#1196 Segfault in IPA provider on F17

Created 5 years ago by sgallagh
Modified a month ago

https://bugzilla.redhat.com/show_bug.cgi?id=790414 (Fedora)

On top of the current issues where we have ldap_results() return -1, a while
after that happens I get a segfault.
The bad news is that this leaves the request sssd_nsss made to this sssd_be
pening and the client is left waiting (presumably until libnss_sss decides it
waited long enough (timeout there is 5 minutes).

Segfault:

Program received signal SIGSEGV, Segmentation fault.
ldap_sasl_interactive_bind (ld=ld@entry=0x0, dn=dn@entry=0x0,
mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=defaults@entry=0x7f92cc3cc680, result=0x0,
    rmech=rmech@entry=0x7fff15cf0940, msgid=msgid@entry=0x7fff15cf093c) at
../../../libraries/libldap/sasl.c:433
433             if( LDAP_IS_UDP(ld) ) {
(gdb) bt
#0  ldap_sasl_interactive_bind (ld=ld@entry=0x0, dn=dn@entry=0x0,
mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=defaults@entry=0x7f92cc3cc680, result=0x0,
    rmech=rmech@entry=0x7fff15cf0940, msgid=msgid@entry=0x7fff15cf093c) at
../../../libraries/libldap/sasl.c:433
#1  0x00007f92ca15ebba in ldap_sasl_interactive_bind_s (ld=0x0,
dn=dn@entry=0x0, mechs=mechs@entry=0x7f92cc3abde0 "GSSAPI",
    serverControls=serverControls@entry=0x0,
clientControls=clientControls@entry=0x0, flags=flags@entry=2,
    interact=interact@entry=0x7f92bfa13d40 <sdap_sasl_interact>,
defaults=0x7f92cc3cc680) at ../../../libraries/libldap/sasl.c:511
#2  0x00007f92bfa1af86 in sasl_bind_send (sasl_user=0x7f92cc3ae4c0
"host/dev2.ipa.ssimo.org", sasl_mech=0x7f92cc3abde0 "GSSAPI",
    sh=0x7f92cc3cd010, ev=0x7f92cc385530, memctx=<optimized out>,
sasl_cred=<optimized out>)
    at src/providers/ldap/sdap_async_connection.c:693
#3  sdap_auth_send (memctx=memctx@entry=0x7f92cc3ccf70, ev=0x7f92cc385530,
sh=0x7f92cc3cd010, sasl_mech=0x7f92cc3abde0 "GSSAPI",
    sasl_user=sasl_user@entry=0x7f92cc3ae4c0 "host/dev2.ipa.ssimo.org",
user_dn=user_dn@entry=0x0, authtok_type=authtok_type@entry=0x0,
    authtok=...) at src/providers/ldap/sdap_async_connection.c:1052
#4  0x00007f92bfa1bb99 in sdap_cli_auth_step (req=0x7f92cc3ccdf0) at
src/providers/ldap/sdap_async_connection.c:1530
#5  0x00007f92bfa1c515 in sdap_cli_kinit_done (subreq=0x0) at
src/providers/ldap/sdap_async_connection.c:1503
#6  0x00007f92bfa15656 in sdap_kinit_done (subreq=0x0) at
src/providers/ldap/sdap_async_connection.c:961
#7  0x00007f92cc138a1e in read_pipe_handler (ev=<optimized out>, fde=<optimized
out>, flags=<optimized out>, pvt=<optimized out>)
    at src/util/child_common.c:468
#8  0x00007f92cb8aab2a in ?? () from /lib64/libtevent.so.0
#9  0x00007f92cb8a7cb0 in _tevent_loop_once () from /lib64/libtevent.so.0
#10 0x00007f92cb8a7e3b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#11 0x00007f92cc135ba3 in server_loop (main_ctx=0x7f92cc386630) at
src/util/server.c:572
#12 0x00007f92cc0fc179 in main (argc=<optimized out>, argv=<optimized out>) at
src/providers/data_provider_be.c:2012

This is almost certainly a side-effect of https://bugzilla.redhat.com/show_bug.cgi?id=771484 but we should probably be protecting against such crashes anyway.

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
patch: => 0
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.0 (LTM)

This was entirely due to the openldap bug. There's no need to put in special checks for this, as it cannot occur if openldap is behaving properly.

resolution: => wontfix
status: new => closed

a month ago

Metadata Update from @sgallagh:
- Issue set to the milestone: SSSD 1.8.0 (LTM)

Login to comment on this ticket.

defect

IPA Provider

1.8.0 beta 2

0

0

https://bugzilla.redhat.com/show_bug.cgi?id=790414

cancel