Bug 700828

Summary: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: benl, grajaiya, jgalipea, jhrozek, kbanerje, prc
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.5.1-46.el6 Doc Type: Bug Fix
Doc Text:
Cause: when the ldap_uri parameter was misconfigured so that the hostname part was missing, SSSD stored NULL in the pointer where the hostname was saved and used it later on for establishing connection Consequence: SSSD accessed the NULL pointer and crashed Fix: The URI parsing function was changed so it aborts when it cannot parse a valid hostname from the specified URI Result: SSSD reports an error and does not crash when an invalid ldap_uri is used in the config file
 Story Points: ---
Clone Of:
: 748836 (view as bug list) Environment:
Last Closed: 2011-12-06 16:38:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 748836    

Description Gowrishankar Rajaiyan 2011-04-29 14:12:31 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-30.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd.conf with missing server in ldap_uri. See Additional info.
2. restart sssd
3.
  
Actual results: Crash detected.
[root@rhel6-1 ~]# abrt-cli -l
0.
	UID        : 0
	UUID       : ef9dd11b67263e46b3d5155cd1933fd0bc54818e
	Package    : sssd-1.5.1-30.el6
	Executable : /usr/libexec/sssd/sssd_be
	Crash Time : Fri 29 Apr 2011 07:08:28 PM IST
	Crash Count: 3
	Hostname   : rhel6-1.gsr.pnq.redhat.com
[root@rhel6-1 ~]# abrt-cli -i 0:ef9dd11b67263e46b3d5155cd1933fd0bc54818e
>> Generating backtrace
Crash ID:           0:ef9dd11b67263e46b3d5155cd1933fd0bc54818e
Last crash:         Fri 29 Apr 2011 07:06:14 PM IST
Analyzer:           CCpp
Component:          sssd
Package:            sssd-1.5.1-30.el6
Command:            /usr/libexec/sssd/sssd_be -d 9 --debug-to-files --domain default
Executable:         /usr/libexec/sssd/sssd_be
System:             Red Hat Enterprise Linux Server release 6.1 Beta (Santiago), kernel 2.6.32-131.0.5.el6.x86_64
Reason:             Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
Coredump file:      /var/spool/abrt/ccpp-1304084174-5516/coredump
Rating:             4
Crash function:     be_resolve_server_done
Hostname:           rhel6-1.gsr.pnq.redhat.com


[root@rhel6-1 ~]# gdb --core=/var/spool/abrt/ccpp-1304084174-5516/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 5516]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/a2/66c88911a3f35a81f651ae3d2df6a78ad1f583
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdbus-1.so.3
Reading symbols from /lib64/librt-2.12.so...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/librt-2.12.so
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/liblber-2.4.so.2
Reading symbols from /lib64/libldap-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libldap-2.4.so.2
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[Thread debugging using libthread_db enabled]
done.
Loaded symbols for /lib64/libpthread-2.12.so
Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl-2.12.so
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc-2.12.so
Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1.0.0
Reading symbols from /lib64/libcrypt-2.12.so...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libcrypt-2.12.so
Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-2.12.so
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv-2.12.so...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv-2.12.so
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ldap.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ldap.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ldap.so.1.0.0
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files-2.12.so
Core was generated by `/usr/libexec/sssd/sssd_be -d 9 --debug-to-files --domain default'.
Program terminated with signal 11, Segmentation fault.
#0  be_resolve_server_done (subreq=0x0) at src/providers/data_provider_fo.c:459
459	        inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],

Thread 1 (Thread 0x7f82cd975700 (LWP 5516)):
#0  be_resolve_server_done (subreq=0x0) at src/providers/data_provider_fo.c:459
        srvaddr = 0x0
        ipaddr = "\000\000\000\000\000\000\000\000`*\020\002\000\000\000\000\027gh&#450;\177\000\000\v\000\000\000\000\000\000\000\372\277\272M\000\000\000\000*<\002\000\000\000\000\000P$\016\002\000\000\000\000Pm\240\024\063\000\000\000\060N\020\002\000\000\000\000\v\000\000\000\000\000\000\000\020*\020\002\000\000\000\000\234j\240\024\063\000\000\000H}C\000\000\000\000\000`*\020\002", '\000' <repeats 12 times>, "0\033\340\026\063\000\000"
        req = 0x2104c00
        state = 0x2105850
        callback = <value optimized out>
        ret = 0
        srv_status_change = <value optimized out>
        __FUNCTION__ = "be_resolve_server_done"
#1  0x0000003314a03707 in tevent_common_loop_immediate (ev=0x20e2450) at tevent_immediate.c:135
        im = 0x2104e30
        handler = 0x3314a046d0 <tevent_req_trigger>
        private_data = 0x2104d70
#2  0x0000003314a0530a in std_event_loop_once (ev=0x20e2450, location=<value optimized out>) at tevent_standard.c:532
        std_ev = 0x20e2510
        tval = {tv_sec = 0, tv_usec = 0}
#3  0x0000003314a026d0 in _tevent_loop_once (ev=0x20e2450, location=0x43f835 "src/util/server.c:526") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#4  0x0000003314a0273b in tevent_common_loop_wait (ev=0x20e2450, location=0x43f835 "src/util/server.c:526") at tevent.c:591
        ret = <value optimized out>
#5  0x00000000004320b1 in server_loop (main_ctx=0x20e35c0) at src/util/server.c:526
No locals.
#6  0x000000000040e97b in main (argc=6, argv=<value optimized out>) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x20e1490 "default"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x20e35c0
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x645d00, val = 0, descrip = 0x4370d2 "Help options:", argDescrip = 0x0}, {
            longName = 0x4370e0 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x645de0, val = 0, descrip = 0x4370b1 "Debug level", argDescrip = 0x0}, {
            longName = 0x4370ec "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x645de4, val = 0, 
            descrip = 0x437d48 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x4370fb "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, arg = 0x645cc0, val = 0, descrip = 0x4370bd "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x4386b8 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffca231d98, val = 0, 
            descrip = 0x437d80 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, 
            val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"
[root@rhel6-1 ~]#

Expected results:
SSSD should not crash in any case.

Additional info:
sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
debug_level = 9

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9

[pam]
reconnection_retries = 3

[domain/default]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc

cache_credentials = true
enumerate = true
debug_level = 9
Comment 2 RHEL Program Management 2011-04-30 06:00:17 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Stephen Gallagher 2011-07-01 12:40:18 UTC 
Upstream ticket: https://fedorahosted.org/sssd/ticket/911
Comment 7 Kaushik Banerjee 2011-09-07 17:12:51 UTC 
Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el6                        Build Date: Mon 29 Aug 2011 08:26:38 PM IST
Install Date: Wed 31 Aug 2011 07:01:44 AM IST      Build Host: x86-010.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el6.src.rpm
Size        : 3549339                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 8 Jakub Hrozek 2011-10-26 16:17:17 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: when the ldap_uri parameter was misconfigured so that the hostname part was missing, SSSD stored NULL in the pointer where the hostname was saved and used it later on for establishing connection
Consequence: SSSD accessed the NULL pointer and crashed
Fix: The URI parsing function was changed so it aborts when it cannot parse a valid hostname from the specified URI
Result: SSSD reports an error and does not crash when an invalid ldap_uri is used in the config file
Comment 9 errata-xmlrpc 2011-12-06 16:38:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html