From Kevin.Dunlap@nominum.com Thu Nov 14 13:50:46 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP
id NAA15665; Thu, 14 Nov 2002 13:50:46 -0500 (EST)
Received: from shell.nominum.com (shell.nominum.com [128.177.192.160])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA18938
for <krb5-bugs@mit.edu>; Thu, 14 Nov 2002 13:50:45 -0500 (EST)
Received: from shell.nominum.com (localhost [127.0.0.1])
by shell.nominum.com (Postfix) with ESMTP id 9341B137F06
for <krb5-bugs@mit.edu>; Thu, 14 Nov 2002 10:50:44 -0800 (PST)
To: krb5-bugs@mit.edu
Subject: Segmentation Fault at prof_tree.c:502 on Solaris
Date: Thu, 14 Nov 2002 18:50:44 +0000
From: Kevin Dunlap <Kevin.Dunlap@nominum.com>
Message-Id: <20021114185044.9341B137F06@shell.nominum.com>
X-send-pr-version: 3.99
Architecture: sun4
Program seg faults on line 502 of util/profile/prof_tree.c
Same software configuration compiled on FreeBSD does not Seg Fault.
[kevin@keymaster nsupdate]$ klist
klist: No credentials cache file found while setting cache flags (ticket cache /tmp/krb5cc_1001)
[kevin@keymaster nsupdate]$ kinit kevind
Password for kevind@AD.TESTLAB.DUNLAP.ORG:
[kevin@keymaster nsupdate]$ klist
Ticket cache: /tmp/krb5cc_1001
Default principal: kevind@AD.TESTLAB.DUNLAP.ORG
Valid starting Expires Service principal
Thu 14 Nov 2002 06:00:58 PM UTC Fri 15 Nov 2002 04:00:58 AM UTC krbtgt/AD.TESTLAB.DUNLAP.ORG@AD.TESTLAB.DUNLAP.ORG
renew until Thu 21 Nov 2002 06:00:58 PM UTC
[kevin@keymaster nsupdate]$ ./nsupdate -o
[kevin@keymaster nsupdate]$ gdb ./nsupdate ./core
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
Core was generated by `./nsupdate -o'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/local/krb5/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /usr/lib/libthread.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3
Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3
Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
#0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0,
ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502
502 for (p=section->first_child; p; p = p->next)
(gdb) p section
$1 = (struct profile_node *) 0x0
(gdb) p *section
Cannot access memory at address 0x0
(gdb) bt
#0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0,
ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502
#1 0xef4ff5e8 in profile_get_value (profile=0x131200, names=0xeeb0ec00,
ret_value=0xeeb0ec14) at prof_get.c:196
#2 0xef4ff828 in profile_get_integer (profile=0x131200,
name=0xef505ef8 "libdefaults", subname=0xef505f08 "clockskew",
subsubname=0x0, def_val=300, ret_int=0xeeb0ec8c) at prof_get.c:265
#3 0xef4d88b8 in init_common (context=0xef7984ac, secure=0) at init_ctx.c:144
#4 0xef4d86c0 in krb5_init_context (context=0xef7984ac) at init_ctx.c:70
#5 0xef77d298 in kg_get_context (minor_status=0xeeb0ef44, context=0xeeb0ee44)
at gssapi_krb5.c:185
#6 0xef77a180 in krb5_gss_acquire_cred (minor_status=0xeeb0ef44,
desired_name=0x0, time_req=4294967295, desired_mechs=0x0, cred_usage=1,
output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c,
time_rec=0xeeb0ef38) at acquire_cred.c:315
#7 0xef78294c in gss_acquire_cred (minor_status=0xeeb0ef44, desired_name=0x0,
time_req=4294967295, desired_mechs=0x0, cred_usage=1,
output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c,
time_rec=0xeeb0ef38) at krb5_gss_glue.c:70
#8 0x00085d40 in dst_gssapi_acquirecred (name=0x0, initiate=isc_boolean_true,
cred=0xeeb0f438) at gssapictx.c:153
#9 0x00022da8 in start_gssrequest (master=0x0) at nsupdate.c:1884
#10 0x000226dc in recvsoa (task=0x1349b0, event=0x0) at nsupdate.c:1800
#11 0x000ea43c in dispatch (manager=0x134938) at task.c:855
#12 0x000ea524 in run (uap=0x134938) at task.c:998
(gdb) list
497 * Find the section to list if we are a LIST_SECTION,
498 * or find the containing section if not.
