[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#258131: openssh: intermittant failure with GSSAPI authentication

Le 05/07/2012 18:54, Russ Allbery a écrit :
> Matthieu CERDA <matthieu.cerda@normation.com> writes:
> 
>> Hello, I am having strange SIGSEGV issues with sshd, but good news: it
>> is reproductible.
> 

[...]

> Could you install libkrb5-dbg and libc6-dbg and then get a new backtrace?
> I'm particularly interested in the call site of that free.

Here you go:

Program received signal SIGSEGV, Segmentation fault.
_int_free (av=0x7ffff6653e60, p=0x4e455a2e41455a) at malloc.c:4892
4892    malloc.c: Aucun fichier ou dossier de ce type.
(gdb) thr apply all bt

Thread 1 (Thread 0x7ffff7fe27c0 (LWP 10254)):
#0  _int_free (av=0x7ffff6653e60, p=0x4e455a2e41455a) at malloc.c:4892
#1  0x00007ffff634b87c in *__GI___libc_free (mem=<optimized out>) at
malloc.c:3738
#2  0x00007ffff68d182b in default_an_to_ln
(context=context@entry=0x5555557fbda0, aname=aname@entry=0x5555557fc3b0,
    lnsize=lnsize@entry=65, lname=lname@entry=0x7fffffffda30 "\200t~UUU")
    at ../../../../src/lib/krb5/os/an_to_ln.c:632
#3  0x00007ffff68d2216 in krb5_aname_to_localname
(context=context@entry=0x5555557fbda0,
    aname=aname@entry=0x5555557fc3b0, lnsize_in=lnsize_in@entry=65,
lname=lname@entry=0x7fffffffda30 "\200t~UUU")
    at ../../../../src/lib/krb5/os/an_to_ln.c:793
#4  0x00007ffff68d55eb in an2ln_ok (luser=0x5555557e7480 "mcerda",
principal=0x5555557fc3b0, context=0x5555557fbda0)
    at ../../../../src/lib/krb5/os/kuserok.c:168
#5  krb5_kuserok (context=0x5555557fbda0, principal=0x5555557fc3b0,
luser=0x5555557e7480 "mcerda")
    at ../../../../src/lib/krb5/os/kuserok.c:181
#6  0x00005555555804ba in ?? ()
#7  0x000055555556647b in ?? ()
#8  0x000055555557a72a in ?? ()
#9  0x000055555557b7ca in ?? ()
#10 0x000055555557c5ed in ?? ()
#11 0x0000555555564103 in main ()

Looks like sshd tries to free() something that it should not. I'll try
to have a peek at the related code.

> 
> Running sshd under valgrind might also help, since this may be heap
> corruption.
> 

Valgrind does not output anything interesting except some of these while
the binary is just being started:

==10666== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==10666== Command: /usr/sbin/sshd -d
==10666==
==10666== Warning: invalid file descriptor 1024 in syscall close()
==10666== Warning: invalid file descriptor 1025 in syscall close()
==10666== Warning: invalid file descriptor 1026 in syscall close()
==10666==    Use --log-fd=<number> to select an alternative log fd.
==10666== Warning: invalid file descriptor 1027 in syscall close()
==10666== Warning: invalid file descriptor 1028 in syscall close()
==10666== Warning: invalid file descriptor 1029 in syscall close()

It does not seem related to the issue.

-- 
Matthieu CERDA (matthieu.cerda@normation.com)
Reply to: