Bug#755053: nscd backtrace

[Sam Morris <sam@robots.org.uk>]

retitle -1 'libnss-myhostname: causes nscd to crash'
reassign -1 libnss-myhhostname
found -1 0.3-5~deb7u1
severity -1 important
thanks

This is triggered by the cache miss that occurs when I try to resolve
the machine's hostname (e.g., getent ahosts oxylus).

	$ gdb --args ./nscd -d
	...
	Tue 22 Jul 2014 12:27:48 BST - 21522: Haven't found "oxylus" in hosts cache!

	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7ffff0c11700 (LWP 21529)]
	addhstaiX (db=<optimized out>, fd=<optimized out>, req=<optimized out>, key=<optimized out>, 
	    uid=<optimized out>, he=<optimized out>, dh=0x0) at aicache.c:165
	165		      if (at2->family == AF_INET)
	(gdb) where
	#0  addhstaiX (db=<optimized out>, fd=<optimized out>, req=<optimized out>, key=<optimized out>, 
	    uid=<optimized out>, he=<optimized out>, dh=0x0) at aicache.c:165
	#1  0x0000000000411d34 in addhstai (db=0x7ffff779ce80, fd=0, req=0x10, key=0x2, uid=88)
	    at aicache.c:561
	#2  0x00000000004083a4 in handle_request (key=<optimized out>, req=<optimized out>, 
	    fd=<optimized out>, uid=<optimized out>, pid=<optimized out>) at connections.c:1229
	#3  nscd_run_worker (p=<optimized out>) at connections.c:1709
	#4  0x00007ffff79bfb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
	#5  0x00007ffff74f220d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
	#6  0x0000000000000000 in ?? ()
	(gdb) l
	160		    {
	161		      ++naddrs;
	162		      /* We do not handle anything other than IPv4 and IPv6
	163			 addresses.  The getaddrinfo implementation does not
	164			 either so it is not worth trying to do more.  */
	165		      if (at2->family == AF_INET)
	166			addrslen += INADDRSZ;
	167		      else if (at2->family == AF_INET6)
	168			addrslen += IN6ADDRSZ;
	169		    }
	(gdb) p at2
	$1 = (const struct gaih_addrtuple *) 0x54552e42475f0043
	(gdb) l 155
	150	
	151		  if (rc6 != 0 && herrno == NETDB_INTERNAL)
	152		    goto out;
	153	
	154		  if (status[1] != NSS_STATUS_SUCCESS)
	155		    goto next_nip;
	156	
	157		  /* We found the data.  Count the addresses and the size.  */
	158		  for (const struct gaih_addrtuple *at2 = at = &atmem; at2 != NULL;
	159		       at2 = at2->next)
	(gdb) p &atmem
	$2 = (struct gaih_addrtuple *) 0x7ffff0c106f0
	(gdb) p atmem->next
	$3 = (struct gaih_addrtuple *) 0x7ffff0c10670
	(gdb) p atmem->next->next
	$4 = (struct gaih_addrtuple *) 0x54552e42475f0043

So the gaih_addrtuple linked list is corrupted somehow.

I removed 'myhostname' from the 'hosts' definition in
/etc/nsswitch.conf, and having restarted nscd and invalidating the hosts
cache, I could no longer reproduce the crash. Re-enabling 'myhostname',
invalidating the cache and restarting nscd causes the crash to re-occur.

-- 
Sam Morris <https://robots.org.uk/>
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078