#307 sssd_be segfaults when itertating through group member-users
Closed: Fixed None Opened 14 years ago by jgalipea.

Description[[BR]]
sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]

sssd.conf[[BR]]

[sssd]
config_file_version = 2
domains = LDAP
sbus_timeout = 30
services = nss, pam

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
auth_provider = ldap
cache_credentials = TRUE
enumerate = TRUE
id_provider = ldap
ldap_group_search_base = ou=SSSD,dc=example,dc=com
ldap_group_object_class = groupofnames
ldap_tls_reqcert = hard
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
ldap_id_use_start_tls = TRUE
ldap_uri = ldaps://jennyv4.bos.redhat.com:636
ldap_user_search_base = ou=SSSD,dc=example,dc=com
ldap_user_object_class = person
ldap_schema = rfc2307bis

Directory Objects[[BR]]

# MBO, SSSD, example.com
dn: cn=MBO,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
objectClass: posixgroup
cn: MBO
ou: groups
description: SSSD Memberof and Schema Test Group
member: uid=mbo1,dc=example,dc=com
member: uid=Mbo2,dc=example,dc=com
gidNumber: 2000

# mbo1, SSSD, example.com
dn: uid=mbo1,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
givenName: mbo1
cn: mbo1 mbo1
uid: mbo1
sn: mbo1
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
gidNumber: 2000
uidNumber: 3000
homeDirectory: /home/mbo1

# mbo2, SSSD, example.com
dn: uid=mbo2,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixAccount
givenName: mbo2
cn: mbo2 mbo2
uid: mbo2
sn: mbo2
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
uidNumber: 3001
gidNumber: 2000
homeDirectory: /home/mbo2
loginShell: /bin/bash

Steps to Reproduce[[BR]]
1. Add objects to directory server as above.[[BR]]
2. Install sssd and configure as above.[[BR]]
3. getent -s sss passwd (users returned)[[BR]]
4. getent -s sss group (nothing returned)[[BR]]
5. wait about 5 seconds - segfault[[BR]]

Version[[BR]]
sssd-1.0.0-0.2009120312git2d717db.fc11.i586


Fields changed

description: '''Description'''[[BR]]
sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]

'''sssd.conf'''[[BR]]
{{{
[sssd]
config_file_version = 2
domains = LDAP
sbus_timeout = 30
services = nss, pam

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
auth_provider = ldap
cache_credentials = TRUE
enumerate = TRUE
id_provider = ldap
ldap_group_search_base = ou=SSSD,dc=example,dc=com
ldap_group_object_class = groupofnames
ldap_tls_reqcert = hard
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
ldap_id_use_start_tls = TRUE
ldap_uri = ldaps://jennyv4.bos.redhat.com:636
ldap_user_search_base = ou=SSSD,dc=example,dc=com
ldap_user_object_class = person
ldap_schema = rfc2307bis
}}}

'''Directory Objects'''[[BR]]
{{{

MBO, SSSD, example.com

dn: cn=MBO,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
objectClass: posixgroup
cn: MBO
ou: groups
description: SSSD Memberof and Schema Test Group
member: uid=mbo1,dc=example,dc=com
member: uid=Mbo2,dc=example,dc=com
gidNumber: 2000

mbo1, SSSD, example.com

dn: uid=mbo1,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
givenName: mbo1
cn: mbo1 mbo1
uid: mbo1
sn: mbo1
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
gidNumber: 2000
uidNumber: 3000
homeDirectory: /home/mbo1

mbo2, SSSD, example.com

dn: uid=mbo2,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixAccount
givenName: mbo2
cn: mbo2 mbo2
uid: mbo2
sn: mbo2
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
uidNumber: 3001
gidNumber: 2000
homeDirectory: /home/mbo2
loginShell: /bin/bash
}}}

'''Steps to Reproduce'''[[BR]]
1. Add objects to directory server as above.[[BR]]
2. Install sssd and configure as above.[[BR]]

