#1594 ldap_child crashes on using invalid keytab during gssapi connection
Closed: Fixed None Opened 6 years ago by jhrozek.

https://bugzilla.redhat.com/show_bug.cgi?id=869150 (Red Hat Enterprise Linux 6)

Description of problem:
ldap_child crashes on using invalid keytab during gssapi connection.

Version-Release number of selected component (if applicable):
sssd-1.9.2-3.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd for GSSAPI auth.

2. Use an invalid keytab /etc/krb5.keytab

3. Lookup a user or perform user auth.

Actual results:
Lookup/auth fails. /usr/libexec/sssd/ldap_child crashes.

Expected results:
Lookup/auth succeeds.

Additional info:
Backtrace:
Core was generated by `/usr/libexec/sssd/ldap_child --debug-microseconds=0
--debug-timestamps=1 --debu'.
Program terminated with signal 11, Segmentation fault.
#0  __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:32
32              movdqu  (%rdi), %xmm1

Thread 1 (Thread 0x7fe59ee2f7c0 (LWP 2661)):
#0  __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:32
No locals.
#1  0x0000000000404aaf in pack_buffer (r=0x16d89d0, result=0, krberr=0,
msg=0x0, expire_time=0) at src/providers/ldap/ldap_child.c:111
        len = <value optimized out>
        p = 0
        __FUNCTION__ = "pack_buffer"
#2  0x0000000000405f13 in prepare_response (argc=<value optimized out>,
argv=<value optimized out>) at src/providers/ldap/ldap_child.c:391
        ret = <value optimized out>
        r = 0x16d89d0
        krb5_msg = 0x0
#3  main (argc=<value optimized out>, argv=<value optimized out>) at
src/providers/ldap/ldap_child.c:523
        ret = <value optimized out>
        kerr = 0
        opt = <value optimized out>
        debug_fd = 18
        pc = <value optimized out>
        main_ctx = 0x16d7410
        buf = <value optimized out>
        len = <value optimized out>
        ccname = 0x0
        expire_time = 0
        ibuf = <value optimized out>
        resp = 0x0
        written = <value optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg
= 0x60ed20, val = 0, descrip = 0x40ce78 "Help options:", argDescrip = 0x0},
{longName = 0x40ce86 "debug-level", shortName = 100 'd', argInfo = 2, arg =
0x60ee08, val = 0, descrip = 0x40ce57 "Debug level", argDescrip = 0x0},
{longName = 0x40ce92 "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg
= 0x60ecf4, val = 0, descrip = 0x40ce63 "Add debug timestamps", argDescrip =
0x0}, {longName = 0x40cea3 "debug-microseconds", shortName = 0 '\000', argInfo
= 2, arg = 0x60ecf8, val = 0, descrip = 0x40ca18 "Show timestamps with
microseconds", argDescrip = 0x0}, {longName = 0x40ceb6 "debug-fd", shortName =
0 '\000', argInfo = 2, arg = 0x7fff984db19c, val = 0, descrip = 0x40ca40 "An
open file descriptor for the debug logs", argDescrip = 0x0}, {longName = 0x0,
shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0,
argDescrip = 0x0}}
        __FUNCTION__ = "main"

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned
testsupdated: => 0

milestone: NEEDS_TRIAGE => SSSD 1.9.3
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata