Bug 1350146

Summary: Segmentation fault happens when escd runs with a NULL display.
Product: Red Hat Enterprise Linux 6 Reporter: Flos Qi Guo <qguo>
Component: escAssignee: Jack Magne <jmagne>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.8CC: arubin, mharmsen, nkinder, rpattath, rrelyea
Target Milestone: rc   
Target Release: 6.9   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: esc-1.1.0-28.el6 Doc Type: No Doc Update
Doc Text:
I believe this is a problem that most users will not have known they were having in the first place. This fix will merely remove a problem the user is not aware of. Any explanation will probably be more trouble than it is worth to the user.
 Story Points: ---
Clone Of:
: 1358500 (view as bug list) Environment:
Last Closed: 2017-03-21 11:39:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1269194, 1358500, 1365846    

Description Flos Qi Guo 2016-06-26 05:28:45 UTC 
> Description of problem:
Segmentation fault happens when escd runs with a NULL display.

> Version-Release number of selected component (if applicable):
RHEL6: esc-1.1.0-26.el6
RHEL5: esc-1.1.0-14.el5_9.1
And maybe the upstream is also affected.

> How reproducible:
100%

> Steps to Reproduce:
I find a reliable reproducer as follows:

1. Install the latest esc package on RHEL(RHEL5 - esc-1.1.0-14.el5_9.1, RHEL6 - esc-1.1.0-26.el6)

2. Make sure there's no DISPLAY in your environment:

  $ echo $DISPLAY
  ==>NULL

3. Execute the 'escd' like this:

  $ /usr/lib64/esc-1.1.0/escd --key_Inserted="/usr/bin/esc" --on_Signal="/usr/bin/esc"

  At this time, a 'segfault' message will be reported in the /var/log/messages.

In order to get more information, we can enable the debug variables:

$ export NSPR_LOG_MODULES=all:5
$ export NSPR_LOG_FILE=/tmp/debug.log

From the /tmp/debug.log, we can see that escd fails to open display:
~~~
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Failed to initialize Crypto library! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Error initializing CoolKey System, this will result in problems recognizing Smart Cards! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Error Obtaining X Display! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Attempted XOpenDisplay: 0 
~~~

> Actual results:
escd causes a segfault.

> Expected results:
escd should exit without segfault.

> Additional info:
I believe the core dump file suggested an unreported bug which affects RHEL5, RHEL6 and maybe upstream. Take a look at the gdb output:

~~~
Core was generated by `./escd --key_Inserted="/usr/bin/esc" --on_Signal="/usr/bin/esc"'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  XNextEvent (dpy=0x0, event=0x7fffbe94e3e0) at NextEvent.c:47
#1  0x000000000040916d in main ()
(gdb) f 1
#1  0x000000000040916d in main ()
(gdb) l
42		register Display *dpy;
43		register XEvent *event;
44	{
45		register _XQEvent *qelt;
46		
47		LockDisplay(dpy);
48		
49		if (dpy->head == NULL)
50		    _XReadEvents(dpy);
51		qelt = dpy->head;
(gdb) f 0
#0  XNextEvent (dpy=0x0, event=0x7fffbe94e3e0) at NextEvent.c:47
47		LockDisplay(dpy);
(gdb) l
42		register Display *dpy;
43		register XEvent *event;
44	{
45		register _XQEvent *qelt;
46		
47		LockDisplay(dpy);
48		
49		if (dpy->head == NULL)
50		    _XReadEvents(dpy);
51		qelt = dpy->head;
(gdb) 
~~~

Relevant code:
** escd.cpp:
~~~
    display = XOpenDisplay(NULL);

    if(!display)
    {
        PR_LOG( escDLog, PR_LOG_ALWAYS, ("%s Daemon: Error Obtaining X Display! \n",GetTStamp(tBuff,56)));
    }

    PR_LOG( escDLog, PR_LOG_ALWAYS, ("%s Daemon: Attempted XOpenDisplay: %p \n",GetTStamp(tBuff,56),display)); 
    while ("looping forever") XNextEvent(display,&event); <<<----- HERE
~~~

If display is NULL, escd should quit rather than continue to pass the display to XNextEvent().
Comment 2 Jack Magne 2016-06-27 18:19:17 UTC 
Thanks for the report.
Comment 6 Roshni 2016-11-21 20:35:31 UTC 
[root@dhcp129-152 ~]# rpm -qi esc
Name        : esc                          Relocations: (not relocatable)
Version     : 1.1.0                             Vendor: Red Hat, Inc.
Release     : 28.el6                        Build Date: Wed 02 Nov 2016 05:08:06 PM EDT
Install Date: Mon 21 Nov 2016 03:29:57 PM EST      Build Host: x86-031.build.eng.bos.redhat.com
Group       : Applications/Internet         Source RPM: esc-1.1.0-28.el6.src.rpm
Size        : 1321296                          License: GPL+
Signature   : RSA/8, Wed 09 Nov 2016 12:48:32 PM EST, Key ID 938a80caf21541eb
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://directory.fedora.redhat.com/wiki/CoolKey
Summary     : Enterprise Security Client Smart Card Client
Description :
Enterprise Security Client allows the user to enroll and manage their


Verification steps as explained in comment 4. There were no seg fault messages in /var/log/messages. The following were seen in ESC logs

-1563986144[1f7da20]: Loaded library a.out (init)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: Initializing Daemon...
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: Nmber of args! 3
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[0]: /usr/lib64/esc-1.1.0/escd
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[1]: --key_Inserted=/usr/bin/esc
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[2]: --on_Signal=/usr/bin/esc
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: keyInsertedCommand: /usr/bin/esc.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: got v1
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: got n1...
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: onSignalCommand: /usr/bin/esc.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeySetCallbacks: prompt (null)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeyRegisterListener: aListener 7ffd1f106b10
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeyInit: appDir ./
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] NSSManager::NSSManager:
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Initializing the NSS Crypto Library.
-1563986144[1f7da20]: Loaded library /usr/lib64/libfreeblpriv3.so (load lib)
-1563986144[1f7da20]: Loaded library /usr/lib64/libsoftokn3.so (load lib)
-1563986144[1f7da20]: /usr/lib64/libfreeblpriv3.so incr => 2 (find lib)
-1563986144[1f7da20]: Loaded library /usr/lib64/libnssdbm3.so (load lib)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS:
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: db init failed try simple init.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: tried NSS_NoDB_Init res 0 .
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: About to try SECMOD_AddNewModule :libcoolkeypk11.so
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: modSpec library="libcoolkeypk11.so" name="COOL Key Module" parameters="noAppletOK=yes" NSS="slotParams={0x00000002=[slotFlags='PublicCerts']}"

-1563986144[1f7da20]: Loaded library libcoolkeypk11.so (load lib)
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] InitNSS: Done SECMOD_LoadUserModule 1f9a260
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] SmartCardMonitoringThread::SmartCardMonitoringThread :
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] SmartCardMonitoringThread::Start :
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] Daemon: Error Obtaining X Display!
Comment 8 errata-xmlrpc 2017-03-21 11:39:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0767.html