'''Version'''[[BR]]
sssd-1.0.0-0.2009120312git2d717db.fc11.i586

=> '''Description'''[[BR]]
sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]

'''sssd.conf'''[[BR]]
{{{
[sssd]
config_file_version = 2
domains = LDAP
sbus_timeout = 30
services = nss, pam

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
auth_provider = ldap
cache_credentials = TRUE
enumerate = TRUE
id_provider = ldap
ldap_group_search_base = ou=SSSD,dc=example,dc=com
ldap_group_object_class = groupofnames
ldap_tls_reqcert = hard
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
ldap_id_use_start_tls = TRUE
ldap_uri = ldaps://jennyv4.bos.redhat.com:636
ldap_user_search_base = ou=SSSD,dc=example,dc=com
ldap_user_object_class = person
ldap_schema = rfc2307bis
}}}

'''Directory Objects'''[[BR]]
{{{

MBO, SSSD, example.com

dn: cn=MBO,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
objectClass: posixgroup
cn: MBO
ou: groups
description: SSSD Memberof and Schema Test Group
member: uid=mbo1,dc=example,dc=com
member: uid=Mbo2,dc=example,dc=com
gidNumber: 2000

mbo1, SSSD, example.com

dn: uid=mbo1,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
givenName: mbo1
cn: mbo1 mbo1
uid: mbo1
sn: mbo1
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
gidNumber: 2000
uidNumber: 3000
homeDirectory: /home/mbo1

mbo2, SSSD, example.com

dn: uid=mbo2,ou=SSSD,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixAccount
givenName: mbo2
cn: mbo2 mbo2
uid: mbo2
sn: mbo2
memberOf: cn=MBO,ou=SSSD,dc=example,dc=com
uidNumber: 3001
gidNumber: 2000
homeDirectory: /home/mbo2
loginShell: /bin/bash
}}}

'''Steps to Reproduce'''[[BR]]
1. Add objects to directory server as above.[[BR]]
2. Install sssd and configure as above.[[BR]]
3. getent -s sss passwd (users returned)[[BR]]
4. getent -s sss group (nothing returned)[[BR]]
5. wait about 5 seconds - segfault[[BR]]

'''Version'''[[BR]]
sssd-1.0.0-0.2009120312git2d717db.fc11.i586

Backtrace:

