#3715 ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound?
Closed: Fixed 11 months ago Opened 11 months ago by sbose.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1566782

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

RHEL-7.5 IPA with the 0day errata, the LDAP server crashes in krb5-libs

Core was generated by `/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-TENANT-YCS-IO -i
/var/run/dirsrv/slapd-'.
Program terminated with signal 11, Segmentation fault.
#0  k5_count_etypes (list=list@entry=0x3037373632344232) at etype_list.c:40
40          for (count = 0; list[count]; count++);

....

Thread 1 (Thread 0x7f65d7aa8700 (LWP 11290)):
#0  0x00007f669878b29b in SLL_Next (t=0x0) at src/linked_list.h:45
        i = 3
        tmp = 0x0
        delta_bytes = 16384
        batch_size = 32
        tail = <optimized out>
        head = <optimized out>
#1  0x00007f669878b29b in SLL_PopRange (end=<synthetic pointer>, start=<synthetic pointer>, N=32, head=0x55ec33b650a0) at src/linked_list.h:88
        i = 3
        tmp = 0x0
        delta_bytes = 16384
        batch_size = 32
        tail = <optimized out>
        head = <optimized out>
#2  0x00007f669878b29b in PopRange (end=<synthetic pointer>, start=<synthetic pointer>, N=32, this=0x55ec33b650a0) at src/thread_cache.h:238
        delta_bytes = 16384
        batch_size = 32
        tail = <optimized out>
        head = <optimized out>
#3  0x00007f669878b29b in tcmalloc::ThreadCache::ReleaseToCentralCache (this=this@entry=0x55ec33b64d80, src=src@entry=0x55ec33b650a0, cl=<optimized out>, N=N@entry=32) at src/thread_cache.cc:200
        delta_bytes = 16384
        batch_size = 32
        tail = <optimized out>
        head = <optimized out>
#4  0x00007f669878b68c in tcmalloc::ThreadCache::ListTooLong (this=0x55ec33b64d80, list=0x55ec33b650a0, cl=<optimized out>) at src/thread_cache.cc:158
        batch_size = 32
#5  0x00007f66891f7e6f in sss_nss_getgrouplist_timeout (name=name@entry=0x55ec69e02000 "XXXXX@XXX.ZZZ", group=group@entry=523218634, groups=groups@entry=0x55ec68f40800, ngroups=ngroups@entry=0x7f65d7aa77e4, flags=flags@entry=0, timeout=10000) at src/sss_client/idmap/sss_nss_ex.c:519
        ret = <optimized out>
        new_groups = <optimized out>
        new_ngroups = 128
        start = 128
        inp = {input = {name = 0x55ec69e02000 "XXXXX@YYY.ZZZ", uid = 1234567, gid = 2345678}, rd = {len = 32, data = 0x55ec69788240}, cmd = SSS_NSS_INITGR_EX, result = {pwrep = {result = 0x55ec68f41c00, buffer = 0x7f65d7aa7730 "\200", buflen = 140075386697528}, grrep = {result = 0x55ec68f41c00, buffer = 0x7f65d7aa7730 "\200", buflen = 140075386697528}, initgrrep = {groups = 0x55ec68f41c00, ngroups = 0x7f65d7aa7730, start = 0x7f65d7aa7738}}}
#6  0x00007f6689403852 in back_extdom_getgrouplist (nss_context=<optimized out>, name=name@entry=0x55ec69e02000 "XXXXX@YYY.ZZZ", group=group@entry=523218634, groups=groups@entry=0x55ec68f40800, ngroups=ngroups@entry=0x7f65d7aa77e4, lerrno=lerrno@entry=0x7f65d7aa77e0) at back_extdom_sss_idmap.c:246
...

Metadata Update from @sbose:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1566782

11 months ago

Metadata Update from @sbose:
- Issue assigned to sbose

11 months ago

Metadata Update from @sbose:
- Custom field patch adjusted to on

11 months ago

Commit 2c4dc7a relates to this ticket

Commit 46a4c26 relates to this ticket

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.16.2
- Issue status updated to: Closed (was: Open)

11 months ago

Login to comment on this ticket.

Metadata