Bug 161030 - krb5: free() invalid pointed detected by glibc
Summary: krb5: free() invalid pointed detected by glibc
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-20 01:52 UTC by Bojan Smojver
Modified: 2008-08-02 23:40 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-07 17:04:37 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bojan Smojver 2005-06-20 01:52:45 UTC 
Description of problem:
On an attempt to join AD domain (see below), glibc caught krb5 calling free()
with an invalid pointer.


Version-Release number of selected component (if applicable):
1.4-3


How reproducible:
Sometimes.


Steps to Reproduce:
1. Attempt to join and AD domain (see below).

  
Additional info:
This is what happens:
-----------------------------------------
[root@bspc samba]# net ads join -U the_admin_account
builde's password: 
[2005/06/20 11:34:12, 0] libads/ldap.c:ads_add_machine_acct(1512)
  Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- SOMEDOMAIN
Joined 'BSPC' to realm 'SOMEDOMAIN.SOME.WHERE'
*** glibc detected *** net: free(): invalid pointer: 0x00002aaaab2a8580 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2aaaab99694e]
/lib64/libc.so.6(__libc_free+0x6e)[0x2aaaab996e7e]
/lib64/libcom_err.so.2(remove_error_table+0x43)[0x2aaaab4d0db6]
/usr/lib64/libkrb5.so.3[0x2aaaab14bd66]
/usr/lib64/libkrb5.so.3[0x2aaaab14bb72]
======= Memory map: ========
2aaaaaaab000-2aaaaaac5000 r-xp 00000000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaaac5000-2aaaaaac6000 rw-p 2aaaaaac5000 00:00 0 
2aaaaaae5000-2aaaaaae6000 rw-p 2aaaaaae5000 00:00 0 
2aaaaabc4000-2aaaaabc5000 r--p 00019000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaabc5000-2aaaaabc6000 rw-p 0001a000 fd:00 590055                     /lib64/
ld-2.3.5.so
2aaaaabc6000-2aaaaabcb000 r-xp 00000000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaabcb000-2aaaaacca000 ---p 00005000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaacca000-2aaaaaccb000 r--p 00004000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaaccb000-2aaaaaccc000 rw-p 00005000 fd:00 590074                     /lib64/
libcrypt-2.3.5.so
2aaaaaccc000-2aaaaacfa000 rw-p 2aaaaaccc000 00:00 0 
2aaaaacfa000-2aaaaad0e000 r-xp 00000000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaad0e000-2aaaaae0d000 ---p 00014000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0d000-2aaaaae0e000 r--p 00013000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0e000-2aaaaae0f000 rw-p 00014000 fd:00 590067                     /lib64/
libnsl-2.3.5.so
2aaaaae0f000-2aaaaae11000 rw-p 2aaaaae0f000 00:00 0 
2aaaaae11000-2aaaaae13000 r-xp 00000000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaae13000-2aaaaaf13000 ---p 00002000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf13000-2aaaaaf14000 r--p 00002000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf14000-2aaaaaf15000 rw-p 00003000 fd:00 590058                     /lib64/
libdl-2.3.5.so
2aaaaaf15000-2aaaaaf16000 rw-p 2aaaaaf15000 00:00 0 
2aaaaaf16000-2aaaaaf1d000 r-xp 00000000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaaaf1d000-2aaaab01d000 ---p 00007000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaab01d000-2aaaab01e000 rw-p 00007000 fd:00 1420588                    /usr/li
b64/libpopt.so.0.0.0
2aaaab01e000-2aaaab034000 r-xp 00000000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab034000-2aaaab133000 ---p 00016000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab133000-2aaaab135000 rw-p 00015000 fd:00 1425320                    /usr/li
b64/libgssapi_krb5.so.2.2
2aaaab135000-2aaaab1a5000 r-xp 00000000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab1a5000-2aaaab2a4000 ---p 00070000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab2a4000-2aaaab2a9000 rw-p 0006f000 fd:00 1425319                    /usr/li
b64/libkrb5.so.3.2
2aaaab2a9000-2aaaab2aa000 rw-p 2aaaab2a9000 00:00 0 
2aaaab2aa000-2aaaab2cc000 r-xp 00000000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab2cc000-2aaaab3cb000 ---p 00022000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab3cb000-2aaaab3cd000 rw-p 00021000 fd:00 1425318                    /usr/li
b64/libk5crypto.so.3.0
2aaaab3cd000-2aaaab3cf000 r-xp 00000000 fd:00 1421931                    /usr/li
-----------------------------------------

Maybe Kerberos bug 3087?
Comment 1 Bojan Smojver 2005-06-20 01:54:17 UTC 
The Kerberos ticket is actually here:

http://krbdev.mit.edu/rt/Ticket/Display.html?id=3087
Comment 2 Dan Garthwaite 2005-06-22 19:46:55 UTC 
Ditto here on a x86 32bit install.
Comment 3 Christian Iseli 2007-01-22 10:43:05 UTC 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 4 Bojan Smojver 2007-01-22 21:53:41 UTC 
Hmm, the ticket was never closed upstream... I can give it a try again, but it's
going to be in a completely different environment, as I don't have access to the
computers where this occurred any more.
Comment 5 Nalin Dahyabhai 2007-11-07 17:04:37 UTC 
This should have been fixed by updating e2fsprogs to version 1.38, which avoided
crashes due to earlier versions of e2fsprogs libcom_err not conforming to
expectations of krb5 1.4 and later.  Closing as next-release because FC5
incorporated these versions (the e2fsprogs update was also released for FC4).
Note You need to log in before you can comment on or make changes to this bug.