      (gdb) bt full
#0  strcspn () at ../sysdeps/i386/strcspn.S:218
No locals.
#1  0x0806b40d in build_dom_dn_str_escape (memctx=0x900d0c8, 
    template=0x8080958 "name=%s,cn=users,cn=%s,cn=sysdb", 
    domain=0x8f5ff30 "LDAP", 
    name=0x653d6364 <Address 0x653d6364 out of bounds>) at db/sysdb_ops.c:2778
        ret = 0x900d290 "\370\301"
        l = 0
#2  0x0806b8b9 in sysdb_store_group_check (subreq=0x0) at db/sysdb_ops.c:2912
        member = 0x900c408 "name=Mbo2,cn=users,cn=LDAP,cn=sysdb"
        req = 0x900d068
        state = 0x900d0c8
        msg = 0x9cb667
        now = 1259953228
        new_group = true
        ret = 0
        i = 2
        __FUNCTION__ = "sysdb_store_group_check"
#3  0x00e9b4f4 in tevent_req_finish (req=0x653d6364, 
    state=<value optimized out>) at tevent_req.c:118
No locals.
#4  0x00e9b550 in tevent_req_error (req=0x0, error=2) at tevent_req.c:171
No locals.
#5  0x080641b6 in sysdb_search_group_done (subreq=0x0) at db/sysdb_ops.c:979
        req = 0x900d128
        state = 0x900d188
        ret = 2
#6  0x00e9b4f4 in tevent_req_finish (req=0x653d6364, 
    state=<value optimized out>) at tevent_req.c:118
No locals.
#7  0x00e9b550 in tevent_req_error (req=0x0, error=2) at tevent_req.c:171
No locals.
#8  0x08062e0f in sysdb_search_entry_done (subreq=0x0) at db/sysdb_ops.c:555
        req = 0x900bd40
        state = 0x900bda0
        ldbreply = 0x0
        dummy = 0x900c0b0
        ret = 0
        __FUNCTION__ = "sysdb_search_entry_done"
#9  0x00e9b4f4 in tevent_req_finish (req=0x653d6364, 
    state=<value optimized out>) at tevent_req.c:118
No locals.
#10 0x08061838 in sldb_request_callback (ldbreq=0x900c008, ldbreply=0x900c318)
    at db/sysdb_ops.c:163
        req = 0x900c0b0
        state = 0x900c110
        err = 10455995
        __FUNCTION__ = "sldb_request_callback"
#11 0x009f3549 in ltdb_request_done (ctx=<value optimized out>, error=0)
    at ldb_tdb/ldb_tdb.c:1011
        ldb = 0x8f5fc98
        req = 0x900c008
#12 0x009f46f2 in ltdb_callback (ev=0x8f5e090, te=0x900c158, t=
      {tv_sec = 0, tv_usec = 0}, private_data=0x900d1e0)
    at ldb_tdb/ldb_tdb.c:1120
        ctx = 0x900d1e0
        ret = 0
#13 0x00e9a74a in tevent_common_loop_timer_delay (ev=0x8f5e090)
    at tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x900c158
#14 0x00e9c0b7 in std_event_loop_once (ev=0x8f5e090) at tevent_standard.c:543
        tval = {tv_sec = 0, tv_usec = 0}
#15 0x00e9c396 in std_event_loop_wait (ev=0x8f5e090) at tevent_standard.c:567
        std_ev = 0x8f5e0e8
#16 0x00e99ca1 in tevent_loop_wait (ev=0x8f5e090) at tevent.c:357
No locals.
#17 0x0807aa27 in server_loop (main_ctx=0x8f5e138) at util/server.c:431
No locals.
#18 0x080539b2 in main (argc=5, argv=0xbffe2ce4)
    at providers/data_provider_be.c:1187
        opt = -1
        pc = 0x8f5d600
        be_domain = 0x8f5d810 "LDAP"
        srv_name = 0x8f5d670 "sssd[be[LDAP]]"
        conf_entry = 0x8f5d6b8 "config/domain/LDAP"
        main_ctx = 0x8f5e138
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, 
            arg = 0x8087860, val = 0, descrip = 0x807e213 "Help options:", 
            argDescrip = 0x0}, {longName = 0x807e221 "debug-level", 
            shortName = 100 'd', argInfo = 2, arg = 0x80878dc, val = 0, 
            descrip = 0x807e22d "Debug level", argDescrip = 0x0}, {
            longName = 0x807e239 "debug-to-files", shortName = 102 'f', 
            argInfo = 0, arg = 0x80878e4, val = 0, 
            descrip = 0x807e248 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x807e279 "debug-timestamps", 
            shortName = 0 '\0', argInfo = 0, arg = 0x80878e0, val = 0, 
            descrip = 0x807e28a "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x807e29f "domain", shortName = 0 '\0', argInfo = 1, 
            arg = 0xbffe2c08, val = 0, 
            descrip = 0x807e2a8 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, 
            arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"
      arg = 0xbffe2c08, val = 0, 
            descrip = 0x807e2a8 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, 
            arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Examining sysdb_store_group_check produces this:

(gdb) print state->member_users[0]
$6 = 0x900cb28 "mbo1"
(gdb) print state->member_users[1]
$7 = 0x900cd90 "Mbo2"
(gdb) print state->member_users[2]
$8 = 0x653d6364 <Address 0x653d6364 out of bounds>

Proper termination of this list requires that {{{state->member_users[2]}}} should have been {{{NULL}}}.

component: SSSD => SysDB
milestone: NEEDS_TRIAGE => SSSD 1.0
owner: somebody => sgallagh

Fixed by de1c7b4

fixedin: => 1.0.0
resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @jgalipea:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1349

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata