Bug 34355 - [qa0319, fig2dev] Core dump when using LDAP auth
[qa0319, fig2dev] Core dump when using LDAP auth
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: transfig (Show other bugs)
7.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Ngo Than
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-02 11:44 EDT by Enrico Scholz
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-02 11:44:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Enrico Scholz 2001-04-02 11:44:34 EDT
When using:

1. LDAP authentication *with* TLS and
2. *not* running nscd

fig2dev dumps core:

$ fig2dev -L eps test.xfig ttbuild_SYS_str_reasons
*** Segmentation fault

This happens because fig2dev defines it's own strerror() function which
access glibc's str_errlist directly. strerror() gets called by OpenSSL's
build_SYS_str_reasons() function with values till127, but  errors >125 are
undefined in str_errlist. So an undefined value will be given to a
strncpy() which dumps core then.

I suggest to add a 'NEED_STRERROR=' to the make-directives in
transfig.spec.



--------------
Core dump:
#0  strncpy (s1=0x4028bca0 "", s2=0x4c <Address 0x4c out of bounds>, n=32)
    at ../sysdeps/generic/strncpy.c:41
#1  0x40219ec4 in build_SYS_str_reasons () at eval.c:41
#2  0x4021a025 in ERR_load_ERR_strings () at eval.c:41
#3  0x4021a0d9 in ERR_load_strings () at eval.c:41
#4  0x40222269 in ERR_load_ASN1_strings () at eval.c:41
#5  0x4021ada0 in ERR_load_crypto_strings () at eval.c:41
#6  0x401f530b in SSL_load_error_strings () at eval.c:41
#7  0x401d1822 in ldap_pvt_tls_init () at eval.c:41
#8  0x401d2a1f in ldap_pvt_tls_start () at eval.c:41
#9  0x401d2dcf in ldap_start_tls_s () at eval.c:41
#10 0x401bdbbc in do_open () at ldap-nss.c:801
#11 0x401be8ce in _nss_ldap_search (args=0xbfffeca8, 
    filterprot=0x4025e740 "(&(objectclass=posixAccount)(uidNumber=%d))",
sel=LM_PASSWD, sizelimit=1, 
    msgid=0xbfffec54) at ldap-nss.c:1664
#12 0x401beb3a in _nss_ldap_getbyname (args=0xbfffeca8, result=0x401940ec,
buffer=0x80974c0 "pvm", 
    buflen=1024, errnop=0x40192a60, 
    filterprot=0x4025e740 "(&(objectclass=posixAccount)(uidNumber=%d))",
sel=LM_PASSWD, 
    parser=0x401bf124 <_nss_ldap_parse_pw>) at ldap-nss.c:1807
#13 0x401bf531 in _nss_ldap_getpwuid_r (uid=1076411552, result=0x401940ec,
buffer=0x80974c0 "pvm", 
    buflen=76, errnop=0x4028bc9f) at ldap-pwd.c:226
#14 0x40121a7e in __getpwuid_r (uid=1000, resbuf=0x401940ec,
buffer=0x80974c0 "pvm", buflen=1024, 
    result=0xbfffed40) at ../nss/getXXbyYY_r.c:200
#15 0x4012144b in getpwuid (uid=1000) at ../nss/getXXbyYY.c:131
#16 0x08067c3d in strerror () at eval.c:41
#17 0x0804a2ef in strcpy () at ../sysdeps/generic/strcpy.c:31
#18 0x08049c3e in strcpy () at ../sysdeps/generic/strcpy.c:31
#19 0x40084147 in __libc_start_main (main=0x8049b30 <strcpy+1144>, argc=5,
ubp_av=0xbffff7cc, 
    init=0x80491d0 <_init>, fini=0x80774fc <_fini>, rtld_fini=0x4000e164
<_dl_fini>, 
    stack_end=0xbffff7c4) at ../sysdeps/generic/libc-start.c:129
Comment 1 Ngo Than 2001-04-13 15:07:13 EDT
It's fixed in transfig-3.2.3c-3.

Note You need to log in before you can comment on or make changes to this bug.