#137 Buffer overflow when resubmitting cert
Opened 4 years ago by joshbenner. Modified 4 years ago

Platform: Ubuntu Xenial (16.04)
Certmonger version: 0.78.6

Scenario:

  • Certmonger already monitoring an IPA-signed certificate on disk
  • Run command to add post-save command via resubmit: ipa-getcert resubmit -w -v -f /path/to/file.crt -D servername.domain.tld -D othername.domain.tld -C 'systemctl reload nginx'

ipa-getcert exits with code 1, with this in stdout:

Please verify that the certmonger service is still running.
Error org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying

certmonger log contains:

Nov 06 14:20:49 servername certmonger[753]: *** buffer overflow detected ***: /usr/sbin/certmonger terminated
Nov 06 14:20:50 servername certmonger[753]: ======= Backtrace: =========
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f0f1d9927e5]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f0f1da3415c]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libc.so.6(+0x117160)[0x7f0f1da32160]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libc.so.6(+0x1190a7)[0x7f0f1da340a7]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x10b65)[0x55fccb7aeb65]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x10d4c)[0x55fccb7aed4c]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0xfae6)[0x55fccb7adae6]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0xfde0)[0x55fccb7adde0]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x35c7c)[0x55fccb7d3c7c]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x38438)[0x55fccb7d6438]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libdbus-1.so.3(dbus_connection_dispatch+0x375)[0x7f0f1f40fd35]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x281c8)[0x55fccb7c61c8]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libdbus-1.so.3(+0x1112e)[0x7f0f1f40e12e]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libdbus-1.so.3(+0x11266)[0x7f0f1f40e266]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0x28ee9)[0x55fccb7c6ee9]
Nov 06 14:20:50 servername certmonger[753]: /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9613)[0x7f0f1f1f7613]
Nov 06 14:20:50 servername certmonger[753]: /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7b57)[0x7f0f1f1f5b57]
Nov 06 14:20:50 servername certmonger[753]: /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d)[0x7f0f1f1f1d3d]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0xd3fd)[0x55fccb7ab3fd]
Nov 06 14:20:50 servername certmonger[753]: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f0f1d93b830]
Nov 06 14:20:50 servername certmonger[753]: /usr/sbin/certmonger(+0xda89)[0x55fccb7aba89]
Nov 06 14:20:50 servername certmonger[753]: ======= Memory map: ========
Nov 06 14:20:50 servername certmonger[753]: 55fccb79e000-55fccb811000 r-xp 00000000 08:01 1717670                    /usr/sbin/certmonger
Nov 06 14:20:50 servername certmonger[753]: 55fccba11000-55fccba14000 r--p 00073000 08:01 1717670                    /usr/sbin/certmonger
Nov 06 14:20:50 servername certmonger[753]: 55fccba14000-55fccba15000 rw-p 00076000 08:01 1717670                    /usr/sbin/certmonger
Nov 06 14:20:50 servername certmonger[753]: 55fccbd61000-55fccbdc2000 rw-p 00000000 00:00 0                          [heap]
Nov 06 14:20:50 servername certmonger[753]: 7f0f1b6cd000-7f0f1b6e3000 r-xp 00000000 08:01 1048641                    /lib/x86_64-linux-gnu/libgcc_s.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1b6e3000-7f0f1b8e2000 ---p 00016000 08:01 1048641                    /lib/x86_64-linux-gnu/libgcc_s.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1b8e2000-7f0f1b8e3000 rw-p 00015000 08:01 1048641                    /lib/x86_64-linux-gnu/libgcc_s.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1b8e3000-7f0f1b8f5000 r-xp 00000000 08:01 1048645                    /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1b8f5000-7f0f1baf5000 ---p 00012000 08:01 1048645                    /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1baf5000-7f0f1baf6000 r--p 00012000 08:01 1048645                    /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1baf6000-7f0f1baf7000 rw-p 00013000 08:01 1048645                    /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1baf7000-7f0f1bb65000 r-xp 00000000 08:01 1048672                    /lib/x86_64-linux-gnu/libpcre.so.3.13.2
Nov 06 14:20:50 servername certmonger[753]: 7f0f1bb65000-7f0f1bd65000 ---p 0006e000 08:01 1048672                    /lib/x86_64-linux-gnu/libpcre.so.3.13.2
Nov 06 14:20:50 servername certmonger[753]: 7f0f1bd65000-7f0f1bd66000 r--p 0006e000 08:01 1048672                    /lib/x86_64-linux-gnu/libpcre.so.3.13.2
Nov 06 14:20:50 servername certmonger[753]: 7f0f1bd66000-7f0f1bd67000 rw-p 0006f000 08:01 1048672                    /lib/x86_64-linux-gnu/libpcre.so.3.13.2
Nov 06 14:20:50 servername certmonger[753]: 7f0f1bd67000-7f0f1be3f000 r-xp 00000000 08:01 1048589                    /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1be3f000-7f0f1c03e000 ---p 000d8000 08:01 1048589                    /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c03e000-7f0f1c03f000 r--p 000d7000 08:01 1048589                    /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c03f000-7f0f1c047000 rw-p 000d8000 08:01 1048589                    /lib/x86_64-linux-gnu/libgcrypt.so.20.0.5 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c047000-7f0f1c048000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c048000-7f0f1c069000 r-xp 00000000 08:01 1048649                    /lib/x86_64-linux-gnu/liblzma.so.5.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c069000-7f0f1c268000 ---p 00021000 08:01 1048649                    /lib/x86_64-linux-gnu/liblzma.so.5.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c268000-7f0f1c269000 r--p 00020000 08:01 1048649                    /lib/x86_64-linux-gnu/liblzma.so.5.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c269000-7f0f1c26a000 rw-p 00021000 08:01 1048649                    /lib/x86_64-linux-gnu/liblzma.so.5.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c26a000-7f0f1c289000 r-xp 00000000 08:01 1048680                    /lib/x86_64-linux-gnu/libselinux.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c289000-7f0f1c488000 ---p 0001f000 08:01 1048680                    /lib/x86_64-linux-gnu/libselinux.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c488000-7f0f1c489000 r--p 0001e000 08:01 1048680                    /lib/x86_64-linux-gnu/libselinux.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c489000-7f0f1c48a000 rw-p 0001f000 08:01 1048680                    /lib/x86_64-linux-gnu/libselinux.so.1
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c48a000-7f0f1c48c000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c48c000-7f0f1c4a3000 r-xp 00000000 08:01 1048754                    /lib/x86_64-linux-gnu/libresolv-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c4a3000-7f0f1c6a3000 ---p 00017000 08:01 1048754                    /lib/x86_64-linux-gnu/libresolv-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c6a3000-7f0f1c6a4000 r--p 00017000 08:01 1048754                    /lib/x86_64-linux-gnu/libresolv-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c6a4000-7f0f1c6a5000 rw-p 00018000 08:01 1048754                    /lib/x86_64-linux-gnu/libresolv-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c6a5000-7f0f1c6a7000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c6a7000-7f0f1c6aa000 r-xp 00000000 08:01 1048792                    /lib/x86_64-linux-gnu/libkeyutils.so.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c6aa000-7f0f1c8a9000 ---p 00003000 08:01 1048792                    /lib/x86_64-linux-gnu/libkeyutils.so.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c8a9000-7f0f1c8aa000 r--p 00002000 08:01 1048792                    /lib/x86_64-linux-gnu/libkeyutils.so.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c8aa000-7f0f1c8ab000 rw-p 00003000 08:01 1048792                    /lib/x86_64-linux-gnu/libkeyutils.so.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c8ab000-7f0f1c8b5000 r-xp 00000000 08:01 1707622                    /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1c8b5000-7f0f1cab4000 ---p 0000a000 08:01 1707622                    /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cab4000-7f0f1cab5000 r--p 00009000 08:01 1707622                    /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cab5000-7f0f1cab6000 rw-p 0000a000 08:01 1707622                    /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cab6000-7f0f1cab9000 r-xp 00000000 08:01 1048627                    /lib/x86_64-linux-gnu/libcom_err.so.2.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cab9000-7f0f1ccb8000 ---p 00003000 08:01 1048627                    /lib/x86_64-linux-gnu/libcom_err.so.2.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ccb8000-7f0f1ccb9000 r--p 00002000 08:01 1048627                    /lib/x86_64-linux-gnu/libcom_err.so.2.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ccb9000-7f0f1ccba000 rw-p 00003000 08:01 1048627                    /lib/x86_64-linux-gnu/libcom_err.so.2.