1562021 – authselect crashes on start when run with unknown locale

Bug 1562021 - authselect crashes on start when run with unknown locale

Summary: authselect crashes on start when run with unknown locale

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authselect
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Pavel Březina
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-03-29 11:51 UTC by Alexander Bokovoy
Modified:	2018-04-10 22:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:	authselect-0.4-1.fc28
Clone Of:
Environment:
Last Closed:	2018-04-10 22:58:37 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alexander Bokovoy 2018-03-29 11:51:50 UTC

# rpm -q authselect
authselect-0.3.2-1.fc28.x86_64


# strace -s 256 -f /usr/bin/authselect select sssd --force with-mkhomedir
execve("/usr/bin/authselect", ["/usr/bin/authselect", "select", "sssd", "--force", "with-mkhomedir"], 0x7ffc7803aef8 /* 26 vars */) = 0
brk(NULL)                               = 0x55ab9f1b4000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26365, ...}) = 0
mmap(NULL, 26365, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbecab5f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libauthselect.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\34\0\0\0\0\0\0@\0\0\0\0\0\0\0\240\321\0\0\0\0\0\0\0\0\0\0@\0008\0\10\0@\0\35\0\34\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\234\0\0\0\0\0\0\10\234\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0\300\253\0\0\0\0\0\0\300\253 \0\0\0\0\0\300\253 \0\0\0\0\0p\4\0\0\0\0\0\0\210\4\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\330\253\0\0\0\0\0\0\330\253 \0\0\0\0\0\330\253 \0\0\0\0\0\20\2\0\0\0\0\0\0\20\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0"..., 832) = 832
lseek(3, 39896, SEEK_SET)               = 39896
read(3, "\4\0\0\0 \0\0\0\5\0\0\0GNU\0\0\0\0\300\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\300\4\0\0\0\0\0\0\0\0\0\0\0", 48) = 48
fstat(3, {st_mode=S_IFREG|0755, st_size=55520, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbecab5d000
mmap(NULL, 2142280, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fbeca735000
mprotect(0x7fbeca73f000, 2097152, PROT_NONE) = 0
mmap(0x7fbeca93f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fbeca93f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340$\0\0\0\0\0\0@\0\0\0\0\0\0\0\330\320\0\0\0\0\0\0\0\0\0\0@\0008\0\10\0@\0\35\0\34\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0P\256\0\0\0\0\0\0P\256\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0\350\272\0\0\0\0\0\0\350\272 \0\0\0\0\0\350\272 \0\0\0\0\0008\7\0\0\0\0\0\0\210\7\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\0\273\0\0\0\0\0\0\0\273 \0\0\0\0\0\0\273 \0\0\0\0\0\20\2\0\0\0\0\0\0\20\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0"..., 832) = 832
lseek(3, 44576, SEEK_SET)               = 44576
read(3, "\4\0\0\0 \0\0\0\5\0\0\0GNU\0\0\0\0\300\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\300\4\0\0\0\0\0\0\0\0\0\0\0", 48) = 48
fstat(3, {st_mode=S_IFREG|0755, st_size=55320, ...}) = 0
mmap(NULL, 2146928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fbeca528000
mprotect(0x7fbeca533000, 2097152, PROT_NONE) = 0
mmap(0x7fbeca733000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7fbeca733000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3202\2\0\0\0\0\0@\0\0\0\0\0\0\0\340P \0\0\0\0\0\0\0\0\0@\0008\0\n\0@\0K\0J\0\6\0\0\0\5\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0000\2\0\0\0\0\0\0000\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\360\246\30\0\0\0\0\0\360\246\30\0\0\0\0\0\360\246\30\0\0\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\264K\33\0\0\0\0\0\264K\33\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0(V\33\0\0\0\0\0(V;\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2122656, ...}) = 0
mmap(NULL, 3926848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fbeca169000
mprotect(0x7fbeca31e000, 2097152, PROT_NONE) = 0
mmap(0x7fbeca51e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b5000) = 0x7fbeca51e000
mmap(0x7fbeca524000, 15168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fbeca524000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbecab5a000
arch_prctl(ARCH_SET_FS, 0x7fbecab5a740) = 0
mprotect(0x7fbeca51e000, 16384, PROT_READ) = 0
mprotect(0x7fbeca733000, 4096, PROT_READ) = 0
mprotect(0x7fbeca93f000, 4096, PROT_READ) = 0
mprotect(0x55ab9df8a000, 4096, PROT_READ) = 0
mprotect(0x7fbecab66000, 4096, PROT_READ) = 0
munmap(0x7fbecab5f000, 26365)           = 0
brk(NULL)                               = 0x55ab9f1b4000
brk(0x55ab9f1d5000)                     = 0x55ab9f1d5000
brk(NULL)                               = 0x55ab9f1d5000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=6398944, ...}) = 0
mmap(NULL, 6398944, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbec9b4e000
close(3)                                = 0
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2997, ...}) = 0
read(3, "# Locale name alias data base.\n# Copyright (C) 1996-2018 Free Software Foundation, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foun"..., 4096) = 2997
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/locale/fi_FI.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/fi_FI.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/fi_FI/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/fi.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/fi.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/fi/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)


