Bug 606584

Summary:	sigsegv in libcom_err
Product:	[openSUSE] openSUSE 11.2	Reporter:	michel munnix <michel.munnix>
Component:	Other	Assignee:	Michael Calmer <mc>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P3 - Medium	CC:	bilkes, jack, lchiquitto, mc, meissner, ralf
Version:	Final
Target Milestone:	Final
Hardware:	x86-64
OS:	openSUSE 11.2
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	core file perl script

Description michel munnix 2010-05-17 21:55:44 UTC

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9

when terminating a perl application script execution, got segfault:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff49b693d in remove_error_table () from /lib64/libcom_err.so.2

$ rpm -qi libcom_err2-1.41.9-3.1.x86_64
Name        : libcom_err2                  Relocations: (not relocatable)
Version     : 1.41.9                            Vendor: openSUSE
Release     : 3.1                           Build Date: Mon 19 Oct 2009 
08:28:54 PM CEST
Install Date: Mon 18 Jan 2010 06:18:09 PM CET      Build Host: build19
Group       : System/Filesystems            Source RPM: 
e2fsprogs-1.41.9-3.1.src.rpm
Size        : 42000                            License: GPL v2 or later
Signature   : RSA/8, Mon 19 Oct 2009 08:29:34 PM CEST, Key ID b88b2fd43dbdc284
Packager    : http://bugs.opensuse.org
URL         : http://e2fsprogs.sourceforge.net
Summary     : E2fsprogs error reporting library
Description :
com_err is an error message display library.
Distribution: openSUSE 11.2

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



after installing debuginfo package:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff49b693d in remove_error_table (et=0x7ffff5097540) at 
error_message.c:282
282     error_message.c: No such file or directory.
        in error_message.c
(gdb) bt
#0  0x00007ffff49b693d in remove_error_table (et=0x7ffff5097540) at 
error_message.c:282
#1  0x00007ffff4dfea71 in krb5int_lib_fini () at krb5_libinit.c:95
#2  0x00007ffff4dfe9cf in __do_global_dtors_aux () from 
/usr/lib64/libkrb5.so.3
#3  0x0000000000000000 in ?? ()

Comment 1 Jan Kara 2010-05-18 10:14:08 UTC

Hmm, could you please provide the coredump? Either attach it here if it is small or put it somewhere where I can download it. Or even better would be if your could provide the Perl application that segfaults for you so that I can reproduce the problem.

Comment 2 michel munnix 2010-05-18 18:09:02 UTC

Created attachment 363016 [details]
core file

Comment 3 michel munnix 2010-05-18 18:13:05 UTC

Created attachment 363017 [details]
perl script

I stripped most of the perl code not needed to get the segfault and generated the attached core file. If you want to reproduce, you'll need your own ldap server.

Comment 4 Jan Kara 2010-06-05 00:12:19 UTC

I was looking into the core file but I couldn't tell much from it (somehow gdb was confused when I tried to inspect required functions, address whose access supposedly cause SISGSEGV was accessible etc.). So I've tried reproducing the problem. I've installed Authen::Krb5::Easy module. Somehow kinit() wasn't really working complaining that:
could not get initial credentials: Key table entry not found

I guess it's because the key in /etc/krb5.keytab isn't really for jack@SUSE.CZ which is what I've configured as ad_user and ad_domain for our ldap server. So I've obtained kerberos ticket manually, set script to use created cache file, and commented out kinit() call. But now I'm getting:

First parameter was not a reference. It was type 5
Use of uninitialized value in numeric ne (!=) at ./bug-606584_co.pm line 55, <DATA> line 275.
Usage: Authen::SASL::Cyrus::client_new(pkg, parent, service, host, ...) at /usr/lib/perl5/vendor_perl/5.10.0/Net/LDAP.pm line 389, <DATA> line 275.
 at ./bug-606584_co.pm line 57
Usage: Authen::SASL::Cyrus::client_new(pkg, parent, service, host, ...) at /usr/lib/perl5/vendor_perl/5.10.0/Net/LDAP.pm line 389, <DATA> line 275.

So was I too naive in working around kerberos or is there some other problem with your script? It seems as if
  $sasl_conn = $sasl->client_new("ldap",$ad_server);
failed without initializing sasl_conn.