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ccba000-7f0f1cce6000 r-xp 00000000 08:01 1707624                    /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cce6000-7f0f1cee5000 ---p 0002c000 08:01 1707624                    /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cee5000-7f0f1cee7000 r--p 0002b000 08:01 1707624                    /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cee7000-7f0f1cee8000 rw-p 0002d000 08:01 1707624                    /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cee8000-7f0f1cee9000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cee9000-7f0f1cef0000 r-xp 00000000 08:01 1048773                    /lib/x86_64-linux-gnu/librt-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1cef0000-7f0f1d0ef000 ---p 00007000 08:01 1048773                    /lib/x86_64-linux-gnu/librt-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d0ef000-7f0f1d0f0000 r--p 00006000 08:01 1048773                    /lib/x86_64-linux-gnu/librt-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d0f0000-7f0f1d0f1000 rw-p 00007000 08:01 1048773                    /lib/x86_64-linux-gnu/librt-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d0f1000-7f0f1d0f4000 r-xp 00000000 08:01 1717140                    /usr/lib/x86_64-linux-gnu/libplds4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d0f4000-7f0f1d2f3000 ---p 00003000 08:01 1717140                    /usr/lib/x86_64-linux-gnu/libplds4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d2f3000-7f0f1d2f4000 r--p 00002000 08:01 1717140                    /usr/lib/x86_64-linux-gnu/libplds4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d2f4000-7f0f1d2f5000 rw-p 00003000 08:01 1717140                    /usr/lib/x86_64-linux-gnu/libplds4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d2f5000-7f0f1d2f9000 r-xp 00000000 08:01 1717138                    /usr/lib/x86_64-linux-gnu/libplc4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d2f9000-7f0f1d4f8000 ---p 00004000 08:01 1717138                    /usr/lib/x86_64-linux-gnu/libplc4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d4f8000-7f0f1d4f9000 r--p 00003000 08:01 1717138                    /usr/lib/x86_64-linux-gnu/libplc4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d4f9000-7f0f1d4fa000 rw-p 00004000 08:01 1717138                    /usr/lib/x86_64-linux-gnu/libplc4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d4fa000-7f0f1d512000 r-xp 00000000 08:01 1048748                    /lib/x86_64-linux-gnu/libpthread-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d512000-7f0f1d711000 ---p 00018000 08:01 1048748                    /lib/x86_64-linux-gnu/libpthread-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d711000-7f0f1d712000 r--p 00017000 08:01 1048748                    /lib/x86_64-linux-gnu/libpthread-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d712000-7f0f1d713000 rw-p 00018000 08:01 1048748                    /lib/x86_64-linux-gnu/libpthread-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d713000-7f0f1d717000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d717000-7f0f1d71a000 r-xp 00000000 08:01 1048752                    /lib/x86_64-linux-gnu/libdl-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d71a000-7f0f1d919000 ---p 00003000 08:01 1048752                    /lib/x86_64-linux-gnu/libdl-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d919000-7f0f1d91a000 r--p 00002000 08:01 1048752                    /lib/x86_64-linux-gnu/libdl-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d91a000-7f0f1d91b000 rw-p 00003000 08:01 1048752                    /lib/x86_64-linux-gnu/libdl-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1d91b000-7f0f1dadb000 r-xp 00000000 08:01 1048750                    /lib/x86_64-linux-gnu/libc-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dadb000-7f0f1dcdb000 ---p 001c0000 08:01 1048750                    /lib/x86_64-linux-gnu/libc-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dcdb000-7f0f1dcdf000 r--p 001c0000 08:01 1048750                    /lib/x86_64-linux-gnu/libc-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dcdf000-7f0f1dce1000 rw-p 001c4000 08:01 1048750                    /lib/x86_64-linux-gnu/libc-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dce1000-7f0f1dce5000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dce5000-7f0f1dcf0000 r-xp 00000000 08:01 1048849                    /lib/x86_64-linux-gnu/libpopt.so.0.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1dcf0000-7f0f1deef000 ---p 0000b000 08:01 1048849                    /lib/x86_64-linux-gnu/libpopt.so.0.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1deef000-7f0f1def0000 r--p 0000a000 08:01 1048849                    /lib/x86_64-linux-gnu/libpopt.so.0.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1def0000-7f0f1def1000 rw-p 0000b000 08:01 1048849                    /lib/x86_64-linux-gnu/libpopt.so.0.0.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1def1000-7f0f1def5000 r-xp 00000000 08:01 1048582                    /lib/x86_64-linux-gnu/libuuid.so.1.3.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1def5000-7f0f1e0f4000 ---p 00004000 08:01 1048582                    /lib/x86_64-linux-gnu/libuuid.so.1.3.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e0f4000-7f0f1e0f5000 r--p 00003000 08:01 1048582                    /lib/x86_64-linux-gnu/libuuid.so.1.3.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e0f5000-7f0f1e0f6000 rw-p 00004000 08:01 1048582                    /lib/x86_64-linux-gnu/libuuid.so.1.3.0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e0f6000-7f0f1e127000 r-xp 00000000 08:01 1707456                    /usr/lib/x86_64-linux-gnu/libidn.so.11.6.15
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e127000-7f0f1e327000 ---p 00031000 08:01 1707456                    /usr/lib/x86_64-linux-gnu/libidn.so.11.6.15
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e327000-7f0f1e328000 r--p 00031000 08:01 1707456                    /usr/lib/x86_64-linux-gnu/libidn.so.11.6.15
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e328000-7f0f1e329000 rw-p 00032000 08:01 1707456                    /usr/lib/x86_64-linux-gnu/libidn.so.11.6.15
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e329000-7f0f1e3ec000 r-xp 00000000 08:01 1707630                    /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e3ec000-7f0f1e5ec000 ---p 000c3000 08:01 1707630                    /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e5ec000-7f0f1e5f9000 r--p 000c3000 08:01 1707630                    /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e5f9000-7f0f1e5fb000 rw-p 000d0000 08:01 1707630                    /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e5fb000-7f0f1e635000 r-xp 00000000 08:01 1717136                    /usr/lib/x86_64-linux-gnu/libnspr4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e635000-7f0f1e835000 ---p 0003a000 08:01 1717136                    /usr/lib/x86_64-linux-gnu/libnspr4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e835000-7f0f1e836000 r--p 0003a000 08:01 1717136                    /usr/lib/x86_64-linux-gnu/libnspr4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e836000-7f0f1e837000 rw-p 0003b000 08:01 1717136                    /usr/lib/x86_64-linux-gnu/libnspr4.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e837000-7f0f1e83a000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e83a000-7f0f1e862000 r-xp 00000000 08:01 1717146                    /usr/lib/x86_64-linux-gnu/libsmime3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1e862000-7f0f1ea62000 ---p 00028000 08:01 1717146                    /usr/lib/x86_64-linux-gnu/libsmime3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ea62000-7f0f1ea65000 r--p 00028000 08:01 1717146                    /usr/lib/x86_64-linux-gnu/libsmime3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ea65000-7f0f1ea66000 rw-p 0002b000 08:01 1717146                    /usr/lib/x86_64-linux-gnu/libsmime3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ea66000-7f0f1ea8c000 r-xp 00000000 08:01 1717148                    /usr/lib/x86_64-linux-gnu/libnssutil3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ea8c000-7f0f1ec8b000 ---p 00026000 08:01 1717148                    /usr/lib/x86_64-linux-gnu/libnssutil3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ec8b000-7f0f1ec92000 r--p 00025000 08:01 1717148                    /usr/lib/x86_64-linux-gnu/libnssutil3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ec92000-7f0f1ec93000 rw-p 0002c000 08:01 1717148                    /usr/lib/x86_64-linux-gnu/libnssutil3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1ec93000-7f0f1edd2000 r-xp 00000000 08:01 1717172                    /usr/lib/x86_64-linux-gnu/libnss3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1edd2000-7f0f1efd2000 ---p 0013f000 08:01 1717172                    /usr/lib/x86_64-linux-gnu/libnss3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1efd2000-7f0f1efd7000 r--p 0013f000 08:01 1717172                    /usr/lib/x86_64-linux-gnu/libnss3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1efd7000-7f0f1efd9000 rw-p 00144000 08:01 1717172                    /usr/lib/x86_64-linux-gnu/libnss3.so (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1efd9000-7f0f1efda000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1efda000-7f0f1efed000 r-xp 00000000 08:01 1712637                    /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1efed000-7f0f1f1ec000 ---p 00013000 08:01 1712637                    /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f1ec000-7f0f1f1ed000 r--p 00012000 08:01 1712637                    /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f1ed000-7f0f1f1ee000 rw-p 00013000 08:01 1712637                    /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.5