Looking with ltrace, I see following:

# ltrace -s 1024 -f /usr/bin/authselect select sssd --force with-mkhomedir
[pid 21197] dcgettext(0, 0x56544e9f9369, 5, 0x7f9b0f7a1718)                                                          = 0x56544e9f9369
[pid 21197] dcgettext(0, 0x56544e9f937d, 5, 0)                                                                       = 0x56544e9f937d
[pid 21197] dcgettext(0, 0x56544e9f939a, 5, 0)                                                                       = 0x56544e9f939a
[pid 21197] dcgettext(0, 0x56544e9f96d8, 5, 0)                                                                       = 0x56544e9f96d8
[pid 21197] dcgettext(0, 0x56544e9f9708, 5, 0)                                                                       = 0x56544e9f9708
[pid 21197] dcgettext(0, 0x56544e9f9738, 5, 0)                                                                       = 0x56544e9f9738
[pid 21197] dcgettext(0, 0x56544e9f9768, 5, 0)                                                                       = 0x56544e9f9768
[pid 21197] dcgettext(0, 0x56544e9f9798, 5, 0)                                                                       = 0x56544e9f9798
[pid 21197] setlocale(LC_ALL, "")                                                                                    = nil
[pid 21197] dcgettext(0, 0x56544e9f93e5, 5, 0x56545009b010)                                                          = 0x56544e9f93e5
[pid 21197] __vasprintf_chk(0x7ffecda1f2c8, 1, 0x56544e9f93e5, 0x7ffecda1f2d0)                                       = 21
[pid 21197] --- SIGSEGV (Segmentation fault) ---
[pid 21197] +++ killed by SIGSEGV +++

The locale in question comes from my ssh client.

Comment 1 Alexander Bokovoy 2018-03-29 12:02:21 UTC

And it is trivially reproducible by running under locale you don't have
in the system
 LANG=foo_BAR.UTF-8 authselect select sssd --force with-mkhomedir

The reason of the crash is that authselect should not use localization
functions if it failed to initialize setlocale() -- ERROR() macro uses
dcgettext() which is not initialized yet.

Also, if setlocale(LC_ALL, "") returned NULL, you shouldn't exit with
error.

I think we had a similar issue with sssd/src/sss_client/ssh/sss_ssh_client.c in past,
though there it simply continued, https://fedorahosted.org/sssd/ticket/2785.
See 43e06ff39584570817949dc5de118d2b7ca854c1 in SSSD code how it was
fixed.

Comment 2 Pavel Březina 2018-03-29 12:24:05 UTC

Thank you. Fixed in:
https://github.com/pbrezina/authselect/commit/ffe2848633b6c7246d50eb457d93b446edbe478d

Comment 3 Fedora Update System 2018-04-09 10:51:00 UTC

authselect-0.4-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5f37ac141

Comment 4 Fedora Update System 2018-04-09 21:55:56 UTC

authselect-0.4-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5f37ac141

Comment 5 Fedora Update System 2018-04-10 22:58:37 UTC

authselect-0.4-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.