1350146 – Segmentation fault happens when escd runs with a NULL display.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1350146 - Segmentation fault happens when escd runs with a NULL display.

Summary: Segmentation fault happens when escd runs with a NULL display.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	esc
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	6.9
Assignee:	Jack Magne
QA Contact:	Asha Akkiangady
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1269194 1358500 1365846
TreeView+	depends on / blocked

Reported:	2016-06-26 05:28 UTC by Flos Qi Guo
Modified:	2020-05-14 15:13 UTC (History)
CC List:	5 users (show)
Fixed In Version:	esc-1.1.0-28.el6
Doc Type:	No Doc Update
Doc Text:	I believe this is a problem that most users will not have known they were having in the first place. This fix will merely remove a problem the user is not aware of. Any explanation will probably be more trouble than it is worth to the user.
Clone Of:
Clones:	1358500 (view as bug list)
Environment:
Last Closed:	2017-03-21 11:39:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2395531	0	None	None	None	2016-08-31 02:42:42 UTC
Red Hat Product Errata	RHBA-2017:0767	0	normal	SHIPPED_LIVE	esc bug fix update	2017-03-21 12:47:38 UTC

Description Flos Qi Guo 2016-06-26 05:28:45 UTC

> Description of problem:
Segmentation fault happens when escd runs with a NULL display.

> Version-Release number of selected component (if applicable):
RHEL6: esc-1.1.0-26.el6
RHEL5: esc-1.1.0-14.el5_9.1
And maybe the upstream is also affected.

> How reproducible:
100%

> Steps to Reproduce:
I find a reliable reproducer as follows:

1. Install the latest esc package on RHEL(RHEL5 - esc-1.1.0-14.el5_9.1, RHEL6 - esc-1.1.0-26.el6)

2. Make sure there's no DISPLAY in your environment:

  $ echo $DISPLAY
  ==>NULL

3. Execute the 'escd' like this:

  $ /usr/lib64/esc-1.1.0/escd --key_Inserted="/usr/bin/esc" --on_Signal="/usr/bin/esc"

  At this time, a 'segfault' message will be reported in the /var/log/messages.

In order to get more information, we can enable the debug variables:

$ export NSPR_LOG_MODULES=all:5
$ export NSPR_LOG_FILE=/tmp/debug.log

From the /tmp/debug.log, we can see that escd fails to open display:
~~~
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Failed to initialize Crypto library! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Error initializing CoolKey System, this will result in problems recognizing Smart Cards! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Error Obtaining X Display! 
-489241072[acdda20]: [Thu Jun 23 15:43:15 2016] Daemon: Attempted XOpenDisplay: 0 
~~~

> Actual results:
escd causes a segfault.

> Expected results:
escd should exit without segfault.

> Additional info:
I believe the core dump file suggested an unreported bug which affects RHEL5, RHEL6 and maybe upstream. Take a look at the gdb output:

~~~
Core was generated by `./escd --key_Inserted="/usr/bin/esc" --on_Signal="/usr/bin/esc"'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  XNextEvent (dpy=0x0, event=0x7fffbe94e3e0) at NextEvent.c:47
#1  0x000000000040916d in main ()
(gdb) f 1
#1  0x000000000040916d in main ()
(gdb) l
42		register Display *dpy;
43		register XEvent *event;
44	{
45		register _XQEvent *qelt;
46		
47		LockDisplay(dpy);
48		
49		if (dpy->head == NULL)
50		    _XReadEvents(dpy);
51		qelt = dpy->head;
(gdb) f 0
#0  XNextEvent (dpy=0x0, event=0x7fffbe94e3e0) at NextEvent.c:47
47		LockDisplay(dpy);
(gdb) l
42		register Display *dpy;
43		register XEvent *event;
44	{
45		register _XQEvent *qelt;
46		
47		LockDisplay(dpy);
48		
49		if (dpy->head == NULL)
50		    _XReadEvents(dpy);
51		qelt = dpy->head;
(gdb) 
~~~