499 */
500 section = iter->file->root;
501 for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
502 for (p=section->first_child; p; p = p->next)
503 if (!strcmp(p->name, *cpp) && !p->value)
504 break;
505 if (!p) {
506 section = 0;
(gdb) quit
[kevin@keymaster nsupdate]$ exit
script done on Thu 14 Nov 2002 06:04:06 PM UTC
--------------
krb5.conf
[libdefaults]
ticket_lifetime=24000
default_realm = AD.TESTLAB.DUNLAP.ORG
default_tgs_enctypes = des-cbc-md5
default_tkt_enctypes = des-cbc-md5
[realms]
AD.TESTLAB.DUNLAP.ORG = {
kdc = faye.ad.testlab.dunlap.org:88
admin_server = faye.ad.testlab.dunlap.org:749
default_domain = ad.testlab.dunlap.org
}
[domain_realm]
.ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG
ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
[pam]
debug=false
ticket_lifetime=36000
renew_lifetime=36000
forwardable=true
krb4_convert=false
diff -c prof_tree.c prof_tree.c-new
*** prof_tree.c Thu Nov 14 16:10:20 2002
--- prof_tree.c-new Thu Nov 14 16:10:07 2002
***************
*** 499,504 ****
--- 499,506 ----
*/
section = iter->file->root;
for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
+ if (!section)
+ break;
for (p=section->first_child; p; p = p->next)
if (!strcmp(p->name, *cpp) && !p->value)
break;
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP
id NAA15665; Thu, 14 Nov 2002 13:50:46 -0500 (EST)
Received: from shell.nominum.com (shell.nominum.com [128.177.192.160])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA18938
for <krb5-bugs@mit.edu>; Thu, 14 Nov 2002 13:50:45 -0500 (EST)
Received: from shell.nominum.com (localhost [127.0.0.1])
by shell.nominum.com (Postfix) with ESMTP id 9341B137F06
for <krb5-bugs@mit.edu>; Thu, 14 Nov 2002 10:50:44 -0800 (PST)
To: krb5-bugs@mit.edu
Subject: Segmentation Fault at prof_tree.c:502 on Solaris
Date: Thu, 14 Nov 2002 18:50:44 +0000
From: Kevin Dunlap <Kevin.Dunlap@nominum.com>
Message-Id: <20021114185044.9341B137F06@shell.nominum.com>
X-send-pr-version: 3.99
Show quoted text
>Submitter-Id: net
>Originator: Kevin J Dunlap - Kevin.Dunlap@nominum.com
>Organization:
Nominum, Inc>Originator: Kevin J Dunlap - Kevin.Dunlap@nominum.com
>Organization:
Show quoted text
>Confidential: yes
>Synopsis: Segmentation Fault at prof_tree.c:502 on Solaris
>Severity: serious
>Priority: high
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.2.6
>Environment:
System: SunOS keymaster 5.8 Generic_108528-16 sun4m sparc SUNW,SPARCstation-5>Synopsis: Segmentation Fault at prof_tree.c:502 on Solaris
>Severity: serious
>Priority: high
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.2.6
>Environment:
Architecture: sun4
Show quoted text
>Description:
Using GSS-API on Solaris Machine with Windows 2k as KDC.Program seg faults on line 502 of util/profile/prof_tree.c
Same software configuration compiled on FreeBSD does not Seg Fault.
