#963 sssd_be segfaults while trying to update dyndns
Closed: Fixed None Opened 10 years ago by simo.

The trace shows we fail because we dereference rhostenet unconditionally but it is NULL.

(gdb) bt
#0  ipa_dyndns_update_get_addrs_done (subreq=0x0) at src/providers/ipa/ipa_dyndns.c:649
#1  0x000000311ca0448e in tevent_req_finish (location=<optimized out>, state=TEVENT_REQ_USER_ERROR, req=<optimized out>) at ../tevent_req.c:104
#2  _tevent_req_error (req=<optimized out>, error=<optimized out>, location=<optimized out>) at ../tevent_req.c:122
#3  0x0000000000416f5d in resolv_gethostbyname_done (subreq=0x0) at src/resolv/async_resolv.c:1278
#4  0x000000311ca0448e in tevent_req_finish (location=<optimized out>, state=TEVENT_REQ_USER_ERROR, req=<optimized out>) at ../tevent_req.c:104
#5  _tevent_req_error (req=<optimized out>, error=<optimized out>, location=<optimized out>) at ../tevent_req.c:122
#6  0x0000000000417532 in resolv_gethostbyname_dns_query_done (arg=<optimized out>, status=4, timeouts=0, abuf=0x0, alen=0) at src/resolv/async_resolv.c:856
#7  0x0000003af0a0b4b6 in end_squery (squery=0x1997750, status=<optimized out>, abuf=<optimized out>, alen=<optimized out>) at ares_search.c:209
#8  0x0000003af0a0b5d6 in search_callback (arg=0x1997750, status=<optimized out>, timeouts=<optimized out>, abuf=<optimized out>, alen=<optimized out>) at ares_search.c:201
#9  0x0000003af0a0b263 in qcallback (arg=0x199d920, status=4, timeouts=<optimized out>, abuf=<optimized out>, alen=<optimized out>) at ares_query.c:180
#10 0x0000003af0a09ce7 in end_query (channel=0x197fea0, query=0x1974dc0, status=0, abuf=0x7fffad7db0b0 "B\261\201\203", alen=98) at ares_process.c:1268
#11 0x0000003af0a0a9ab in process_answer (channel=0x197fea0, abuf=0x7fffad7db0b0 "B\261\201\203", alen=98, whichserver=0, tcp=0, now=0x7fffad7db360) at ares_process.c:612
#12 0x0000003af0a0ac08 in process_answer (now=0x7fffad7db360, tcp=0, whichserver=0, alen=<optimized out>, abuf=0x7fffad7db0b0 "B\261\201\203", channel=0x197fea0) at ares_process.c:548
#13 read_udp_packets (channel=0x197fea0, read_fds=0x0, read_fd=26, now=0x7fffad7db360) at ares_process.c:498
#14 0x0000003af0a0aee7 in processfds (channel=0x197fea0, read_fds=0x0, read_fd=26, write_fds=0x0, write_fd=-1) at ares_process.c:152
#15 0x0000000000415b52 in fd_input_available (ev=<optimized out>, fde=<optimized out>, flags=1, data=<optimized out>) at src/resolv/async_resolv.c:183
#16 0x000000311ca05d57 in epoll_event_loop (tvalp=0x7fffad7db420, std_ev=0x1941570) at ../tevent_standard.c:309
#17 std_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../tevent_standard.c:544
#18 0x000000311ca035b0 in _tevent_loop_once (ev=0x19414b0, location=0x435169 "src/util/server.c:552") at ../tevent.c:493
#19 0x000000311ca0373b in tevent_common_loop_wait (ev=0x19414b0, location=0x435169 "src/util/server.c:552") at ../tevent.c:594
#20 0x000000000042ad43 in server_loop (main_ctx=0x19425b0) at src/util/server.c:552
#21 0x0000000000409445 in main (argc=<optimized out>, argv=<optimized out>) at src/providers/data_provider_be.c:1254
(gdb) p rhostent
$2 = (struct resolv_hostent *) 0x0

This happens if the IPA server cannot be resolved with DNS, but can be resolved from /etc/hosts and is reachable.

The IPA provider goes online, starts the dynamic DNS update, which only checks DNS, the check fails and dereferences a NULL pointer.

Fields changed

status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.6.1

Fields changed

patch: 0 => 1

Fixed by:
- db86e17 (master)
- b724874 (sssd-1-6)

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @simo:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.6.1

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2005

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata