X-MS-Exchange-Crosstenant-Network-Message-ID: 045df8a5-b937-4d5a-b7c1-08d7bf5a481f To: krb5-bugs@mit.edu X-MS-Exchange-Crosstenant-Originalarrivaltime: 03 Mar 2020 10:04:37.1412 (UTC) X-Eopattributedmessage: 0 From krb5-bugs-incoming-bounces@PCH.mit.edu Tue Mar 3 12:24:33 2020 Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ioxaFFlALaiAhW2EB8yWX79hpnALk8F2MHiTuqIymhQ=; b=GTcRW88yWlMDD1PiiYRrAUDeTRQ1EiqD3weoJax1SDz4LOEHlrD+x2k8MMn4vZNxdzzEumNEisYEeFMLaALDsVa1Ar4mVLyV6iOSloCHk0o1f+rYlgA46ZJP3ijnBNUmiTaECpUmc4erJVXigBLDVrFacmxs4VWrkATg3gZXOtw= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=notmuch.email; s=mail; t=1583229875; bh=WTikN17mNfP1bzrI1Wtatb9aGdLskUXd8s0bi9olifQ=; h=Date:From:To:Subject; b=jQw9x6DH6chIsVCpzdjDjxcCefPxmInVT4uTCgfXUhzR5ujXKL0atysmGhNAFINTQ F90fq5YbsCP9YWHFMKTQa5NC3clpqb43eCWQhB0oGQfG57NoOSGQAYAS+FGb/Hn1LU K6MbPBFH4GP6kvTn0aiW5URSi5NRTXL31zOxsJGQ= content-type: text/plain; charset="utf-8" X-MS-Exchange-Senderadcheck: 2 Date: Tue, 3 Mar 2020 11:04:34 +0100 X-Originatororg: mitprod.onmicrosoft.com X-MS-Traffictypediagnostic: BN6PR01MB2692: X-Forefront-PRVS: 03319F6FEF X-Microsoft-Antispam: BCL:0; Precedence: list X-MS-Exchange-Atpmessageproperties: SA Content-Disposition: inline X-Mailman-Approved-At: Tue, 03 Mar 2020 12:24:29 -0500 X-Microsoft-Antispam-Message-Info: YKAXfVprTl9/cf6+sYHRvVXI43s/YS7qjbBl0XUPmLG5QCx9BB1mPJHg4COia5OBdDw8Ug40KggFZQa0x2+KsILuqWahAWkeBFqmD7YJDK9vzz9aKBxA9YOcXY8UEh0Mc/6jOw2yHiDihMTi3OUM9X2VSDqFf+bIux3jT7cD59sN14P8Jg//Mz1ue/NB6QVLzmQFRX1f8TwWdiY91M+2waw8Cz0Mjt2BFYLiQoKuUz1Wwv25o79lCl045coQqsRmm+OT/GbQQreqXJTDc0+HxcdbBT3XmZVXKZytey/F0AebD8652hAQbRRg7iUmMk7mj/+NpX8Q+6jtgEG5JZPO/jtJOiF+jNTcecN6y7AjDTDP+X7EHNngiSullkc9vtsS4HQ0w/9aggWc80gsapvyGMNXxwdIXnzlkNh6I6Kmr2vEiqEsZKHzp8Yg/RKIlJo+K1DE19zfbWLF0R/MeV99qMYIzKbHEv/ZYdbJNQY3p23Qa77PeiJXKL+E25YSy7b+NGUzKjYq7PxluVkU0Llzg5omJoEdBcg/C2GxzjOI+aA= X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-MS-Exchange-Transport-Forked: True X-MS-Exchange-Transport-Crosstenantheadersstamped: BN6PR01MB2692 From: andi@notmuch.email Received-SPF: TempError (protection.outlook.com: error in processing during lookup of notmuch.email: DNS Timeout) X-MS-Publictraffictype: Email Subject: Segfault in k5_primary_domain Arc-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from PCH.mit.edu (PCH.MIT.EDU [18.7.21.50]) by krbdev.mit.edu (Postfix) with ESMTPS id DA7484069E; Tue, 3 Mar 2020 12:24:30 -0500 (EST) Received: from PCH.MIT.EDU (localhost.localdomain [127.0.0.1]) by PCH.mit.edu (8.14.7/8.12.8) with ESMTP id 023HOU8R008082; Tue, 3 Mar 2020 12:24:30 -0500 Received: from outgoing-exchange-3.mit.edu (OUTGOING-EXCHANGE-3.MIT.EDU [18.9.28.13]) by PCH.mit.edu (8.14.7/8.12.8) with ESMTP id 