Show quoted text
>How-To-Repeat:
Script started on Thu 14 Nov 2002 06:01:51 PM UTC[kevin@keymaster nsupdate]$ klist
klist: No credentials cache file found while setting cache flags (ticket cache /tmp/krb5cc_1001)
[kevin@keymaster nsupdate]$ kinit kevind
Password for kevind@AD.TESTLAB.DUNLAP.ORG:
[kevin@keymaster nsupdate]$ klist
Ticket cache: /tmp/krb5cc_1001
Default principal: kevind@AD.TESTLAB.DUNLAP.ORG
Valid starting Expires Service principal
Thu 14 Nov 2002 06:00:58 PM UTC Fri 15 Nov 2002 04:00:58 AM UTC krbtgt/AD.TESTLAB.DUNLAP.ORG@AD.TESTLAB.DUNLAP.ORG
renew until Thu 21 Nov 2002 06:00:58 PM UTC
[kevin@keymaster nsupdate]$ ./nsupdate -o
Show quoted text
> update add kjd.ad.testlab.dunlap.org. 200 in txt "this is a test"
>
Segmentation Fault (core dumped)>
[kevin@keymaster nsupdate]$ gdb ./nsupdate ./core
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
Core was generated by `./nsupdate -o'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/local/krb5/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /usr/lib/libthread.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3
Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3
Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
#0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0,
ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502
502 for (p=section->first_child; p; p = p->next)
(gdb) p section
$1 = (struct profile_node *) 0x0
(gdb) p *section
Cannot access memory at address 0x0
(gdb) bt
#0 0xef4fceb4 in profile_node_iterator (iter_p=0xeeb0eb80, ret_node=0x0,
ret_name=0x0, ret_value=0xeeb0eb7c) at prof_tree.c:502
#1 0xef4ff5e8 in profile_get_value (profile=0x131200, names=0xeeb0ec00,
ret_value=0xeeb0ec14) at prof_get.c:196
#2 0xef4ff828 in profile_get_integer (profile=0x131200,
name=0xef505ef8 "libdefaults", subname=0xef505f08 "clockskew",
subsubname=0x0, def_val=300, ret_int=0xeeb0ec8c) at prof_get.c:265
#3 0xef4d88b8 in init_common (context=0xef7984ac, secure=0) at init_ctx.c:144
#4 0xef4d86c0 in krb5_init_context (context=0xef7984ac) at init_ctx.c:70
#5 0xef77d298 in kg_get_context (minor_status=0xeeb0ef44, context=0xeeb0ee44)
at gssapi_krb5.c:185
#6 0xef77a180 in krb5_gss_acquire_cred (minor_status=0xeeb0ef44,
desired_name=0x0, time_req=4294967295, desired_mechs=0x0, cred_usage=1,
output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c,
time_rec=0xeeb0ef38) at acquire_cred.c:315
#7 0xef78294c in gss_acquire_cred (minor_status=0xeeb0ef44, desired_name=0x0,
time_req=4294967295, desired_mechs=0x0, cred_usage=1,
output_cred_handle=0xeeb0f438, actual_mechs=0xeeb0ef3c,
time_rec=0xeeb0ef38) at krb5_gss_glue.c:70
#8 0x00085d40 in dst_gssapi_acquirecred (name=0x0, initiate=isc_boolean_true,
cred=0xeeb0f438) at gssapictx.c:153
#9 0x00022da8 in start_gssrequest (master=0x0) at nsupdate.c:1884
#10 0x000226dc in recvsoa (task=0x1349b0, event=0x0) at nsupdate.c:1800
#11 0x000ea43c in dispatch (manager=0x134938) at task.c:855
#12 0x000ea524 in run (uap=0x134938) at task.c:998
(gdb) list
497 * Find the section to list if we are a LIST_SECTION,
498 * or find the containing section if not.
499 */
500 section = iter->file->root;
501 for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
502 for (p=section->first_child; p; p = p->next)
503 if (!strcmp(p->name, *cpp) && !p->value)
504 break;
505 if (!p) {
506 section = 0;
(gdb) quit
[kevin@keymaster nsupdate]$ exit
script done on Thu 14 Nov 2002 06:04:06 PM UTC
--------------
krb5.conf
[libdefaults]
ticket_lifetime=24000
default_realm = AD.TESTLAB.DUNLAP.ORG
default_tgs_enctypes = des-cbc-md5
default_tkt_enctypes = des-cbc-md5
[realms]
AD.TESTLAB.DUNLAP.ORG = {
kdc = faye.ad.testlab.dunlap.org:88
admin_server = faye.ad.testlab.dunlap.org:749
default_domain = ad.testlab.dunlap.org
}
[domain_realm]
.ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG
ad.TestLab.Dunlap.org = AD.TESTLAB.DUNLAP.ORG
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
[pam]
debug=false
ticket_lifetime=36000
renew_lifetime=36000
forwardable=true
krb4_convert=false
Show quoted text
>Fix:
diff -c prof_tree.c prof_tree.c-new
*** prof_tree.c Thu Nov 14 16:10:20 2002
--- prof_tree.c-new Thu Nov 14 16:10:07 2002
***************
*** 499,504 ****
--- 499,506 ----
*/
section = iter->file->root;
for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
+ if (!section)
+ break;
for (p=section->first_child; p; p = p->next)
if (!strcmp(p->name, *cpp) && !p->value)
break;