700828 – Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured.

Summary: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	748836
TreeView+	depends on / blocked

Reported:	2011-04-29 14:12 UTC by Gowrishankar Rajaiyan
Modified:	2020-05-02 16:21 UTC (History)
CC List:	6 users (show)
Fixed In Version:	sssd-1.5.1-46.el6
Doc Type:	Bug Fix
Doc Text:	Cause: when the ldap_uri parameter was misconfigured so that the hostname part was missing, SSSD stored NULL in the pointer where the hostname was saved and used it later on for establishing connection Consequence: SSSD accessed the NULL pointer and crashed Fix: The URI parsing function was changed so it aborts when it cannot parse a valid hostname from the specified URI Result: SSSD reports an error and does not crash when an invalid ldap_uri is used in the config file
Clone Of:
Clones:	748836 (view as bug list)
Environment:
Last Closed:	2011-12-06 16:38:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
FedoraHosted SSSD	911	None	None	None	Never
Github	SSSD sssd issues 1953	None	None	None	2020-05-02 16:21:13 UTC
Red Hat Product Errata	RHBA-2011:1529	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2011-12-06 00:50:20 UTC

Description Gowrishankar Rajaiyan 2011-04-29 14:12:31 UTC

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-30.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd.conf with missing server in ldap_uri. See Additional info.
2. restart sssd
3.
  
Actual results: Crash detected.
[root@rhel6-1 ~]# abrt-cli -l
0.
	UID        : 0
	UUID       : ef9dd11b67263e46b3d5155cd1933fd0bc54818e
	Package    : sssd-1.5.1-30.el6
	Executable : /usr/libexec/sssd/sssd_be
	Crash Time : Fri 29 Apr 2011 07:08:28 PM IST
	Crash Count: 3
	Hostname   : rhel6-1.gsr.pnq.redhat.com
[root@rhel6-1 ~]# abrt-cli -i 0:ef9dd11b67263e46b3d5155cd1933fd0bc54818e
>> Generating backtrace
Crash ID:           0:ef9dd11b67263e46b3d5155cd1933fd0bc54818e
Last crash:         Fri 29 Apr 2011 07:06:14 PM IST
Analyzer:           CCpp
Component:          sssd
Package:            sssd-1.5.1-30.el6
Command:            /usr/libexec/sssd/sssd_be -d 9 --debug-to-files --domain default
Executable:         /usr/libexec/sssd/sssd_be
System:             Red Hat Enterprise Linux Server release 6.1 Beta (Santiago), kernel 2.6.32-131.0.5.el6.x86_64
Reason:             Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
Coredump file:      /var/spool/abrt/ccpp-1304084174-5516/coredump
Rating:             4
Crash function:     be_resolve_server_done
Hostname:           rhel6-1.gsr.pnq.redhat.com


[root@rhel6-1 ~]# gdb --core=/var/spool/abrt/ccpp-1304084174-5516/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 5516]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/a2/66c88911a3f35a81f651ae3d2df6a78ad1f583
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdbus-1.so.3
Reading symbols from /lib64/librt-2.12.so...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/librt-2.12.so
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/liblber-2.4.so.2
Reading symbols from /lib64/libldap-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libldap-2.4.so.2
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[Thread debugging using libthread_db enabled]
done.
Loaded symbols for /lib64/libpthread-2.12.so
Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl-2.12.so
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc-2.12.so
Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1.0.0
Reading symbols from /lib64/libcrypt-2.12.so...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libcrypt-2.12.so
Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-2.12.so
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv-2.12.so...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv-2.12.so
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ldap.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ldap.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ldap.so.1.0.0
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files-2.12.so
Core was generated by `/usr/libexec/sssd/sssd_be -d 9 --debug-to-files --domain default'.
Program terminated with signal 11, Segmentation fault.
#0  be_resolve_server_done (subreq=0x0) at src/providers/data_provider_fo.c:459
459	        inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],

