Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 8303 From Kevin.Dunlap@nominum.com Thu Nov 14 13:50:46 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP id NAA15665; Thu, 14 Nov 2002 13:50:46 -0500 (EST) Received: from shell.nominum.com (shell.nominum.com [128.177.192.160]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA18938 for ; Thu, 14 Nov 2002 13:50:45 -0500 (EST) Received: from shell.nominum.com (localhost [127.0.0.1]) by shell.nominum.com (Postfix) with ESMTP id 9341B137F06 for ; Thu, 14 Nov 2002 10:50:44 -0800 (PST) To: krb5-bugs@mit.edu Subject: Segmentation Fault at prof_tree.c:502 on Solaris Date: Thu, 14 Nov 2002 18:50:44 +0000 From: Kevin Dunlap Message-Id: <20021114185044.9341B137F06@shell.nominum.com> X-send-pr-version: 3.99 >Submitter-Id: net >Originator: Kevin J Dunlap - Kevin.Dunlap@nominum.com >Organization: Nominum, Inc >Confidential: yes >Synopsis: Segmentation Fault at prof_tree.c:502 on Solaris >Severity: serious >Priority: high >Category: krb5-libs >Class: sw-bug >Release: krb5-1.2.6 >Environment: System: SunOS keymaster 5.8 Generic_108528-16 sun4m sparc SUNW,SPARCstation-5 Architecture: sun4 >Description: Using GSS-API on Solaris Machine with Windows 2k as KDC. Program seg faults on line 502 of util/profile/prof_tree.c Same software configuration compiled on FreeBSD does not Seg Fault. >How-To-Repeat: Script started on Thu 14 Nov 2002 06:01:51 PM UTC [kevin@keymaster nsupdate]$ klist klist: No credentials cache file found while setting cache flags (ticket cache /tmp/krb5cc_1001) [kevin@keymaster nsupdate]$ kinit kevind Password for kevind@AD.TESTLAB.DUNLAP.ORG: [kevin@keymaster nsupdate]$ klist Ticket cache: /tmp/krb5cc_1001 Default principal: kevind@AD.TESTLAB.DUNLAP.ORG Valid starting Expires Service principal Thu 14 Nov 2002 06:00:58 PM UTC Fri 15 Nov 2002 04:00:58 AM UTC krbtgt/AD.TESTLAB.DUNLAP.ORG@AD.TESTLAB.DUNLAP.ORG renew until Thu 21 Nov 2002 06:00:58 PM UTC [kevin@keymaster nsupdate]$ ./nsupdate -o > update add kjd.ad.testlab.dunlap.org. 200 in txt "this is a test" > Segmentation Fault (core dumped) [kevin@keymaster nsupdate]$ gdb ./nsupdate ./core GNU gdb 5.2.1 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"... Core was generated by `./nsupdate -o'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2...done. Loaded symbols for /usr/local/krb5/lib/libgssapi_krb5.so.2 Reading symbols from /usr/lib/libnsl.so.1...done. Loaded symbols for /usr/lib/libnsl.so.1 Reading symbols from /usr/lib/libsocket.so.1...done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libpthread.so.1...done. Loaded symbols for /usr/lib/libpthread.so.1 Reading symbols from /usr/lib/libthread.so.1...done. Loaded symbols for /usr/lib/libthread.so.1 Reading symbols from /usr/lib/libc.so.1...done. Loaded symbols for /usr/lib/libc.so.1 Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done. Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3 Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done. Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3 Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done. Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3 Reading symbols from /usr/local/lib/libgcc_s.so.1...done. Loaded symbols for /usr/local/lib/libgcc_s.so.1 Reading symbols from /usr/lib/libdl.so.1...done. Loaded symbols for /usr/lib/libdl.so.1 Reading symbols from /usr/lib/libmp.so.2...done. Loaded symbols for /usr/lib/libmp.so.2 Reading symbols from /usr/lib/libgen.so.1...done. Loaded symbols for /usr/lib/libgen.so.1 Reading symbols from /usr/lib/libresolv.so.2...done. Loaded symbols for /usr/lib/libresolv.so.2 #0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0, ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502 502 for (p=section->first_child; p; p = p->next) (gdb) p section $1 = (struct profile_node *) 0x0 (gdb) p *section Cannot access memory at address 0x0 (gdb) bt #0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0, ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502 #1 0xef4ff5e8 in profile_get_value (profile=0x131200, names=0xeeb0ec00, ret_value=0xeeb0ec14) at prof_get.c:196 #2 0xef4ff828 in profile_get_integer (profile=0x131200, name=0xef505ef8 "libdefaults", subname=0xef505f08 "clockskew", subsubname=0x0, def_val=300, ret_int=0xeeb0ec8c) at prof_get.c:265 #3 0xef4d88b8 in init_common (context=0xef7984ac, secure=0) at init_ctx.c:144 #4 0xef4d86c0 in krb5_init_context (context=0xef7984ac) at init_ctx.c:70 #5 0xef77d298 in kg_get_context (minor_status=0xeeb0ef44, context=0xeeb0ee44) at gssapi_krb5.c:185 #6 0xef77a180 in krb5_gss_acquire_cred (minor_status=0xeeb0ef44, desired_name=0x0, time_req=4294967295, desired_mechs=0x0, cred_usage=1, output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c, time_rec=0xeeb0ef38) at acquire_cred.c:315 #7 0xef78294c in gss_acquire_cred (minor_status=0xeeb0ef44, desired_name=0x0, time_req=4294967295, desired_mechs=0x0, cred_usage=1, output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c, time_rec=0xeeb0ef38) at krb5_gss_glue.c:70 #8 0x00085d40 in dst_gssapi_acquirecred (name=0x0, initiate=isc_boolean_true, cred=0xeeb0f438) at gssapictx.c:153 #9 0x00022da8 in start_gssrequest (master=0x0) at nsupdate.c:1884 #10 0x000226dc in recvsoa (task=0x1349b0, event=0x0) at nsupdate.c:1800 #11 0x000ea43c in dispatch (manager=0x134938) at task.c:855 #12 0x000ea524 in run (uap=0x134938) at task.c:998 (gdb) list 497 * Find the section to list if we are a LIST_SECTION, 498 * or find the containing section if not. 499 */ 500 section = iter->file->root; 501 for (cpp = iter->names; cpp[iter->done_idx]; cpp++) { 502 for (p=section->first_child; p; p = p->next) 503 if (!strcmp(p->name, *cpp) && !p->value) 504 break; 505 if (!p) { 506 section = 0; (gdb) quit [kevin@keymaster nsupdate]$ exit script done on Thu 14 Nov 2002 06:04:06 PM UTC -------------- krb5.conf [libdefaults] ticket_lifetime=24000 default_realm = AD.TESTLAB.DUNLAP.ORG default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 [realms] AD.TESTLAB.DUNLAP.ORG = { kdc = faye.ad.testlab.dunlap.org:88 admin_server = faye.ad.testlab.dunlap.org:749 default_domain = ad.testlab.dunlap.org } [domain_realm] .ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] kinit = { renewable = true forwardable= true } [pam] debug=false ticket_lifetime=36000 renew_lifetime=36000 forwardable=true krb4_convert=false >Fix: diff -c prof_tree.c prof_tree.c-new *** prof_tree.c Thu Nov 14 16:10:20 2002 --- prof_tree.c-new Thu Nov 14 16:10:07 2002 *************** *** 499,504 **** --- 499,506 ---- */ section = iter->file->root; for (cpp = iter->names; cpp[iter->done_idx]; cpp++) { + if (!section) + break; for (p=section->first_child; p; p = p->next) if (!strcmp(p->name, *cpp) && !p->value) break;