Bug 1400422
| Summary: | Use-after free in resolver in case the fd is writeable and readable at the same time | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> | ||||
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Amith <apeetham> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.3 | CC: | ekeck, grajaiya, hkhot, jhrozek, lslebodn, mkosek, mzidek, nsoman, orion, pbrezina, sgoveas, tscherf | ||||
| Target Milestone: | rc | Keywords: | ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | sssd-1.15.0-1.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1404340 (view as bug list) | Environment: | |||||
| Last Closed: | 2017-08-01 09:02:33 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1404340 | ||||||
| Attachments: |
|
||||||
|
Description
Jakub Hrozek
2016-12-01 08:02:45 UTC
There is no reliable reproducer. For testing, I would recommend to run our regression tests for the resolver and the fail over code. Hi Namita, could you please qa_ack this bug in Steeve's absence this week? See comment #1 about reproducer. The customer impact is an intermittent crash in their environment and because we are already planning a 7.3 z-stream update, I would like to include this bug as well. Thank you! Fixed upstream:
master: 9676b464dd428557ff5a648e1351a3972440396f
sssd-1-14: fefdd70237cbe82af7d8845131e45401e73b3b07
sssd-1-13: 07959a61f12cd9e60dff6651f4e1ce05c83c4da7
Hi Thorsten, could you please add GSSApproved for this bug? It's a crasher for the customer and a fix is available.. Created attachment 1276398 [details]
core_backtrace
Is this the same crash? Can't find a backtrace in either bug report so hard to tell.
(In reply to Orion Poplawski from comment #8) > Created attachment 1276398 [details] > core_backtrace > > Is this the same crash? Can't find a backtrace in either bug report so hard > to tell. No, I'm afraid yours is a different issue, because the backtrace of this bug would be (judging by commit message of its fix): Invalid read of size 4 at fd_input_available (async_resolv.c:147) by epoll_event_loop (tevent_epoll.c:728) by epoll_event_loop_once (tevent_epoll.c:926) by std_event_loop_once (tevent_standard.c:114) by _tevent_loop_once (tevent.c:533) by tevent_common_loop_wait (tevent.c:637) by std_event_loop_wait (tevent_standard.c:140) by server_loop (server.c:702) by main (data_provider_be.c:587) Yours goes through sss_ldap_init_send Orion, Please file a new bug. Verified Sanity only on SSSD Version: sssd-1.15.2-29.el7.x86_64 The automated regression round for the FAILOVER suite which covers the resolver code as well, was executed successfully on beaker. See beaker job: https://beaker.engineering.redhat.com/jobs/1860966 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294 *** Bug 1894237 has been marked as a duplicate of this bug. *** |