023A4lGv020085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 3 Mar 2020 05:04:47 -0500 Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id 023A42LS027197 for ; Tue, 3 Mar 2020 05:04:06 -0500 Received: from w92expo28.exchange.mit.edu (18.7.74.34) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 3 Mar 2020 05:04:08 -0500 Received: from oc11exhyb6.exchange.mit.edu (18.9.1.111) by w92expo28.exchange.mit.edu (18.7.74.34) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 3 Mar 2020 05:04:43 -0500 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (104.47.38.58) by oc11exhyb6.exchange.mit.edu (18.9.1.111) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 3 Mar 2020 05:04:43 -0500 Received: from DM5PR11CA0001.namprd11.prod.outlook.com (2603:10b6:3:115::11) by BN6PR01MB2692.prod.exchangelabs.com (2603:10b6:404:ce::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.18; Tue, 3 Mar 2020 10:04:42 +0000 Received: from DM3NAM03FT054.eop-NAM03.prod.protection.outlook.com (2603:10b6:3:115:cafe::5d) by DM5PR11CA0001.outlook.office365.com (2603:10b6:3:115::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Tue, 3 Mar 2020 10:04:38 +0000 Received: from mx.h4ck.space (159.69.146.50) by DM3NAM03FT054.mail.protection.outlook.com (10.152.83.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14 via Frontend Transport; Tue, 3 Mar 2020 10:04:37 +0000 X-MS-Exchange-Crosstenant-Fromentityheader: Internet X-Auto-Response-Suppress: DR, OOF, AutoReply X-MS-Exchange-Crosstenant-ID: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Office365-Filtering-Correlation-ID: 045df8a5-b937-4d5a-b7c1-08d7bf5a481f Return-Path: Authentication-Results: spf=temperror (sender IP is 159.69.146.50) smtp.mailfrom=notmuch.email; mit.edu; dkim=timeout (key query timeout) header.d=notmuch.email;mit.edu; dmarc=temperror action=none header.from=notmuch.email; Arc-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IwwkPwPJG8uLRnegDaa6FzvDzZk5LfQFEwfZcy5LJPvTUCIHbbCQ0FXj18zni3wpzUMt4pdJGa5HPq4Rt9Te/s5fr1SnPi0N+uvTfMdYqNLmX9V9WlzFwnobqoZesVBfPIrki4rNcTRgCUwXbH75V+RWr6wJihntS49O8mWnted51Ed1TWcDK8C/BYTLdG4bdsu4UJb1b1lqqsuK/6Y2jCw6RFH0tZE/yK2316IOWwk1LbcoFKcXYl445FR82mln4tkIDb12RaJW0k1fV9Kwv8+wqyC2SMXMQyAd4vloWMgiDCA52K5MkJ894yj3gLbtswWI0Dw35F38y3yRUkpc5w== X-Mailman-Version: 2.1.6 X-Eoptenantattributedmessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 X-MS-Oob-TLC-Oobclassifiers: OLM:9508; X-Forefront-Antispam-Report: CIP:159.69.146.50; IPV:; CTRY:DE; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(7916004)(346002)(376002)(396003)(136003)(39860400002)(189003)(199004)(7596002)(36736006)(5660300002)(33716001)(7116003)(2160300002)(786003)(498600001)(1076003)(356004)(316002)(6666004)(6486002)(70586007)(68406010)(8676002)(6506007)(63350400001)(956004)(246002)(63370400001)(86362001)(336012)(109986005)(6512007)(9686003)(2906002)(26005)(46492005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR01MB2692; H:mx.h4ck.space; FPR:; SPF:TempError; LANG:en; PTR:mx.h4ck.space; MX:3; A:3; X-Microsoft-Antispam-PRVS: X-RT-Incoming-Encryption: Not encrypted Message-ID: <20200303100434.lnsqprj4kt3shqqg@wrt> Sender: krb5-bugs-incoming-bounces@PCH.mit.edu X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu MIME-Version: 1.0 Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ioxaFFlALaiAhW2EB8yWX79hpnALk8F2MHiTuqIymhQ=; b=D4+yl0nBWiHxL8Z+11zRGVlpskL7WN/Oo1MikqktyvVJh7O4NgqgCdiOQVtwjBm3u0HfK4jbn7pIjI8NIlWwm59yMT+ukD0egISp1AQ8KoJ2BRxiTwQbbd306LFPLGJOS+qY2Fkz6mCtb/JcdmpZWWqxdBDqZKCg/LMdhY1yKMGKuqxsLMseXMQOuK3/aX6MYGmn+wW0s1gOepVnmiVQy1kT2IVf8E1KmJ2xr6kCdxMEtH+1x4rq93l2Au0UwEjWX9g0fyU7hicRjxCbrho36/OsJ8rs157zpFssFcxmJNuDs0xtXbVbvXXwFgcFZKo+Gp0y+bo9eCHkMf3ijJP8hQ== X-RT-Original-Encoding: utf-8 X-RT-Interface: Email Content-Length: 4506 On NixOS we started to see segfaults when executing `gsasl` tests in our build infrastructure that origin in the krb5 library. The particular test that failed was the `old-simple` test with the following stack trace: > 0x00007ffff7f433c1 in __strlen_avx2 () from /nix/store/dp9nhj3ng2hw3cfn0x0w867z0d3kp0i7-glibc-2.30/lib/libc.so.6 > #0 0x00007ffff7f433c1 in __strlen_avx2 () from /nix/store/dp9nhj3ng2hw3cfn0x0w867z0d3kp0i7-glibc-2.30/lib/libc.so.6 > #1 0x00007ffff7e75a0e in strdup () from /nix/store/dp9nhj3ng2hw3cfn0x0w867z0d3kp0i7-glibc-2.30/lib/libc.so.6 > #2 0x00007ffff7cf5f79 in k5_primary_domain () at dnsglue.c:506 > #3 0x00007ffff7cff10b in qualify_shortname (context=context@entry=0x410be0, host=host@entry=0x410610 "") at sn2princ.c:74 > #4 0x00007ffff7cff2c2 in k5_expand_hostname (context=context@entry=0x410be0, host=host@entry=0x410610 "", is_fallback=is_fallback@entry=0, canonhost_out=canonhost_out@entry=0x7fffffff8fc0) at sn2princ.c:128 > #5 0x00007ffff7cff3a1 in krb5_expand_hostname (context=context@entry=0x410be0, host=host@entry=0x410610 "", canonhost_out=canonhost_out@entry=0x7fffffff8fc0) at sn2princ.c:164 > #6 0x00007ffff7cff5f6 in krb5_sname_to_principal (context=0x410be0, hostname=0x410610 "", sname=0x40f5b0 "", type=type@entry=3, princ_out=princ_out@entry=0x7fffffff9088) at sn2princ.c:219 > #7 0x00007ffff7d8d6a8 in krb5_gss_import_name (minor_status=0x7fffffffb2b4, input_name_buffer=0x40f480, input_name_type=0x40f640, output_name=0x7fffffffb1c0) at import_name.c:166 > #8 0x00007ffff7d789bc in gssint_import_internal_name (minor_status=minor_status@entry=0x7fffffffb2b4, mech_type=0x40e290, union_name=union_name@entry=0x40fad0, internal_name=internal_name@entry=0x7fffffffb1c0) at