Bug#258131: openssh: intermittant failure with GSSAPI authentication
Le 05/07/2012 18:54, Russ Allbery a écrit :
> Matthieu CERDA <matthieu.cerda@normation.com> writes:
>
>> Hello, I am having strange SIGSEGV issues with sshd, but good news: it
>> is reproductible.
>
[...]
> Could you install libkrb5-dbg and libc6-dbg and then get a new backtrace?
> I'm particularly interested in the call site of that free.
Here you go:
Program received signal SIGSEGV, Segmentation fault.
_int_free (av=0x7ffff6653e60, p=0x4e455a2e41455a) at malloc.c:4892
4892 malloc.c: Aucun fichier ou dossier de ce type.
(gdb) thr apply all bt
Thread 1 (Thread 0x7ffff7fe27c0 (LWP 10254)):
#0 _int_free (av=0x7ffff6653e60, p=0x4e455a2e41455a) at malloc.c:4892
#1 0x00007ffff634b87c in *__GI___libc_free (mem=<optimized out>) at
malloc.c:3738
#2 0x00007ffff68d182b in default_an_to_ln
(context=context@entry=0x5555557fbda0, aname=aname@entry=0x5555557fc3b0,
lnsize=lnsize@entry=65, lname=lname@entry=0x7fffffffda30 "\200t~UUU")
at ../../../../src/lib/krb5/os/an_to_ln.c:632
#3 0x00007ffff68d2216 in krb5_aname_to_localname
(context=context@entry=0x5555557fbda0,
aname=aname@entry=0x5555557fc3b0, lnsize_in=lnsize_in@entry=65,
lname=lname@entry=0x7fffffffda30 "\200t~UUU")
at ../../../../src/lib/krb5/os/an_to_ln.c:793
#4 0x00007ffff68d55eb in an2ln_ok (luser=0x5555557e7480 "mcerda",
principal=0x5555557fc3b0, context=0x5555557fbda0)
at ../../../../src/lib/krb5/os/kuserok.c:168
#5 krb5_kuserok (context=0x5555557fbda0, principal=0x5555557fc3b0,
luser=0x5555557e7480 "mcerda")
at ../../../../src/lib/krb5/os/kuserok.c:181
#6 0x00005555555804ba in ?? ()
#7 0x000055555556647b in ?? ()
#8 0x000055555557a72a in ?? ()
#9 0x000055555557b7ca in ?? ()
#10 0x000055555557c5ed in ?? ()
#11 0x0000555555564103 in main ()
Looks like sshd tries to free() something that it should not. I'll try
to have a peek at the related code.
>
> Running sshd under valgrind might also help, since this may be heap
> corruption.
>
Valgrind does not output anything interesting except some of these while
the binary is just being started:
==10666== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==10666== Command: /usr/sbin/sshd -d
==10666==
==10666== Warning: invalid file descriptor 1024 in syscall close()
==10666== Warning: invalid file descriptor 1025 in syscall close()
==10666== Warning: invalid file descriptor 1026 in syscall close()
==10666== Use --log-fd=<number> to select an alternative log fd.
==10666== Warning: invalid file descriptor 1027 in syscall close()
==10666== Warning: invalid file descriptor 1028 in syscall close()
==10666== Warning: invalid file descriptor 1029 in syscall close()
It does not seem related to the issue.
--
Matthieu CERDA (matthieu.cerda@normation.com)
Reply to: