Recently (last few weeks) we've started seeing Squid (2.5.STABLE4 plus the
oldest four official patches, on RedHat 7.1) - or rather, the "pinger"
support program - occasionally reporting
assertion failed: pinger.c:187: "icmp_pktsize <= MAX_PKT_SZ"
(and then terminating).
That's both good and bad - it implies that overlong response data has been
trapped rather than leaving the potential for exploitable buffer overflows,
but leaves Squid without pinger running (it doesn't seem to be restarted
automatically - though that could also be bad if it was happening
continually).
No direct clues (e.g. core dumps) to what is causing it. Is it something
that's being seen more widely, though maybe due to one buggy or malicious
site? Am I right to assume that it should not be a security concern, because
the overlong response was noticed?
Is there scope for pinger handling the situation in some less heavy-handed
(but secure!) way, so that it can continue running rather than terminating?
Also, if pinger terminates, what happens to the data based on pinger's
measurements? Will Squid ignore old and potentially outdated RTT data, or
continue using it (not realising that it's no longer being maintained)?
[On a system where pinger terminated a little over an hour ago, most but by
no means all of the "Network DB Statistics" entries shown by cachemgr have
RTT and hop-count of zero - presumably meaning "unknown" - but some sites
are still shown with non-zero values.]
John Line
Received on Thu Nov 20 2003 - 05:41:51 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:25 MST