BTW: I've also dug in krb5 library and by any chance, don't you have self-compiled krb5 libraries?

Comment 5 michel munnix 2010-06-05 16:52:41 UTC

No, I use the distribution's krb5 libraries.
I installed e2fsprogs-debugsource package to get the remove_error_table function source code from /usr/src/debug/e2fsprogs-1.41.11/lib/et/error_message.c
I saw in the code that I could add debugging with:
export COMERR_DEBUG=1
Here is the output of "perl co.pm" :
access ad
10.48.3.11
add_error_table: krb5 (0x0x7f3b5e0cd540)
add_error_table: kv5m (0x0x7f3b5e0cdd60)
add_error_table: kdb5 (0x0x7f3b5e0cd3c0)
add_error_table: asn1 (0x0x7f3b5e0cd320)
add_error_table: k524 (0x0x7f3b5e0cdf80)
add_error_table: prof (0x0x7f3b5e0d1160)
add_error_table: ggss (0x0x7f3b5bcc17c0)
add_error_table: ggss (0x0x7f3b5bcc17c0)
remove_error_table FAILED: k5g (0x0x7f3b5bcc1a00)
remove_error_table: ggss (0x0x7f3b5bcc17c0)
Segmentation fault
It seems to segfault when trying  to remove a third "error_table"

Comment 6 Leonardo Chiquitto 2010-06-07 03:06:58 UTC

I'm investigating exactly the same segmentation fault in AutoFS (bug #608295). I did some tests here and identified that the problem doesn't exist on openSUSE 11.1, which uses Kerberos 1.6.3. openSUSE 11.2 (Kerberos 1.7.6) and current Factory (Kerberos 1.8.1) are affected.

I also confirmed that updating Kerberos to version 1.7.6 on openSUSE 11.1 is enough to make the problem appear.

Comment 7 Jan Kara 2010-06-07 08:26:06 UTC

Thanks Michael and Leonardo for input. I think I now see where's the problem. Krb5 library seems to add ggss table twice. That causes that ggss table is referenced twice from the list of all error tables and after it is freed, we reference freed memory from a list causing SEGFAULT during the next removal.

Reassigning to krb5 packager.

Comment 8 Leonardo Chiquitto 2010-06-21 13:07:08 UTC

Michel, please, can you test the Kerberos packages now available in this repository?

http://download.opensuse.org/repositories/home:/leonardocf:/branches:/openSUSE:/11.2:/Update:/Test/standard/

It includes a patch that hopefully addresses this problem.

Comment 9 Leonardo Chiquitto 2010-06-21 17:45:15 UTC

For reference, this bug was reported upstream in:

http://mailman.mit.edu/pipermail/krbdev/2010-June/009099.html

And the patch is now committed to Kerberos repository:

http://anonsvn.mit.edu/viewvc/krb5/trunk/src/lib/gssapi/krb5/gssapi_krb5.c?r1=24050&r2=24139

Comment 10 michel munnix 2010-06-21 20:29:08 UTC

yes, this fixes the problem for me. Thanks

Comment 11 Leonardo Chiquitto 2010-06-21 22:17:52 UTC

Thanks for testing, Michel. I submitted the fix to Factory (request id 41854), hopefully it will be included in 11.3.

Comment 12 Michael Calmer 2010-06-22 08:27:29 UTC

Submitted to Factory

I would suggest to put this together with the next security update for krb5 to openSUSE 11.2 .

Comment 13 Michael Calmer 2010-06-22 08:29:21 UTC

*** Bug 608295 has been marked as a duplicate of this bug. ***

Comment 14 Marcus Meissner 2010-06-22 08:33:19 UTC

yes, please roll into the next security update (which will likely come ;)

Comment 15 Michael Calmer 2010-12-01 09:11:53 UTC

Done. Submitted together with Bug 650650

Comment 16 Bernhard Wiedemann 2016-04-15 11:45:33 UTC

This is an autogenerated message for OBS integration:
This bug (606584) was mentioned in
https://build.opensuse.org/request/show/41864 Factory / krb5
https://build.opensuse.org/request/show/54232 11.2:Test / krb5