Bug 446844 - in.authd gives strange response, segfaults
in.authd gives strange response, segfaults
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: authd (Show other bugs)
x86_64 Linux
low Severity high
: rc
: ---
Assigned To: Roman Rakus
Depends On:
  Show dependency treegraph
Reported: 2008-05-16 09:03 EDT by Tor Ake Fransson
Modified: 2014-01-12 19:07 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-22 08:52:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Corrected va_{start, end} calls (790 bytes, patch)
2008-05-21 09:27 EDT, Roman Rakus
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0442 normal SHIPPED_LIVE authd bug fix update 2009-04-22 08:51:57 EDT

  None (edit)
Description Tor Ake Fransson 2008-05-16 09:03:18 EDT
Description of problem:
in.authd gives strange response, segfaults

Version-Release number of selected component (if applicable):

How reproducible:
Erronous response intermittent, segfaults when enabling debug

Steps to Reproduce (segfault):
1. Configure xinetd auth service as per default, but change -E to -l0x0 and add
the -d (debug flag)
2. Reload xinetd
3. From another machine, printf "42402,5433"|nc server 113
Actual results:
kernel: in.authd[9790]: segfault at 0000000000001538 rip 0000003f04c
76170 rsp 00007fff30cc2478 error 4 in /var/log/messages

Expected results:
42402 , 5433 : ERROR :NO-USER

Additional info:
When using postgres (8.2.6) identd authentication, the following sporadically
appears in pg_log:
CESTLOG:  invalidly formatted response from Ident server: "49795 , 
5432 : ERROR :trans

"trans" is the user trying to connect, and if in.authd finds the port pair and
the user, the response should be "49795 , 5432 : USERID : Linux :trans", but an
eror flag is set somewhere inside authd.c.
Comment 1 Roman Rakus 2008-05-21 09:26:24 EDT
Bad work with valist. va_start and va_end must be called twice.
Comment 2 Roman Rakus 2008-05-21 09:27:34 EDT
Created attachment 306246 [details]
Corrected va_{start, end} calls
Comment 3 Tor Ake Fransson 2008-06-11 08:09:05 EDT
After replacing authd with gidentd it is apparent that the latter case when
authd responds "port,port : ERROR :user" (found a valid user but error flag is
set) is due to a corner case when get_info first fails at authd.c:894, setting
the out.error flag (and putting error information in out.s) and then succeeds in
one of the retries, replacing the out.s error message with the username but not
clearing out.error.

There are several places in get_info() where setting out->error is done without
logging a warning, so there is currently no way of knowing what actually went
wrong, as out.s is overwritten.
Comment 4 RHEL Product and Program Management 2008-07-21 19:02:34 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 7 Roman Rakus 2009-03-31 07:32:33 EDT
Fixed in authd-1.4.3-10
Comment 11 errata-xmlrpc 2009-04-22 08:52:04 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.