Bug 2020786

Summary: sssd_be 1.16.5-10.el7_9.10 crash in libc with null dom_name value in find_domain
Product: Red Hat Enterprise Linux 7 Reporter: Marc Sauton <msauton>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED DUPLICATE QA Contact: sssd-qe <sssd-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.9CC: aboscatt, atikhono, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, tscherf
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-02 14:27:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 3 Marc Sauton 2021-11-05 22:04:06 UTC 
Description of problem:

RHEL-7.9 sssd_be crash / segfault error 4 in libc, with null value dom_name in find_domain()

time stamp 2021-10-22 11:00:41

AD 2 way trust, with 62 DCs, 6 primary
AD ID and access provider
ad_gpo_acceldap_schema = rfc2307bis
use_fully_qualified_names = True
ss_control = disabled
ad_access_filter = xxeditedxx

nothing special for the timestamp except the crash report itself and shutdown, in the log files
sssd_edited.domain.log
ldap_child.log
sssd.log
sssd_nss.log
sssd_pam.log


Version-Release number of selected component (if applicable):

RHEL-7.9 on Amazon EC2 / t3.2xlarge
redhat-release-server-7.9-6.el7_9.x86_64
sssd-1.16.5-10.el7_9.10.x86_64


How reproducible:
N/A

Steps to Reproduce:
1. N/A
2.
3.


Actual results:

2021-10-22T11:00:41.771358+00:00 redacted.hostname kernel: sssd_be[7836]: segfault at 0 ip 00007fa6d7d6d3b5 sp 00007ffe0ab2d468 error 4 in libc-2.17.so[7fa6d7c26000+1c4000]


Expected results:
yes


Additional info:

Core was generated by `/usr/libexec/sssd/sssd_be --domain redacted.domain --uid 0 --gid 0 --logger=fi'.
Program terminated with signal 11, Segmentation fault.
#0  __strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:165
165             movdqu  (%rsi), %xmm2

Thread 1 (Thread 0x7f917a353880 (LWP 11171)):
#0  __strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:165
No locals.
#1  0x00007f916a148343 in find_domain (count=1, reply=<optimized out>, dom_name=0x0) at src/providers/ad/ad_subdomains.c:1403
        c = 0
        name = 0x55ff3de27bf0 "REDACTED.DOMAIN"
        ret = <optimized out>
        __FUNCTION__ = "find_domain"
#2  0x00007f916a14cf21 in ad_get_root_domain_done (subreq=0x0) at src/providers/ad/ad_subdomains.c:1431
...snip...


sssd.log
(2021-10-22 11:00:41): [sssd] [svc_child_info] (0x0040): Child [7836] ('edited.domain':'%BE_edited.domain') terminated with signal [11]


/var/log/sssd/sssd_edited.domain.log
...
(2021-10-22 11:00:41): [be[edited.domain]] [fo_discover_srv_done] (0x0400): Got 62 servers
(2021-10-22 11:00:41): [be[edited.domain]] [ad_srv_plugin_servers_done] (0x0400): Got 6 primary and 62 backup servers
...
(2021-10-22 11:00:41): [be[edited.domain]] [ad_domain_info_next_done] (0x0400): Found SID [S-1-5-21-2706447373-3929271640-2302363577].
...
(2021-10-22 11:00:41): [be[edited.domain]] [ad_get_root_domain_send] (0x0400): Looking up the forest root domain.
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [DC=edited,DC=edited,DC=edited]
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_print_server] (0x2000): Searching xx.xx.xx.xx:389
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*)))][DC=edited,DC=edited,DC=edited].
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_process_result] (0x2000): Trace: sh[0x55eb19fdb040], connected[1], ops[0x55eb1a04a780], ldap[0x55eb1a033960]
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://edited.hostname/CN=Configuration,DC=edited,DC=edited,DC=edited
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_process_result] (0x2000): Trace: sh[0x55eb19fdb040], connected[1], ops[0x55eb1a04a780], ldap[0x55eb1a033960]
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_op_destructor] (0x2000): Operation 8 finished
(2021-10-22 11:00:41): [be[edited.domain]] [generic_ext_search_handler] (0x4000): Request included referrals which were ignored.
(2021-10-22 11:00:41): [be[edited.domain]] [generic_ext_search_handler] (0x4000):     Ref: ldap://edited.hostname/CN=Configuration,DC=edited,DC=edited,DC=edited
(2021-10-22 11:00:41): [be[edited.domain]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [DC=edited,DC=edited,DC=edited]
(END)
Comment 13 Andre Boscatto 2021-12-02 14:27:09 UTC 

*** This bug has been marked as a duplicate of bug 2006866 ***
Comment 14 Red Hat Bugzilla 2023-09-15 01:17:02 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days