Thread 1 (Thread 0x7f82cd975700 (LWP 5516)):
#0  be_resolve_server_done (subreq=0x0) at src/providers/data_provider_fo.c:459
        srvaddr = 0x0
        ipaddr = "\000\000\000\000\000\000\000\000`*\020\002\000\000\000\000\027gh&#450;\177\000\000\v\000\000\000\000\000\000\000\372\277\272M\000\000\000\000*<\002\000\000\000\000\000P$\016\002\000\000\000\000Pm\240\024\063\000\000\000\060N\020\002\000\000\000\000\v\000\000\000\000\000\000\000\020*\020\002\000\000\000\000\234j\240\024\063\000\000\000H}C\000\000\000\000\000`*\020\002", '\000' <repeats 12 times>, "0\033\340\026\063\000\000"
        req = 0x2104c00
        state = 0x2105850
        callback = <value optimized out>
        ret = 0
        srv_status_change = <value optimized out>
        __FUNCTION__ = "be_resolve_server_done"
#1  0x0000003314a03707 in tevent_common_loop_immediate (ev=0x20e2450) at tevent_immediate.c:135
        im = 0x2104e30
        handler = 0x3314a046d0 <tevent_req_trigger>
        private_data = 0x2104d70
#2  0x0000003314a0530a in std_event_loop_once (ev=0x20e2450, location=<value optimized out>) at tevent_standard.c:532
        std_ev = 0x20e2510
        tval = {tv_sec = 0, tv_usec = 0}
#3  0x0000003314a026d0 in _tevent_loop_once (ev=0x20e2450, location=0x43f835 "src/util/server.c:526") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#4  0x0000003314a0273b in tevent_common_loop_wait (ev=0x20e2450, location=0x43f835 "src/util/server.c:526") at tevent.c:591
        ret = <value optimized out>
#5  0x00000000004320b1 in server_loop (main_ctx=0x20e35c0) at src/util/server.c:526
No locals.
#6  0x000000000040e97b in main (argc=6, argv=<value optimized out>) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x20e1490 "default"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x20e35c0
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x645d00, val = 0, descrip = 0x4370d2 "Help options:", argDescrip = 0x0}, {
            longName = 0x4370e0 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x645de0, val = 0, descrip = 0x4370b1 "Debug level", argDescrip = 0x0}, {
            longName = 0x4370ec "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x645de4, val = 0, 
            descrip = 0x437d48 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x4370fb "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, arg = 0x645cc0, val = 0, descrip = 0x4370bd "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x4386b8 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffca231d98, val = 0, 
            descrip = 0x437d80 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, 
            val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"
[root@rhel6-1 ~]#

Expected results:
SSSD should not crash in any case.

Additional info:
sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
debug_level = 9

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9

[pam]
reconnection_retries = 3

[domain/default]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc

cache_credentials = true
enumerate = true
debug_level = 9

Comment 2 RHEL Program Management 2011-04-30 06:00:17 UTC

Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Stephen Gallagher 2011-07-01 12:40:18 UTC

Upstream ticket: https://fedorahosted.org/sssd/ticket/911

Comment 7 Kaushik Banerjee 2011-09-07 17:12:51 UTC

Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el6                        Build Date: Mon 29 Aug 2011 08:26:38 PM IST
Install Date: Wed 31 Aug 2011 07:01:44 AM IST      Build Host: x86-010.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el6.src.rpm
Size        : 3549339                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 8 Jakub Hrozek 2011-10-26 16:17:17 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: when the ldap_uri parameter was misconfigured so that the hostname part was missing, SSSD stored NULL in the pointer where the hostname was saved and used it later on for establishing connection
Consequence: SSSD accessed the NULL pointer and crashed
Fix: The URI parsing function was changed so it aborts when it cannot parse a valid hostname from the specified URI
Result: SSSD reports an error and does not crash when an invalid ldap_uri is used in the config file

Comment 9 errata-xmlrpc 2011-12-06 16:38:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html

Note You need to log in before you can comment on or make changes to this bug.