Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1369130
/usr/lib64/libnss_sss.so.2 in sssd-client-1.13.4-4.fc24.x86_64 is linked against libpthread. This causes problems when static binaries attempt to use NSS-based functions: https://sourceware.org/bugzilla/show_bug.cgi?id=20500 It also increases the risk for symbol collisions with the application binary. What libpthread functionality do you *really* need which is not in libc.so.6?
Fields changed
blockedby: => blocking: => cc: => fweimer@redhat.com changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 review: True => 0 selected: => testsupdated: => 0
This ticket is more about a possible resource leak that Florian found in the code. From the linked bugzilla: The fix is likely wrong. It does release the lock, but you end up with whatever internal state you had at the point of cancellation. If that is not fully consistent, an application which has canceled a NSS operation will experience rather subtle bugs.
There also seem to be resource leaks, e.g. sss_cli_recv_rep could leak the buffer if cancellation happens after the malloc call.
If you do not want to make the entire code cancellation-safe, you should defer cancellation on entry to nss_sss. Or maybe we should change glibc so that it does that automatically for you. I don't think many of the existing NSS modules are written with cancellation in mind.
summary: nss_sss should not link against libpthread => nss_sss might leak memory when calling thread goes away
milestone: NEEDS_TRIAGE => SSSD 1.16 beta
Note that this is a none-issue once you disable (deferred) cancellation because the thread will no longer perform a non-local exit in this case.
master:
milestone: SSSD Future releases (no date set yet) => SSSD 1.15 Alpha resolution: => fixed status: new => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1400425 (Red Hat Enterprise Linux 7)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1369130 1369130] => [https://bugzilla.redhat.com/show_bug.cgi?id=1369130 1369130], [https://bugzilla.redhat.com/show_bug.cgi?id=1400425 1400425]
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4189
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.