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f1ee000-7f0f1f1fb000 r-xp 00000000 08:01 1712641                    /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.28
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f1fb000-7f0f1f3fb000 ---p 0000d000 08:01 1712641                    /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.28
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f3fb000-7f0f1f3fc000 r--p 0000d000 08:01 1712641                    /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.28
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f3fc000-7f0f1f3fd000 rw-p 0000e000 08:01 1712641                    /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.28
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f3fd000-7f0f1f447000 r-xp 00000000 08:01 1048896                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.6 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f447000-7f0f1f647000 ---p 0004a000 08:01 1048896                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.6 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f647000-7f0f1f648000 r--p 0004a000 08:01 1048896                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.6 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f648000-7f0f1f649000 rw-p 0004b000 08:01 1048896                    /lib/x86_64-linux-gnu/libdbus-1.so.3.14.6 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f649000-7f0f1f863000 r-xp 00000000 08:01 1049338                    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1f863000-7f0f1fa62000 ---p 0021a000 08:01 1049338                    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fa62000-7f0f1fa7e000 r--p 00219000 08:01 1049338                    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fa7e000-7f0f1fa8a000 rw-p 00235000 08:01 1049338                    /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fa8a000-7f0f1fa8d000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fa8d000-7f0f1fab3000 r-xp 00000000 08:01 1048746                    /lib/x86_64-linux-gnu/ld-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fc15000-7f0f1fc1f000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fc1f000-7f0f1fc9f000 r-xp 00000000 08:01 1049186                    /lib/x86_64-linux-gnu/libsystemd.so.0.14.0(deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fc9f000-7f0f1fca2000 r--p 0007f000 08:01 1049186                    /lib/x86_64-linux-gnu/libsystemd.so.0.14.0(deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fca2000-7f0f1fca3000 rw-p 00082000 08:01 1049186                    /lib/x86_64-linux-gnu/libsystemd.so.0.14.0(deleted)
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fca3000-7f0f1fcaa000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fcb1000-7f0f1fcb2000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fcb2000-7f0f1fcb3000 r--p 00025000 08:01 1048746                    /lib/x86_64-linux-gnu/ld-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fcb3000-7f0f1fcb4000 rw-p 00026000 08:01 1048746                    /lib/x86_64-linux-gnu/ld-2.23.so
Nov 06 14:20:50 servername certmonger[753]: 7f0f1fcb4000-7f0f1fcb5000 rw-p 00000000 00:00 0
Nov 06 14:20:50 servername certmonger[753]: 7fff6eca3000-7fff6ecc4000 rw-p 00000000 00:00 0                          [stack]
Nov 06 14:20:50 servername certmonger[753]: 7fff6ed53000-7fff6ed56000 r--p 00000000 00:00 0                          [vvar]
Nov 06 14:20:50 servername certmonger[753]: 7fff6ed56000-7fff6ed58000 r-xp 00000000 00:00 0                          [vdso]
Nov 06 14:20:50 servername certmonger[753]: ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Nov 06 14:20:50 servername systemd[1]: certmonger.service: Main process exited, code=killed, status=6/ABRT
Nov 06 14:20:50 servername systemd[1]: certmonger.service: Unit entered failed state.
Nov 06 14:20:50 servername systemd[1]: certmonger.service: Failed with result 'signal'.

