Bug 1132361
Summary: | use-after-free in dyndns code | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.6 | CC: | dlavu, dpal, grajaiya, jgalipea, lslebodn, mkosek, pbrezina, preichl, tlavigne |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.11.6-24.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-14 04:49:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jakub Hrozek
2014-08-21 08:38:28 UTC
The crash can be reproduced if ip addresses are obtained from network interface e.g. dyndns_iface = eth0 and an interface should have assigned at least two IP addresses (IPv4, IPv6) It needn't crash every time; therefore it is better to export environment variable TALLOC_FREE_FILL man talloc says: If TALLOC_FREE_FILL environment variable is set, the memory occupied by the context is filled with the value of this variable; when memory is freed. The value should be a numeric representation of the character you want to use. For example: echo "TALLOC_FREE_FILL=253" >> /etc/sysconfig/sssd Environment variables from file /etc/sysconfig/sssd are used also on rhel7, because sssd.service file contains option EnvironmentFile option in Service section bash-4.2# grep -C1 EnvironmentFile /usr/lib/systemd/system/sssd.service [Service] EnvironmentFile=-/etc/sysconfig/sssd ExecStart=/usr/sbin/sssd -D -f master: f55d45b931ce6c01e005ae94a69e93abda0d2f1c 1a783fb0be9a48a0abdfe8b52fce551d530487ce 0060992d68ba843d4d90b491a1500b6290789a5c 24000ed5b08499b49595436b8a3b348fcd4012de 12e7e87ccbae0d5c2f338cd019ca51556cbcd3ae bf65fbdd8c3fecd38a66363c3517e7a2679b8186 e210ed5da220acebb6751db4466fe352de08eaeb sssd-1-11: 5446f2a749d3e641b3ffc9feb3240a9b0f4b0598 79d007fa5776849ab556571faef411b478c6970d 03cfd27286a77fc991fca7ba68dee36084cfc2d9 103f2f305ba073f9e9399cac10eefd3685bb291c d111a01626bfe1ec468a2f6e01e6a237286481d8 5b8ed5702b38c2bd39e9c9a44d94ad7dac3040a1 0789077faa81113e3e6ef46f71bde878d8c58023 Unable to reproduce the bug using sssd-1.11.6-28.el6.x86_64 on RHEL6. Followed the steps adding TALLOC_FREE_FILL=253 to /etc/sysconfig/sssd and environment variable on a host with two interfaces, eth0:ipv4:ipv6. Marking this fix as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1375.html |