34355 – [qa0319, fig2dev] Core dump when using LDAP auth

Bug 34355 - [qa0319, fig2dev] Core dump when using LDAP auth

Summary: [qa0319, fig2dev] Core dump when using LDAP auth

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	transfig
Sub Component:
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-04-02 15:44 UTC by Enrico Scholz
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-04-02 15:44:38 UTC
Embargoed:

Attachments	(Terms of Use)

Description Enrico Scholz 2001-04-02 15:44:34 UTC

When using:

1. LDAP authentication *with* TLS and
2. *not* running nscd

fig2dev dumps core:

$ fig2dev -L eps test.xfig ttbuild_SYS_str_reasons
*** Segmentation fault

This happens because fig2dev defines it's own strerror() function which
access glibc's str_errlist directly. strerror() gets called by OpenSSL's
build_SYS_str_reasons() function with values till127, but  errors >125 are
undefined in str_errlist. So an undefined value will be given to a
strncpy() which dumps core then.

I suggest to add a 'NEED_STRERROR=' to the make-directives in
transfig.spec.



--------------
Core dump:
#0  strncpy (s1=0x4028bca0 "", s2=0x4c <Address 0x4c out of bounds>, n=32)
    at ../sysdeps/generic/strncpy.c:41
#1  0x40219ec4 in build_SYS_str_reasons () at eval.c:41
#2  0x4021a025 in ERR_load_ERR_strings () at eval.c:41
#3  0x4021a0d9 in ERR_load_strings () at eval.c:41
#4  0x40222269 in ERR_load_ASN1_strings () at eval.c:41
#5  0x4021ada0 in ERR_load_crypto_strings () at eval.c:41
#6  0x401f530b in SSL_load_error_strings () at eval.c:41
#7  0x401d1822 in ldap_pvt_tls_init () at eval.c:41
#8  0x401d2a1f in ldap_pvt_tls_start () at eval.c:41
#9  0x401d2dcf in ldap_start_tls_s () at eval.c:41
#10 0x401bdbbc in do_open () at ldap-nss.c:801
#11 0x401be8ce in _nss_ldap_search (args=0xbfffeca8, 
    filterprot=0x4025e740 "(&(objectclass=posixAccount)(uidNumber=%d))",
sel=LM_PASSWD, sizelimit=1, 
    msgid=0xbfffec54) at ldap-nss.c:1664
#12 0x401beb3a in _nss_ldap_getbyname (args=0xbfffeca8, result=0x401940ec,
buffer=0x80974c0 "pvm", 
    buflen=1024, errnop=0x40192a60, 
    filterprot=0x4025e740 "(&(objectclass=posixAccount)(uidNumber=%d))",
sel=LM_PASSWD, 
    parser=0x401bf124 <_nss_ldap_parse_pw>) at ldap-nss.c:1807
#13 0x401bf531 in _nss_ldap_getpwuid_r (uid=1076411552, result=0x401940ec,
buffer=0x80974c0 "pvm", 
    buflen=76, errnop=0x4028bc9f) at ldap-pwd.c:226
#14 0x40121a7e in __getpwuid_r (uid=1000, resbuf=0x401940ec,
buffer=0x80974c0 "pvm", buflen=1024, 
    result=0xbfffed40) at ../nss/getXXbyYY_r.c:200
#15 0x4012144b in getpwuid (uid=1000) at ../nss/getXXbyYY.c:131
#16 0x08067c3d in strerror () at eval.c:41
#17 0x0804a2ef in strcpy () at ../sysdeps/generic/strcpy.c:31
#18 0x08049c3e in strcpy () at ../sysdeps/generic/strcpy.c:31
#19 0x40084147 in __libc_start_main (main=0x8049b30 <strcpy+1144>, argc=5,
ubp_av=0xbffff7cc, 
    init=0x80491d0 <_init>, fini=0x80774fc <_fini>, rtld_fini=0x4000e164
<_dl_fini>, 
    stack_end=0xbffff7c4) at ../sysdeps/generic/libc-start.c:129

Comment 1 Ngo Than 2001-04-13 19:07:13 UTC

It's fixed in transfig-3.2.3c-3.

Note You need to log in before you can comment on or make changes to this bug.