g_glue.c:400 > #9 0x00007ffff7d74661 in gss_add_cred_from (minor_status=minor_status@entry=0x7fffffffb2b4, input_cred_handle=0x410bb0, desired_name=desired_name@entry=0x40fad0, desired_mech=, cred_usage=cred_usage@entry=2, initiator_time_req=initiator_time_req@entry=0, acceptor_time_req=0, cred_store=0x0, output_cred_handle=0x0, actual_mechs=0x0, initiator_time_rec=0x0, acceptor_time_rec=0x0) at g_acquire_cred.c:512 > #10 0x00007ffff7d74cbb in gss_acquire_cred_from (minor_status=minor_status@entry=0x7fffffffb394, desired_name=0x40fad0, time_req=time_req@entry=0, desired_mechs=desired_mechs@entry=0x0, cred_usage=cred_usage@entry=2, cred_store=cred_store@entry=0x0, output_cred_handle=0x40d740, actual_mechs=0x0, time_rec=0x0) at g_acquire_cred.c:190 > #11 0x00007ffff7d74dd1 in gss_acquire_cred (minor_status=minor_status@entry=0x7fffffffb394, desired_name=, time_req=time_req@entry=0, desired_mechs=desired_mechs@entry=0x0, cred_usage=cred_usage@entry=2, output_cred_handle=output_cred_handle@entry=0x40d740, actual_mechs=0x0, time_rec=0x0) at g_acquire_cred.c:107 > #12 0x00007ffff7fc32c6 in _gsasl_gssapi_server_start (sctx=, mech_data=0x40dfc8) at server.c:98 > #13 0x00007ffff7fb317e in setup (ctx=ctx@entry=0x40a6b0, mech=mech@entry=0x7ffff7fc7445 "GSSAPI", sctx=sctx@entry=0x40dfb0, n_mechs=n_mechs@entry=13, mechs=mechs@entry=0x40d760, clientp=clientp@entry=0) at xstart.c:69 > #14 0x00007ffff7fb31f2 in start (ctx=ctx@entry=0x40a6b0, mech=0x7ffff7fc7445 "GSSAPI", sctx=sctx@entry=0x7fffffffb480, n_mechs=13, mechs=0x40d760, clientp=clientp@entry=0) at xstart.c:94 > #15 0x00007ffff7fb324f in gsasl_server_start (ctx=ctx@entry=0x40a6b0, mech=, sctx=sctx@entry=0x7fffffffb480) at xstart.c:139 > #16 0x00007ffff7fb2fd2 in _gsasl_listmech (ctx=0x40a6b0, mechs=0x40d760, n_mechs=13, out=out@entry=0x7fffffffb4e0, clientp=clientp@entry=0) at listmech.c:44 > #17 0x00007ffff7fb30b8 in gsasl_server_mechlist (ctx=, out=out@entry=0x7fffffffb4e0) at listmech.c:95 > #18 0x00007ffff7fb3f39 in gsasl_server_listmech (ctx=, out=out@entry=0x7fffffffb540 "ANONYMOUS EXTERNAL LOGIN PLAIN SECURID DIGEST-MD5 CRAM-MD5 SCRAM-SHA-1 SAML20 OPENID20 GSSAPI GS2-KRB5", outlen=outlen@entry=0x7fffffffb538) at obsolete.c:94 > #19 0x0000000000402dbf in doit () at old-simple.c:438 > #20 0x0000000000403a7e in main (argc=, argv=0x7fffffffd668) at utils.c:140 After looking at the implementation of `k5_primary_domain` it became obvious that the result of the res_ninit(3) call is never validated. The call doesn't fail but the `res_state` structure doesn't seem to be fully populated as expected. At least `h.dnsrch[0]` is NULL leading to `strdup` segfaulting the application.