Bug 1366266
| Summary: | /usr/libexec/sssd/sssd_pam: Program terminated with signal 11, Segmentation fault | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> | ||||||
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 7.3 | CC: | grajaiya, jhrozek, ksiddiqu, lslebodn, mkosek, mzidek, nmadhesh, pbrezina, sumenon | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | sssd-1.14.0-16.el7 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2016-11-04 07:20:22 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Sudhir Menon
2016-08-11 12:24:00 UTC
Created attachment 1190048 [details]
backtrace
Created attachment 1190049 [details]
coredump
===Some contents of the file in the traceback folder== cat crash_function ldb_msg_find_element cat cmdline /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files cat exploitable Likely crash reason: Jump to an invalid address Exploitable rating (0-9 scale): 6 cat kernel 3.10.0-489.el7.x86_64 cat reason sssd_pam killed by SIGSEGV [System Logs]: Aug 10 17:52:04 master.testrelm.test kernel: sssd_pam[22349]: segfault at 8 ip 00007f7c991e27a9 sp 00007fffa73e6880 error 4 in libldb.so.1.1.26[7f7c991d5000+2d000] Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core [User Logs]: Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core According to coredump, we crashed because we did not check
the return value of sysdb_search_user_by_upn
(gdb) l 1540
1535 if (preq->pd->name_is_upn) {
1536 ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
1537
1538 /* Since sysdb_search_user_by_upn() searches the whole cache we
1539 * have to set the domain so that it matches the result. */
1540 sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
1541 if (sysdb_name == NULL) {
1542 DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
1543 return EINVAL;
1544 }
It's already fixed in upstream https://git.fedorahosted.org/cgit/sssd.git/commit/?id=5cda8428d23266aaaf4d7cddba50311202365c16
and it is fixed in sssd-1.14.0-16
Upstream ticket: https://fedorahosted.org/sssd/ticket/3132 Hi Sudhir, Lukas is right and this bug is fixed in the recent build. Can you please try it out? In the meantime it would be nice to get qa_ack as well so we can add this bug to the errata. Jakub, I did install the latest build of sssd-1.14.0-18.el7.x86_64 along with ipa-server-4.4.0-7.el7.x86_64 and i don't see a crash yet. But I would like to keep the machine running for the day before marking this as VERIFIED. Segfault message is not seen anymore. Verified on RHEL7.3 using sssd-1.14.0-18.el7.x86_64 ipa-server-4.4.0-7.el7.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2476.html |