Bug 106354

Summary: segfault when id is run with ldap authentication
Product: Red Hat Enterprise Linux 3 Reporter: Oliver Sontag <sontag>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: high    
Version: 3.0CC: baublys, jakub, marc.schmitt, nalin, riek, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 207-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-03-23 06:19:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Oliver Sontag 2003-10-06 13:51:24 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a)
Gecko/20030728 Mozilla Firebird/0.6.1

Description of problem:
used authconfig to connect the workstation to our
ldap server (other systems (Debian) work fine with him)

id username segfaults

ldapsearch -x works

Version-Release number of selected component (if applicable):
coreutils-4.5.3-26

How reproducible:
Always

Steps to Reproduce:
1. authconfig (insert values to authenticate via ldap)
2. id username
3. segfault
    

Actual Results:  login is also not possible after that

Expected Results:  should throw up users id and groups 

Additional info:
Comment 1 Daniel Riek 2003-10-10 15:04:26 UTC 
This also leads to a nscd crash. A strace shows the crash short time after
loading of /lib64/libnss_dns.so.2

All on Opteron uniprocessor with Beta2
Comment 2 Tim Waugh 2003-10-10 15:14:57 UTC 
Please fetch and install this RPM:

ftp://people.redhat.com/twaugh/tmp/coreutils-debuginfo-4.5.3-26.i386.rpm

Then run this:

gdb --args id username

with username as before, and at the (gdb) prompt type 'run' and enter.  When it
crashes, type 'bt' and enter and we should be able to see where it crashed. 
Could you please attach the output?

Thanks.
Comment 3 Daniel Riek 2003-10-10 15:29:38 UTC 
(gdb) run
Starting program: /usr/bin/id riek
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...[Thread debugging
using libthread_db enabled]
[New Thread 182894208672 (LWP 4781)]
(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182894208672 (LWP 4781)]
0x0000002a978b1730 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
(gdb) bt
#0  0x0000002a978b1730 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#1  0x0000002a9789fee3 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#2  0x0000002a9789c255 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#3  0x0000002a978a3191 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#4  0x0000002a9789bdda in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#5  0x0000002a978a2e89 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#6  0x0000002a978a0fe1 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#7  0x0000002a978a1836 in _nss_ldap_sasl_interact () from /lib64/libnss_ldap.so.2
#8  0x0000002a97894dce in _nss_ldap_init () from /lib64/libnss_ldap.so.2
#9  0x0000002a97894aa0 in _nss_ldap_init () from /lib64/libnss_ldap.so.2
#10 0x0000002a978959e0 in _nss_ldap_search_s () from /lib64/libnss_ldap.so.2
#11 0x0000002a97895ec3 in _nss_ldap_getbyname () from /lib64/libnss_ldap.so.2
#12 0x0000002a97896b3e in _nss_ldap_getpwnam_r () from /lib64/libnss_ldap.so.2
#13 0x0000002a95712ef7 in getpwnam_r@@GLIBC_2.2.5 () from /lib64/tls/libc.so.6
#14 0x0000002a957129af in getpwnam () from /lib64/tls/libc.so.6
#15 0x000000000040159c in ?? ()
#16 0x0000002a95688101 in __libc_start_main () from /lib64/tls/libc.so.6
#17 0x000000000040112a in ?? ()
(gdb)
Comment 4 Tim Waugh 2003-10-10 15:32:23 UTC 
Jakub, are there known problems in this area?
Comment 5 Jakub Jelinek 2003-10-11 12:25:34 UTC 
The backtrace would need nss_ldap-debuginfo installed to be useful.
I don't know if there are any known bugs in nss_ldap, Nalin might...
Comment 6 Oliver Sontag 2003-10-14 13:18:05 UTC 
backtrace with nss_ldap-debuginfo installed

#0  0x0000002a978b1b22 in sasl_client_new () from /lib64/libnss_ldap.so.2
#1  0x0000002a978a0163 in ldap_int_sasl_open () from /lib64/libnss_ldap.so.2
#2  0x0000002a9789c4d5 in ldap_int_open_connection ()
   from /lib64/libnss_ldap.so.2
#3  0x0000002a978a3411 in ldap_new_connection () from /lib64/libnss_ldap.so.2
#4  0x0000002a9789c05a in ldap_open_defconn () from /lib64/libnss_ldap.so.2
#5  0x0000002a978a3109 in ldap_send_initial_request ()
   from /lib64/libnss_ldap.so.2
#6  0x0000002a978a1261 in ldap_sasl_bind () from /lib64/libnss_ldap.so.2
#7  0x0000002a978a1ab6 in ldap_simple_bind () from /lib64/libnss_ldap.so.2
#8  0x0000002a9789500e in do_bind (ld=0x5090c0, timelimit=2, dn=0x0, 
    pw=0xbf0 <Address 0xbf0 out of bounds>, with_sasl=3025) at ldap-nss.c:1410
#9  0x0000002a97894ce0 in do_open () at ldap-nss.c:1241
#10 0x0000002a97895c20 in _nss_ldap_search_s (args=0x7fbffff970, 
    filterprot=0x2a97b5e300 "(&(objectclass=posixAccount)(uid=%s))", 
    sel=LM_PASSWD, sizelimit=1, res=0x7fbffff908) at ldap-nss.c:2275
#11 0x0000002a97896103 in _nss_ldap_getbyname (args=0x7fbffff970, 
    result=0x2a958a8620, buffer=0x505540 "otrs", buflen=1024, 
    errnop=0x2a95582660, 
    filterprot=0x2a97b5e300 "(&(objectclass=posixAccount)(uid=%s))", 
    sel=LM_PASSWD, parser=0x2a97896a80 <_nss_ldap_parse_pw>) at ldap-nss.c:2625
#12 0x0000002a97896d7e in _nss_ldap_getpwnam_r (
    name=0x11121 <Address 0x11121 out of bounds>, result=0x2,
    buffer=0xbf0 <Address 0xbf0 out of bounds>, buflen=3056, errnop=0xbd1)
    at ldap-pwd.c:190
#13 0x0000002a95712ef7 in getpwnam_r@@GLIBC_2.2.5 () from /lib64/tls/libc.so.6
#14 0x0000002a957129af in getpwnam () from /lib64/tls/libc.so.6
#15 0x000000000040159c in ?? ()
#16 0x0000002a95688101 in __libc_start_main () from /lib64/tls/libc.so.6
#17 0x000000000040112a in ?? ()
Comment 7 Daniel Riek 2003-10-25 14:57:37 UTC 
Ok. This is getting uglier: PPC seems to have the same problem.
Comment 8 Tim Waugh 2003-10-31 10:06:52 UTC 
#8  0x0000002a9789500e in do_bind (ld=0x5090c0, timelimit=2, dn=0x0, 
    pw=0xbf0 <Address 0xbf0 out of bounds>, with_sasl=3025) at ldap-nss.c:1410

This looks like pw (a pointer) got returned from a function whose declaration
wasn't available and so it got converted to int, or something along those lines.
 Reassigning.
Comment 9 Nalin Dahyabhai 2004-03-23 06:19:03 UTC 
This should be fixed in 207-4 and later.
Comment 10 Chris Feist 2005-04-28 22:12:49 UTC 
*** Bug 133063 has been marked as a duplicate of this bug. ***