Bug 699552 - certmonger crash : triggered by "ipa-getcert start-tracking"
Summary: certmonger crash : triggered by "ipa-getcert start-tracking"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: certmonger
Version: 6.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-25 23:03 UTC by Yi Zhang
Modified: 2011-12-06 17:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 17:37:41 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1708 0 normal SHIPPED_LIVE certmonger bug fix update 2011-12-06 01:02:28 UTC

Description Yi Zhang 2011-04-25 23:03:39 UTC 
Description of problem: please check the debug information below:

[i386.b root@dhcp-119 ~] gdb ipa-getcert
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-48.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/ipa-getcert...Reading symbols from /usr/lib/debug/usr/bin/ipa-getcert.debug...done.
done.
(gdb) set args start-tracking -d /etc/pki/nssdb -n PrepCertReq-start_tracking_1019-6892 -t "NSS Certificate DB" -I start_tracking_101
(gdb) run
Starting program: /usr/bin/ipa-getcert start-tracking -d /etc/pki/nssdb -n PrepCertReq-start_tracking_1019-6892 -t "NSS Certificate DB" -I start_tracking_101
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:40
40		cmpb	(%edx), %al
(gdb) bt
#0  __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:40
#1  0x0804b4ea in find_request_by_storage (parent=0x8057068, bus=cm_tdbus_system, dbdir=0x8057788 "/etc/pki/nssdb", nickname=0x8057828 "PrepCertReq-start_tracking_1019-6892", token=0x8057888 "NSS Certificate DB", certfile=0x0, 
    verbose=0) at getcert.c:852
#2  0x0804cbfe in set_tracking (argv0=0xbffff866 "ipa-getcert", category=0x8052458 "start-tracking", argc=<value optimized out>, argv=0xbffff708, track=1) at getcert.c:1239
#3  0x08049b64 in main (argc=10, argv=0xbffff704) at getcert.c:2311


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
I have been running a lot of cert request, start-tracking test before i hit this error. I am not sure what other information i should provide here. but i will reserve the system as it is and developer can login
system: dhcp-119.sjc.redhat.com
root password: you know it
Comment 3 RHEL Program Management 2011-04-26 06:00:12 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 8 Yi Zhang 2011-08-15 18:52:15 UTC 
I can not reproduce it now. It might have been fixed. I have run same command and it works fine now. 

the below is my test

[i386.c root@dhcp-120 /iparhts/acceptance/ipa-cert] /usr/bin/ipa-getcert start-tracking -d /etc/pki/nssdb -n PrepCertReq-start_tracking_1019-6892 -t "NSS Certificate DB" -I start_tracking_101_again

Request "start_tracking_101_again" modified.

error msg in /var/log/messages:

 Aug 15 11:49:02 dhcp-120 certmonger: Unable to determine principal name for signing request.


build used to verify this bug:

[i386.c root@dhcp-120 /iparhts/acceptance/ipa-cert] rpm -qa | grep ipa-server
ipa-server-2.0.99-12.20110815T1640zgit0fcc752.el6.i686
ipa-server-selinux-2.0.99-12.20110815T1640zgit0fcc752.el6.i686
[i386.c root@dhcp-120 /iparhts/acceptance/ipa-cert] rpm -qi ipa-server-2.0.99-12.20110815T1640zgit0fcc752.el6.i686
Name        : ipa-server                   Relocations: (not relocatable)
Version     : 2.0.99                            Vendor: (none)
Release     : 12.20110815T1640zgit0fcc752.el6   Build Date: Mon 15 Aug 2011 09:50:44 AM PDT
Install Date: Mon 15 Aug 2011 11:35:00 AM PDT      Build Host: goofy-vm16.dsdev.sjc.redhat.com
Group       : System Environment/Base       Source RPM: ipa-2.0.99-12.20110815T1640zgit0fcc752.el6.src.rpm
Size        : 3276846                          License: GPLv3+
Signature   : (none)
URL         : http://www.freeipa.org/
Summary     : The IPA authentication server
Description :
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).


Mark this bug as verified.
Comment 9 Nalin Dahyabhai 2011-10-24 22:39:49 UTC 
Shouldn't this be closed->insufficient-data or closed->worksforme?
Comment 10 errata-xmlrpc 2011-12-06 17:37:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1708.html
Note You need to log in before you can comment on or make changes to this bug.