I can't reproduce this with certmonger-0.79.7-1.fc29.1.x86_64

A number of issues discovered by clang were fixed in between which could be mitigating this. Is there a way you can re-test with a newer version of certmonger? Or see if it is dropping core to get a backtrace to tell more precisely where it is failing?

dbg bt output for another repro of apparently same issue:

#0  0x00007fdb4078b428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007fdb4078d02a in __GI_abort () at abort.c:89
#2  0x00007fdb407cd7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fdb408e549f "*** %s ***: %s terminated\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007fdb4086f15c in __GI___fortify_fail (msg=<optimized out>, msg@entry=0x7fdb408e5430 "buffer overflow detected") at fortify_fail.c:37
#4  0x00007fdb4086d160 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007fdb4086f0a7 in __fdelt_chk (d=d@entry=2155) at fdelt_chk.c:25
#6  0x0000555780d5ab65 in cm_waitfor_readable_fd (fd=2155, delay=delay@entry=-1) at ../../src/iterate.c:292
#7  0x0000555780d5ad4c in cm_iterate_entry_init (entry=0x555781ae8f90, cm_iterate_state=0x555781af7c00) at ../../src/iterate.c:454
#8  0x0000555780d59ae6 in cm_start_entry (context=context@entry=0x555781ae8b70, nickname=nickname@entry=0x555781aea3d0 "20180205213356")
    at ../../src/cm.c:866
#9  0x0000555780d59de0 in cm_restart_entry (context=context@entry=0x555781ae8b70, nickname=0x555781aea3d0 "20180205213356") at ../../src/cm.c:941
#10 0x0000555780d7fc7c in request_modify (conn=0x555781b04820, msg=0x555781b079e0, ci=0x7ffe27833ed0, ctx=0x555781ae8b70) at ../../src/tdbush.c:3453
#11 0x0000555780d82438 in cm_tdbush_handle_method_return (conn=0x555781b04820, msg=0x555781b06450, bus=<optimized out>, ctx=0x555781ae8b70)
    at ../../src/tdbush.c:7927
#12 0x00007fdb4224ad35 in dbus_connection_dispatch (connection=connection@entry=0x555781b04820) at ../../dbus/dbus-connection.c:4680
#13 0x0000555780d721c8 in cm_tdbus_dispatch_status (conn=0x555781b04820, new_status=DBUS_DISPATCH_DATA_REMAINS, data=<optimized out>) at ../../src/tdbus.c:84
#14 0x00007fdb4224912e in dbus_connection_unref (connection=0x2e6) at ../../dbus/dbus-connection.c:2841
#15 0x0000555781b04820 in ?? ()
#16 0x0000000000000001 in ?? ()
#17 0x0000000000000001 in ?? ()
#18 0x00007ffe27834040 in ?? ()
#19 0x0000555781ae88a0 in ?? ()
#20 0x00007fdb42249266 in _dbus_connection_handle_watch (watch=0x2e6, condition=742, data=0x6) at ../../dbus/dbus-connection.c:1489
#21 0x0000000000000009 in ?? ()
#22 0x0000555780d72ee9 in cm_tdbus_handle_fd (ec=0x555781b03fe0, tfd=0x555781b07d70, tflags=<optimized out>, pvt=0x555781b07cf0) at ../../src/tdbus.c:206
#23 0x00007fdb42032613 in epoll_event_loop (tvalp=0x7ffe278340c0, epoll_ev=0x555781ae8ae0) at ../tevent_epoll.c:728
#24 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../tevent_epoll.c:926
#25 0x00007fdb42030b57 in std_event_loop_once (ev=0x555781ae88a0, location=0x555780da1614 "../../src/main.c:413") at ../tevent_standard.c:114
#26 0x00007fdb4202cd3d in _tevent_loop_once (ev=0x555781ae88a0, location=0x555780da1614 "../../src/main.c:413") at ../tevent.c:533
#27 0x0000555780d573fd in main (argc=<optimized out>, argv=<optimized out>) at ../../src/main.c:413

It is blowing up in the fortified source test fdelt_chk at:

if (d < 0 || d >= FD_SETSIZE)

There is a test for d == -1 in certmonger prior to the call so I doubt it is < 0 so it must be > FD_SETSIZE. On Fedora this is 1024.

The fd here is 2155 which explains why it is blowing up.

Can you install strace and provide the output of:

strace -f -s 1024 -o /tmp/strace.out pidof certmonger
ipa-getcert resubmit ...

That may show me where this large fd is coming from.

Unfortunately, I seem to have exhausted my ability to reproduce this. I've tried grabbing straces from several machines when resubmitting, but the resubmit is succeeding without any crashing. The several machine I was able to reproduce on earlier were notable that their certmonger process had been running for over a year without a restart, but I don't have any others which look like that.

I'm investigating separately an apparent fd leak in certmonger. I suppose that could drive the number up over a period of time past the allowed per-process. Restarting certmonger would reset this back to 0 which is why you aren't seeing it on restarts. I'll keep this ticket in mind as I continue investigation.

Login to comment on this ticket.

Metadata