUTLS_X509_FMT_PEM, pass=<optimized out>, 
    flags=0) at /var/tmp/portage/net-libs/gnutls-3.3.24/work/gnutls-3.3.24/lib/gnutls_x509.c:1399
#12 0x000000000040bcf3 in TlsSocket::Start (this=0x7f73c40008c0) at daemon/connect/TlsSocket.cpp:268
#13 0x000000000040acf5 in Connection::StartTls (this=<optimized out>, isClient=isClient@entry=false, certFile=<optimized out>, keyFile=<optimized out>) at daemon/connect/Connection.cpp:890
#14 0x000000000049fff8 in RequestProcessor::Run (this=0x7f741c000dd0) at daemon/remote/RemoteServer.cpp:131
#15 0x00000000004b335b in Thread::thread_handler (object=0x7f741c000dd0) at daemon/util/Thread.cpp:168
#16 0x00007f743059f5c4 in start_thread (arg=0x7f73d5ffb700) at pthread_create.c:334
#17 0x00007f742ef90f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

So I did some tracing - I added a sleep in NZBGet::Daemonize to check what FDs are open before it starts closing - and saw fd 3 was dev/urandom

# lsof -np `pgrep -x nzbget`
...
nzbget  10055 iwana    3r   CHR    1,9      0t0     1034 /dev/urandom

After everything is started up it becomes:

# lsof -np `pgrep -x nzbget`
...
nzbget  12496 iwana    3u   CHR      1,3      0t0      1029 /dev/null

I then used ltrace to see what is opening it

# ltrace -o /var/tmp/nzbget.bug -C -i -n 2 -w 100 -e 'SYS_open' -s 999 -S -ttt -T /home/iwana/.local/opt/nzbget-17.1/bin/nzbget --configfile ~/.config/nzbgetd.conf --daemon
1473113829.307076 [0x7fd458047140] SYS_open("/dev/urandom", 0, 00)                                                   = 3 <0.000050>                                                           
            open64 (ip = 0x7fd458047140)
            gnutls_openpgp_set_recv_key_function (ip = 0x7fd457836d79)
            gnutls_openpgp_set_recv_key_function (ip = 0x7fd45783733e)
            gnutls_supplemental_get_name (ip = 0x7fd4577ac99c)
            gnutls_global_init (ip = 0x7fd4577a0f36)
            gnutls_openpgp_set_recv_key_function (ip = 0x7fd457782a5c)
            _dl_rtld_di_serinfo (ip = 0x7fd458261d3a)
            _dl_rtld_di_serinfo (ip = 0x7fd458261e23)
            realloc (ip = 0x7fd45825416a)

So it seems the strategy for closing all fds causes some problems with gnutls which uses an fd for /dev/urandom which is closed in the process.

I'm using gnutls-3.3.24.

I did not have this issue with 16.4

Currently as a workaround I just start it with --server

@hugbug

This comment has been minimized.

Show comment
Hide comment
@hugbug

hugbug Sep 9, 2016

Member

I removed the code which closed all file descriptors. The whole daemonize-function was copied from somewhere many years ago without full understanding of what it does and why.

I believe it wasn't correct to close all file descriptors, don't see a reason for that. Only descriptors for standard IO must be reinitialized.

Please test with GnuTLS on your system.

Member

hugbug commented Sep 9, 2016

I removed the code which closed all file descriptors. The whole daemonize-function was copied from somewhere many years ago without full understanding of what it does and why.

I believe it wasn't correct to close all file descriptors, don't see a reason for that. Only descriptors for standard IO must be reinitialized.

Please test with GnuTLS on your system.

@hugbug hugbug added the bug label Sep 17, 2016

@hugbug hugbug added this to the v18 milestone Sep 17, 2016

@hugbug

This comment has been minimized.

Show comment
Hide comment
@hugbug

hugbug Sep 17, 2016

Member

Closing this as fixed. Please reopen if it is still causing problems.

Member

hugbug commented Sep 17, 2016

Closing this as fixed. Please reopen if it is still causing problems.

@hugbug hugbug closed this Sep 17, 2016

hugbug added a commit that referenced this issue Oct 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment