Bug 454255 - squid_unix_group makes squid crashes when trying to authenticate
Summary: squid_unix_group makes squid crashes when trying to authenticate
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: squid
Version: 5.2
Hardware: All
OS: Linux
low
high
Target Milestone: rc
: ---
Assignee: Jiri Skala
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-07 09:40 UTC by Clement VERET
Modified: 2014-11-09 22:31 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-20 21:16:58 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Patch to correct check_group.c (603 bytes, patch)
2008-07-09 13:49 UTC, Clement VERET
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
CentOS 2956 0 None None None Never
Red Hat Product Errata RHBA-2009:0126 0 normal SHIPPED_LIVE squid bug fix update 2009-01-20 16:04:53 UTC

Description Clement VERET 2008-07-07 09:40:42 UTC
Description of problem:

Squid totally crashes when trying to filter access with squid_unix_group
components with messages : 
/var/log/messages : 
Jul  7 11:21:11 test-01 squid[5207]: Squid Parent: child process 5396 started
Jul  7 11:21:19 test-01 kernel: squid_unix_grou[5407]: segfault at
00000000000000bf rip 00002b7d586c04a5 rsp 00007fff5321bd60 error 4
Jul  7 11:21:19 test-01 kernel: squid_unix_grou[5408]: segfault at
00000000000000bf rip 00002afb757fe4a5 rsp 00007fff360dbc20 error 4
Jul  7 11:21:20 test-01 kernel: squid_unix_grou[5409]: segfault at
00000000000000bf rip 00002b0781eb74a5 rsp 00007fff29a25570 error 4
Jul  7 11:21:20 test-01 squid[5207]: Squid Parent: child process 5396 exited due
to signal 6
Jul  7 11:21:23 test-01 squid[5207]: Squid Parent: child process 5431 started
Jul  7 11:21:31 test-01 kernel: squid_unix_grou[5443]: segfault at
00000000000000bf rip 00002abf60e624a5 rsp 00007fff4aa785c0 error 4
Jul  7 11:21:31 test-01 kernel: squid_unix_grou[5444]: segfault at
00000000000000bf rip 00002b9a0770d4a5 rsp 00007fffa41ccd10 error 4
Jul  7 11:21:31 test-01 (squid): The unix_group helpers are crashing too
rapidly, need help!
Jul  7 11:21:31 test-01 squid[5207]: Squid Parent: child process 5431 exited due
to signal 6
Jul  7 11:21:31 test-01 squid[5207]: Exiting due to repeated, frequent failures


Version-Release number of selected component (if applicable):
Bug available since kernel 2.6.18-92 (works fine before that)
Squid version : Version 2.6.STABLE6

How reproducible:
Just make squid_unix_group authentication available through : 
/etc/squid/squid.conf:
external_acl_type unix_group %LOGIN /usr/lib64/squid/squid_unix_group
acl AccessInternet external unix_group MyInternetAccessGroup

Additional info:
Starts to crash after updating kernel from 2.6.18-53 to 2.6.18-92

Comment 1 Clement VERET 2008-07-09 06:48:31 UTC
I just tried to downgrade the kernel to version 2.6.18-53 but this doesn't solve
the problem...

Comment 2 Clement VERET 2008-07-09 13:49:36 UTC
Created attachment 311377 [details]
Patch to correct check_group.c

Comment 3 Clement VERET 2008-07-09 13:50:47 UTC
I found the problem in the check_group.c file from external_acl of squid : a
value was not initialized correctly, here is a patch that correct this.

Comment 4 RHEL Program Management 2008-07-17 09:00:12 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 errata-xmlrpc 2009-01-20 21:16:58 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0126.html


Note You need to log in before you can comment on or make changes to this bug.