#1196 Segfault in IPA provider on F17
Closed: Invalid None Opened 12 years ago by sgallagh.

https://bugzilla.redhat.com/show_bug.cgi?id=790414 (Fedora)

On top of the current issues where we have ldap_results() return -1, a while
after that happens I get a segfault.
The bad news is that this leaves the request sssd_nsss made to this sssd_be
pening and the client is left waiting (presumably until libnss_sss decides it
waited long enough (timeout there is 5 minutes).

Segfault:

Program received signal SIGSEGV, Segmentation fault.
ldap_sasl_interactive_bind (ld=ld@entry=0x0, dn=dn@entry=0x0,
mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=defaults@entry=0x7f92cc3cc680, result=0x0,
    rmech=rmech@entry=0x7fff15cf0940, msgid=msgid@entry=0x7fff15cf093c) at
../../../libraries/libldap/sasl.c:433
433             if( LDAP_IS_UDP(ld) ) {
(gdb) bt
#0  ldap_sasl_interactive_bind (ld=ld@entry=0x0, dn=dn@entry=0x0,
mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=defaults@entry=0x7f92cc3cc680, result=0x0,
    rmech=rmech@entry=0x7fff15cf0940, msgid=msgid@entry=0x7fff15cf093c) at
../../../libraries/libldap/sasl.c:433
#1  0x00007f92ca15ebba in ldap_sasl_interactive_bind_s (ld=0x0,
dn=dn@entry=0x0, mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=0x7f92cc3cc680) at ../../../libraries/libldap/sasl.c:511
#2  0x00007f92bfa1af86 in sasl_bind_send (sasl_user=0x7f92cc3ae4c0
"host/dev2.ipa.ssimo.org", sasl_mech=0x7f92cc3abde0 "GSSAPI",
    sh=0x7f92cc3cd010, ev=0x7f92cc385530, memctx=<optimized out>,
sasl_cred=<optimized out>)
    at src/providers/ldap/sdap_async_connection.c:693
#3  sdap_auth_send (memctx=memctx@entry=0x7f92cc3ccf70, ev=0x7f92cc385530,
sh=0x7f92cc3cd010, sasl_mech=0x7f92cc3abde0 "GSSAPI",
    sasl_user=sasl_user@entry=0x7f92cc3ae4c0 "host/dev2.ipa.ssimo.org",
user_dn=user_dn@entry=0x0, authtok_type=authtok_type@entry=0x0,
    authtok=...) at src/providers/ldap/sdap_async_connection.c:1052
#4  0x00007f92bfa1bb99 in sdap_cli_auth_step (req=0x7f92cc3ccdf0) at
src/providers/ldap/sdap_async_connection.c:1530
#5  0x00007f92bfa1c515 in sdap_cli_kinit_done (subreq=0x0) at
src/providers/ldap/sdap_async_connection.c:1503
#6  0x00007f92bfa15656 in sdap_kinit_done (subreq=0x0) at
src/providers/ldap/sdap_async_connection.c:961
#7  0x00007f92cc138a1e in read_pipe_handler (ev=<optimized out>, fde=<optimized
out>, flags=<optimized out>, pvt=<optimized out>)
    at src/util/child_common.c:468
#8  0x00007f92cb8aab2a in ?? () from /lib64/libtevent.so.0
#9  0x00007f92cb8a7cb0 in _tevent_loop_once () from /lib64/libtevent.so.0
#10 0x00007f92cb8a7e3b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#11 0x00007f92cc135ba3 in server_loop (main_ctx=0x7f92cc386630) at
src/util/server.c:572
#12 0x00007f92cc0fc179 in main (argc=<optimized out>, argv=<optimized out>) at
src/providers/data_provider_be.c:2012

This is almost certainly a side-effect of https://bugzilla.redhat.com/show_bug.cgi?id=771484 but we should probably be protecting against such crashes anyway.

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
patch: => 0
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.0 (LTM)

This was entirely due to the openldap bug. There's no need to put in special checks for this, as it cannot occur if openldap is behaving properly.

resolution: => wontfix
status: new => closed

Metadata Update from @sgallagh:
- Issue set to the milestone: SSSD 1.8.0 (LTM)

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2238

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata