iChain abend : EIP in LIBC.NLM

  • 3577393
  • 17-Apr-2007
  • 27-Apr-2012

Environment

iChain 2.3 SP5a
iChain 2.3

Situation

iChain would intermittently abend. Each abend featured a reference to cn=IntranetGrpOpRiskRptAppRole which is an iChain ACL. When comparing this ACL to other ACLs it was noted that it had two values for the brdsrvsOutgoingAcl attribute. This attribute contains the ACL rules in Base64 format. This seemed odd as all other ACLs had only one value for brdsrvsOutgoingAcl.

Server ICS_SERVER halted Friday, March 30, 2007 2:35:55.189 pm
Abend 1 on P00: Server-5.60.05: Page Fault Processor Exception (Error code 00000000)

Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0010 SS = 0010
EAX = 00000000 EBX = 856A4B40 ECX = 00000000 EDX = 81FF3500
ESI = C86ECC74 EDI = 854A04A0 EBP = 00000000 ESP = C86ECBD0
EIP = C8A00FB0 FLAGS = 00010246
C8A00FB0 0FB601 MOVZX EAX,byte ptr [ECX]=?
EIP in LIBC.NLM at code start +00082FB0h
Access Location: 0x00000000

The violation occurred while processing the following instruction:
C8A00FB0 0FB601 MOVZX EAX,byte ptr [ECX]
C8A00FB3 3C41 CMP AL,41
C8A00FB5 0FB61A MOVZX EBX,byte ptr [EDX]
C8A00FB8 7206 JB C8A00FC0
C8A00FBA 3C5A CMP AL,5A
C8A00FBC 7702 JA C8A00FC0
C8A00FBE 0420 ADD AL,20
C8A00FC0 80FB41 CMP BL,41
C8A00FC3 7208 JB C8A00FCD
C8A00FC5 80FB5A CMP BL,5A



Running process: Server 3 Process
Thread Owned by NLM: SERVER.NLM
Stack pointer: C86EC968
OS Stack limit: C86E5040
Scheduling priority: 67371008
Wait state: 5050030 Blocked on Semaphore
Stack: --856A4B40 ?
8301BB64 (ACLCHECK.NLM|CheckQuerybasedRules+134)

Additional Information:
The CPU encountered a problem executing code in LIBC.NLM. The problem may be in that module or in data passed to that module by a process owned by SERVER.NLM.

<<< BEGIN CUSTOM DATA >>>

EIP: C8A00FB0 (LIBC.NLM|stricmp+10)
EBX data:
856A4B40 00000000 00000000-856A4D40 00000020 ........@Mj. ...
856A4B50 854A0F40 E59F0000-00010013 86A82843 @.J.........C(..
856A4B60 86A8284C 00000000-00000000 00000000 L(..............
856A4B70 00000000 00000000-856A4000 826FB761 .........@j.a.o.
856A4B80 00000000 00000000-856A4840 00000020 ........@Hj. ...
856A4B90 84E6A4A0 E55F0000-00000013 86A827C3 ......_......'..
856A4BA0 86A827CC 00000000-00000000 00000000 .'..............
856A4BB0 00000000 00000000-856A4000 826FB761 .........@j.a.o.

EDX data:
81FF3500 493D6E63 6172746E-4774656E 704F7072 cn=IntranetGrpOp
81FF3510 6B736952 41747052-6F527070 6F2C656C RiskRptAppRole,o
81FF3520 43693D75 6E696168-613D6F2C 6E696D64 u=iChain,o=admin
81FF3530 00000000 00000000-00000000 00000000 ................
81FF3540 00000000 00000000-00000000 00000000 ................
81FF3550 00000000 00000000-00000000 00000000 ................
81FF3560 00000000 00000000-00000000 00000000 ................
81FF3570 00000000 00000000-00000000 00000000 ................

Resolution

Deleted the suspect ACL and recreated it while making sure ConsoleOne was using the latest iChain snapins.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.