Bug 161030

Summary: krb5: free() invalid pointed detected by glibc
Product: [Fedora] Fedora Reporter: Bojan Smojver <bojan>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED NEXTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: dan.garthwaite
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 12:04:37 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Bojan Smojver 2005-06-19 21:52:45 EDT
Description of problem:
On an attempt to join AD domain (see below), glibc caught krb5 calling free()
with an invalid pointer.


Version-Release number of selected component (if applicable):
1.4-3


How reproducible:
Sometimes.


Steps to Reproduce:
1. Attempt to join and AD domain (see below).

  
Additional info:
This is what happens:
-----------------------------------------
[root@bspc samba]# net ads join -U the_admin_account
builde's password: 
[2005/06/20 11:34:12, 0] libads/ldap.c:ads_add_machine_acct(1512)
  Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- SOMEDOMAIN
Joined 'BSPC' to realm 'SOMEDOMAIN.SOME.WHERE'
*** glibc detected *** net: free(): invalid pointer: 0x00002aaaab2a8580 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2aaaab99694e]
/lib64/libc.so.6(__libc_free+0x6e)[0x2aaaab996e7e]
/lib64/libcom_err.so.2(remove_error_table+0x43)[0x2aaaab4d0db6]
/usr/lib64/libkrb5.so.3[0x2aaaab14bd66]
/usr/lib64/libkrb5.so.3[0x2aaaab14bb72]
======= Memory map: ========
2aaaaaaab000-2aaaaaac5000 r-xp 00000000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaaac5000-2aaaaaac6000 rw-p 2aaaaaac5000 00:00 0 
2aaaaaae5000-2aaaaaae6000 rw-p 2aaaaaae5000 00:00 0 
2aaaaabc4000-2aaaaabc5000 r--p 00019000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaabc5000-2aaaaabc6000 rw-p 0001a000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaabc6000-2aaaaabcb000 r-xp 00000000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaabcb000-2aaaaacca000 ---p 00005000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaacca000-2aaaaaccb000 r--p 00004000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaaccb000-2aaaaaccc000 rw-p 00005000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaaccc000-2aaaaacfa000 rw-p 2aaaaaccc000 00:00 0 
2aaaaacfa000-2aaaaad0e000 r-xp 00000000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaad0e000-2aaaaae0d000 ---p 00014000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0d000-2aaaaae0e000 r--p 00013000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0e000-2aaaaae0f000 rw-p 00014000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0f000-2aaaaae11000 rw-p 2aaaaae0f000 00:00 0 
2aaaaae11000-2aaaaae13000 r-xp 00000000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaae13000-2aaaaaf13000 ---p 00002000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf13000-2aaaaaf14000 r--p 00002000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf14000-2aaaaaf15000 rw-p 00003000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf15000-2aaaaaf16000 rw-p 2aaaaaf15000 00:00 0 
2aaaaaf16000-2aaaaaf1d000 r-xp 00000000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaaaf1d000-2aaaab01d000 ---p 00007000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaab01d000-2aaaab01e000 rw-p 00007000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaab01e000-2aaaab034000 r-xp 00000000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab034000-2aaaab133000 ---p 00016000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab133000-2aaaab135000 rw-p 00015000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab135000-2aaaab1a5000 r-xp 00000000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab1a5000-2aaaab2a4000 ---p 00070000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab2a4000-2aaaab2a9000 rw-p 0006f000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab2a9000-2aaaab2aa000 rw-p 2aaaab2a9000 00:00 0 
2aaaab2aa000-2aaaab2cc000 r-xp 00000000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab2cc000-2aaaab3cb000 ---p 00022000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab3cb000-2aaaab3cd000 rw-p 00021000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab3cd000-2aaaab3cf000 r-xp 00000000 fd:00 1421931                    /usr/li
-----------------------------------------

Maybe Kerberos bug 3087?
Comment 1 Bojan Smojver 2005-06-19 21:54:17 EDT
The Kerberos ticket is actually here:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=3087
Comment 2 Dan Garthwaite 2005-06-22 15:46:55 EDT
Ditto here on a x86 32bit install.
Comment 3 Christian Iseli 2007-01-22 05:43:05 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 4 Bojan Smojver 2007-01-22 16:53:41 EST
Hmm, the ticket was never closed upstream... I can give it a try again, but it's
going to be in a completely different environment, as I don't have access to the
computers where this occurred any more.
Comment 5 Nalin Dahyabhai 2007-11-07 12:04:37 EST
This should have been fixed by updating e2fsprogs to version 1.38, which avoided
crashes due to earlier versions of e2fsprogs libcom_err not conforming to
expectations of krb5 1.4 and later.  Closing as next-release because FC5
incorporated these versions (the e2fsprogs update was also released for FC4).