Bug 709267 - ssh client segfaults when nscd is running
Summary: ssh client segfaults when nscd is running
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 15
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 708896 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-31 08:49 UTC by Petr Pisar
Modified: 2016-11-24 15:41 UTC (History)
4 users (show)

Fixed In Version: glibc-2.14-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-07 04:26:13 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 809602 None None None Never

Internal Links: 809602

Description Petr Pisar 2011-05-31 08:49:00 UTC
nscd-2.13.90-14.x86_64
setup-2.8.31-2.fc15.noarch (/etc/services)

Running "getent services ssh tcp" with started nscd daemon causes segfault in nscd while free(aliases_len):

#0  0x00007ffff7a71265 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff7a72b7b in abort () at abort.c:93
#2  0x00007ffff7aad35e in __libc_message (do_abort=2, 
    fmt=0x7ffff7b9a790 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007ffff7ab399a in malloc_printerr (action=3, 
    str=0x7ffff7b9a7c0 "munmap_chunk(): invalid pointer", ptr=<optimized out>)
    at malloc.c:6283

#4  0x00007ffff7b545ef in nscd_getserv_r (crit=0x0, critlen=0, 
    proto=<optimized out>, type=GETSERVBYNAME, resultbuf=0x7ffff7dd92c0, 
    buf=0x608000 "", buflen=1024, result=0x7fffffffe1d0)
    at nscd_getserv_r.c:375
        gc_cycle = 640
        nretries = 0
        alloca_used = 32
        mapped = <optimized out>
        protolen = <optimized out>
        keylen = 5
        alloca_key = 1
        key = 0x7fffffffdfd0 "ssh/"
        s_name = <optimized out>
        s_proto = <optimized out>
        alloca_aliases_len = <optimized out>
        aliases_len = 0x7ffff7fa7608
        aliases_list = <optimized out>
        retval = 0
        recend = <optimized out>
        sock = <optimized out>
        serv_resp = {version = 2, found = 1, s_name_len = 4, s_proto_len = 4, 
          s_aliases_cnt = 0, s_port = 5632}
#5  0x00007ffff7b5495b in __nscd_getservbyname_r (name=0x7fffffffe692 "ssh", 
    proto=0x0, result_buf=0x7ffff7dd92c0, buf=0x608000 "", buflen=1024, 
    result=0x7fffffffe1d0) at nscd_getserv_r.c:43
No locals.
#6  0x00007ffff7b37f96 in __getservbyname_r (name=0x7fffffffe692 "ssh", 
    proto=0x0, resbuf=0x7ffff7dd92c0, buffer=0x608000 "", buflen=1024, 
    result=0x7fffffffe1d0) at ../nss/getXXbyYY_r.c:194
        startp_initialized = false
        startp = 0x0
        start_fct = 0
        nip = <optimized out>
        fct = {l = 0, ptr = 0x0}
        no_more = <optimized out>
        status = NSS_STATUS_UNAVAIL
        nscd_status = <optimized out>
        res = <optimized out>
#7  0x00007ffff7b37cff in getservbyname (name=0x7fffffffe692 "ssh", proto=0x0)
    at ../nss/getXXbyYY.c:117
        buffer_size = 1024
        resbuf = {s_name = 0x608008 "ssh", s_aliases = 0x608000, 
          s_port = 5632, s_proto = 0x60800c "tcp"}
        result = <optimized out>
#8  0x00000000004027f4 in services_keys (number=2, key=0x7fffffffe3a8)
    at getent.c:748
        serv = <optimized out>
        proto = 0x0
        result = <optimized out>
        i = <optimized out>
        serv = <optimized out>
#9  0x0000000000402293 in main (argc=<optimized out>, argv=0x7fffffffe398)
    at getent.c:960
        i = <optimized out>
        remaining = 1

(gdb) frame 4
#4  0x00007ffff7b545ef in nscd_getserv_r (crit=0x0, critlen=0, 
    proto=<optimized out>, type=GETSERVBYNAME, resultbuf=0x7ffff7dd92c0, 
    buf=0x608000 "", buflen=1024, result=0x7fffffffe1d0)
    at nscd_getserv_r.c:375
375         free ((void *) aliases_len);

This affects e.g. ssh client while resolving TCP/ssh service.

Comment 1 Petr Pisar 2011-05-31 08:50:52 UTC
The segfault is not in nscd. The segfault is in getent process.

Comment 2 Andreas Schwab 2011-05-31 11:36:20 UTC
*** Bug 708896 has been marked as a duplicate of this bug. ***

Comment 3 Fedora Update System 2011-05-31 13:54:28 UTC
glibc-2.14-1 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/glibc-2.14-1

Comment 4 Fedora Update System 2011-06-02 19:09:10 UTC
Package glibc-2.14-1:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing glibc-2.14-1'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/glibc-2.14-1
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2011-06-04 02:56:02 UTC
Package glibc-2.14-2:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing glibc-2.14-2'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/glibc-2.14-2
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2011-06-07 04:25:24 UTC
glibc-2.14-2 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.