Bug 1699331

Summary: gssproxy segmentation fault
Product: Red Hat Enterprise Linux 7 Reporter: Lukas Hejtmanek <xhejtman>
Component: gssproxyAssignee: Robbie Harwood <rharwood>
Status: CLOSED ERRATA QA Contact: anuja <amore>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.6CC: afarley, amore, fs-qe, ksiddiqu, m.roth, pcech, yoyang
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: https://pagure.io/gssproxy/pull-request/244
Whiteboard:
Fixed In Version: gssproxy-0.7.0-26.el7 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 12:39:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1700539, 1700541    
Bug Blocks:    
Attachments:
Description Flags
corefile none

Description Lukas Hejtmanek 2019-04-12 12:43:51 UTC 
Description of problem:
gssproxy segfaults very often like this:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f55ec470700 (LWP 110728)]
0x00007f55f5e57c30 in pthread_mutex_lock () from /lib64/libpthread.so.0
(gdb) where
#0  0x00007f55f5e57c30 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1  0x00007f55f609ec98 in gss_krb5int_set_allowable_enctypes () from /lib64/libgssapi_krb5.so.2
#2  0x00007f55f6087a6e in gss_set_cred_option () from /lib64/libgssapi_krb5.so.2
#3  0x00007f55f609c46b in gss_krb5_set_allowable_enctypes () from /lib64/libgssapi_krb5.so.2
#4  0x0000559f1bb46db5 in gp_import_gssx_cred ()
#5  0x0000559f1bb49ef6 in gp_init_sec_context ()
#6  0x0000559f1bb44a5a in gp_rpc_process_call ()
#7  0x0000559f1bb3c6ec in gp_worker_main ()
#8  0x00007f55f5e55dd5 in start_thread () from /lib64/libpthread.so.0
#9  0x00007f55f5b7eead in clone () from /lib64/libc.so.6
(gdb) 


Version-Release number of selected component (if applicable):
gssproxy-0.7.0-21.el7

How reproducible:
setup nfs client with kerberos authentication
Comment 2 Robbie Harwood 2019-04-12 16:18:52 UTC 
Would you be willing to provide a coredump, or output from running under valgrind with debug symbols?  Do you know if this problem also occurs for you in Fedora?
Comment 3 Lukas Hejtmanek 2019-04-14 10:23:17 UTC 
Created attachment 1555033 [details]
corefile
Comment 4 Lukas Hejtmanek 2019-04-14 10:30:37 UTC 
I do not have fedora, so I do not know whether it happens on fedora as well.
Comment 5 Lukas Hejtmanek 2019-04-15 13:45:34 UTC 
1. in gp_decrypt_buffer()
        krb5_c_decrypt() result may include padding bytes for some keytypes,
2. in gp_import_gssx_cred
        gss_import_cred() does not accept token with extraneous data attached,
        errors returned by gss_import_cred() are not handled, NULL pointer
        is passed to gp_set_cred_options(), resulting in segfault
FIX: encode plaintext length explicitely in gp_encrypt_buffer/gp_decrypt_buffer,
        handle gss_import_cred() failures
Comment 7 mark roth 2019-04-26 15:03:15 UTC 
Additional data: it appears that Lukas' is kerberized. Our NFS is not, but we use sssd, and we've been getting gssproxy SEGVs randomly for months (CentOS 7.6.1810, and I note that it's also SEGVing in libpthread.

Sample from /var/log/messages:
Apr 26 03:37:48 <server> kernel: gssproxy[37790]: segfault at 10 ip 00007f2fc66cec30 sp 00007f2fbc5d52b8 error 4 in libpthread-2.17.so[7f2fc66c5000+17000]
Apr 26 03:37:48 <server> systemd: gssproxy.service: main process exited, code=killed, status=11/SEGV
Apr 26 03:37:48 <server> systemd: Unit gssproxy.service entered failed state.
Apr 26 03:37:48 <server> systemd: gssproxy.service failed.
Comment 12 anuja 2019-06-27 05:54:54 UTC 
As it needs sanity only verification
Adding downstream bash/ipa-client-automount beaker job.
https://beaker.engineering.redhat.com/jobs/3631144
Comment 14 errata-xmlrpc 2019-08-06 12:39:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2050