Bug 707145

Summary: [abrt] krb5-workstation-1.8.2-10.fc14: strcmp: Process /usr/bin/klist was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Sheldon Hearn <sheldonh>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: nalin
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:2718034b191bd43bb1d881776fdc6b6fa436f3d6
Fixed In Version: krb5-1.8.4-2.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-06 21:34:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
core dump of segfaulting klist -s
none
backtrace none

Description Sheldon Hearn 2011-05-24 08:20:36 UTC 
abrt version: 1.1.18
architecture: x86_64
Attached file: backtrace, 59856 bytes
cmdline: klist -s
component: krb5
Attached file: coredump, 548864 bytes
crash_function: strcmp
executable: /usr/bin/klist
kernel: 2.6.35.13-91.fc14.x86_64
package: krb5-workstation-1.8.2-10.fc14
rating: 4
reason: Process /usr/bin/klist was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1306223272
uid: 500

comment
-----
Note that klist without arguments works as expected:

$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: sheldonh/root

Valid starting     Expires            Service principal
05/23/11 09:35:37  05/24/11 09:35:32  krbtgt/HOST-H.NET
...

It's only klist -s that crashes.

How to reproduce
-----
1. kinit sheldonh/root
2. Wait for ticket to expire
3. klist -s
Comment 1 Sheldon Hearn 2011-05-24 08:20:40 UTC 
Created attachment 500559 [details]
File: backtrace
Comment 2 Nalin Dahyabhai 2011-05-24 15:45:10 UTC 
Do you have the core dump from this crash?  When I get a TGT for nalin/admin here, and wait for it to expire, I don't see a crash.  Based on the partial klist output you gave above, the strcmp() call should be comparing two non-empty, correctly terminated strings, so it really shouldn't be triggering a segfault there.  Additionally, just to rule out any variation, are you also using glibc-2.13-1.x86_64?
Comment 3 Sheldon Hearn 2011-05-25 07:47:21 UTC 
Thanks for your interest in this issue.

I installed some more debuginfo files, obtained a core file, and traced it.  I'll attach the compressed core file and the trace.

I've also confirmed that I'm using glibc-devel-2.13-1.x86_64.
Comment 4 Sheldon Hearn 2011-05-25 07:50:42 UTC 
Created attachment 500751 [details]
core dump of segfaulting klist -s
Comment 5 Sheldon Hearn 2011-05-25 07:51:33 UTC 
Created attachment 500753 [details]
backtrace
Comment 6 Nalin Dahyabhai 2011-05-25 20:54:56 UTC 
Ah, I see what's going on now.  The klist output was truncated at the interesting part: the crash is happening while examining credentials for "host/vcs.hetzner.co.za" with no realm name, which suggests that referrals were involved in getting the ticket for that server, and that's something that the KDC I usually use doesn't support yet.  With a one-off test KDC, it was pretty easy to reproduce.
Comment 7 Fedora Update System 2011-06-24 19:29:44 UTC 
krb5-1.8.4-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/krb5-1.8.4-2.fc14
Comment 8 Fedora Update System 2011-06-25 20:00:55 UTC 
Package krb5-1.8.4-2.fc14:
* should fix your issue,
* was pushed to the Fedora 14 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.8.4-2.fc14'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/krb5-1.8.4-2.fc14
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2011-07-06 21:34:20 UTC 
krb5-1.8.4-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.