Relevant code:
** escd.cpp:
~~~
    display = XOpenDisplay(NULL);

    if(!display)
    {
        PR_LOG( escDLog, PR_LOG_ALWAYS, ("%s Daemon: Error Obtaining X Display! \n",GetTStamp(tBuff,56)));
    }

    PR_LOG( escDLog, PR_LOG_ALWAYS, ("%s Daemon: Attempted XOpenDisplay: %p \n",GetTStamp(tBuff,56),display)); 
    while ("looping forever") XNextEvent(display,&event); <<<----- HERE
~~~

If display is NULL, escd should quit rather than continue to pass the display to XNextEvent().

Comment 2 Jack Magne 2016-06-27 18:19:17 UTC

Thanks for the report.

Comment 6 Roshni 2016-11-21 20:35:31 UTC

[root@dhcp129-152 ~]# rpm -qi esc
Name        : esc                          Relocations: (not relocatable)
Version     : 1.1.0                             Vendor: Red Hat, Inc.
Release     : 28.el6                        Build Date: Wed 02 Nov 2016 05:08:06 PM EDT
Install Date: Mon 21 Nov 2016 03:29:57 PM EST      Build Host: x86-031.build.eng.bos.redhat.com
Group       : Applications/Internet         Source RPM: esc-1.1.0-28.el6.src.rpm
Size        : 1321296                          License: GPL+
Signature   : RSA/8, Wed 09 Nov 2016 12:48:32 PM EST, Key ID 938a80caf21541eb
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://directory.fedora.redhat.com/wiki/CoolKey
Summary     : Enterprise Security Client Smart Card Client
Description :
Enterprise Security Client allows the user to enroll and manage their


Verification steps as explained in comment 4. There were no seg fault messages in /var/log/messages. The following were seen in ESC logs

-1563986144[1f7da20]: Loaded library a.out (init)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: Initializing Daemon...
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: Nmber of args! 3
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[0]: /usr/lib64/esc-1.1.0/escd
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[1]: --key_Inserted=/usr/bin/esc
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Argv[2]: --on_Signal=/usr/bin/esc
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: keyInsertedCommand: /usr/bin/esc.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: got v1
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: got n1...
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Daemon: onSignalCommand: /usr/bin/esc.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeySetCallbacks: prompt (null)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeyRegisterListener: aListener 7ffd1f106b10
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] CoolKeyInit: appDir ./
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] NSSManager::NSSManager:
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] Initializing the NSS Crypto Library.
-1563986144[1f7da20]: Loaded library /usr/lib64/libfreeblpriv3.so (load lib)
-1563986144[1f7da20]: Loaded library /usr/lib64/libsoftokn3.so (load lib)
-1563986144[1f7da20]: /usr/lib64/libfreeblpriv3.so incr => 2 (find lib)
-1563986144[1f7da20]: Loaded library /usr/lib64/libnssdbm3.so (load lib)
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS:
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: db init failed try simple init.
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: tried NSS_NoDB_Init res 0 .
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: About to try SECMOD_AddNewModule :libcoolkeypk11.so
-1563986144[1f7da20]: [Mon Nov 21 15:31:24 2016] InitNSS: modSpec library="libcoolkeypk11.so" name="COOL Key Module" parameters="noAppletOK=yes" NSS="slotParams={0x00000002=[slotFlags='PublicCerts']}"

-1563986144[1f7da20]: Loaded library libcoolkeypk11.so (load lib)
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] InitNSS: Done SECMOD_LoadUserModule 1f9a260
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] SmartCardMonitoringThread::SmartCardMonitoringThread :
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] SmartCardMonitoringThread::Start :
-1563986144[1f7da20]: [Mon Nov 21 15:31:25 2016] Daemon: Error Obtaining X Display!

Comment 8 errata-xmlrpc 2017-03-21 11:39:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0767.html

Note You need to log in before you can comment on or make changes to this bug.