Project Moonshot

Segfault when using flat-file created by moonshot-webp

Bug #1249863 reported by Adam Bishop on 2013-11-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Project Moonshot	Fix Released	Undecided	Kevin Wasserman

Bug Description

When the flat file store exists, but the gnome keyring one doesn't, freeradius (or more specifically, the tidc) segfaults:

[Switching to Thread 0xb55b8b70 (LWP 17766)]
peerInitEapChannelBinding (ctx=0x8315df8, minor=0xb55b74d8) at init_sec_context.c:244
244 init_sec_context.c: No such file or directory.
(gdb) bt full
#0 peerInitEapChannelBinding (ctx=0x8315df8, minor=0xb55b74d8) at init_sec_context.c:244
        buf = 0x8323058
        major = 0
        krbContext = 0x0
        chbindReqFlags = 1
        princ = 0x8322fc8
        nameBuf = {length = 13, value = 0x8322398}
#1 eapGssSmInitAcceptorName (minor=0xb55b74d8, cred=0x0, ctx=0x8315df8, target=0x8315d98, mech=0xb55b7500, reqFlags=62, timeReq=4294967295, chanBindings=0x0, inputToken=0x0, outputToken=0xb55b72e0, smFlags=0xb55b72bc) at init_sec_context.c:806
        major = <optimized out>
#2 0xb4d72f1d in gssEapSmStep (minor=minor@entry=0xb55b74d8, cred=cred@entry=0x0, ctx=ctx@entry=0x8315df8, target=target@entry=0x8315d98, mech=mech@entry=0xb55b7500, reqFlags=reqFlags@entry=62, timeReq=timeReq@entry=4294967295,
    chanBindings=chanBindings@entry=0x0, inputToken=inputToken@entry=0x0, outputToken=outputToken@entry=0xb55b7508, sm=sm@entry=0xb4db6d80, smCount=smCount@entry=8) at util_sm.c:268
        processToken = <optimized out>
        innerInputToken = <optimized out>
        innerOutputToken = {length = 13, value = 0x831f000}
        smp = <optimized out>
        inputTokenType = <optimized out>
        major = <optimized out>
        tmpMajor = <optimized out>
        tmpMinor = <optimized out>
        inputTokens = {buffers = {count = 0, elements = 0x0}, types = 0x0}
        outputTokens = {buffers = {count = 0, elements = 0x8322fe8}, types = 0x8323030}
        unwrappedInputToken = {length = 0, value = 0x0}
        unwrappedOutputToken = {length = 0, value = 0x0}
        smFlags = 0
        i = <optimized out>
        j = <optimized out>
        tokType = 3082227399
        __PRETTY_FUNCTION__ = "gssEapSmStep"
#3 0xb4d677e8 in gssEapInitSecContext (minor=minor@entry=0xb55b74d8, cred=cred@entry=0x0, ctx=0x8315df8, target_name=target_name@entry=0x8315d98, mech_type=mech_type@entry=0xb55b7500, req_flags=req_flags@entry=62, time_req=time_req@entry=4294967295,
    input_chan_bindings=input_chan_bindings@entry=0x0, input_token=input_token@entry=0x0, actual_mech_type=actual_mech_type@entry=0x0, output_token=output_token@entry=0xb55b7508, ret_flags=ret_flags@entry=0xb55b74ec, time_rec=time_rec@entry=0x0)
    at init_sec_context.c:1253
        major = <optimized out>
        tmpMinor = <optimized out>
        initialContextToken = 1
        __PRETTY_FUNCTION__ = "gssEapInitSecContext"
#4 0xb4d67be2 in gss_init_sec_context (minor=0xb55b74d8, cred=0x0, context_handle=0x8315610, target_name=0x8315d98, mech_type=0xb55b7500, req_flags=62, time_req=4294967295, input_chan_bindings=0x0, input_token=0x0, actual_mech_type=0x0, output_token=0xb55b7508,
    ret_flags=0xb55b74ec, time_rec=0x0) at init_sec_context.c:1336
        major = <optimized out>
        tmpMinor = 9
        ctx = 0x8315df8
#5 0xb79215a6 in gss_init_sec_context () from /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2
No symbol table info available.
#6 0xb7a13a6f in ?? () from /usr/lib/i386-linux-gnu/libtr_tid.so.0
No symbol table info available.
#7 0xb7a119fe in tidc_open_connection () from /usr/lib/i386-linux-gnu/libtr_tid.so.0
No symbol table info available.
#8 0xb7a2b461 in tr_query_realm (q_realm=q_realm@entry=0x826fbb9 "dev.ja.net", q_community=0x822ad30 "apc.moonshot.ja.net", q_rprealm=0x822ad78 "ms-ssh-sp.dev.ja.net", q_trustrouter=0x822adc8 "tr1.moonshot.ja.net")
    at src/modules/rlm_realm/trustrouter_integ.c:213
        conn = 0
        rc = <optimized out>
        gssctx = <optimized out>
        cookie = 0x826fbc8
#9 0xb7a2a8aa in check_for_realm (returnrealm=0xb55b763c, request=<optimized out>, instance=0x822a7d8) at src/modules/rlm_realm/rlm_realm.c:172
        username = <optimized out>
        vp = <optimized out>
        realm = 0x0
        namebuf = 0x826fbb8 ""
        realmname = <optimized out>
        ptr = <optimized out>
#10 check_for_realm (instance=0x822a7d8, request=<optimized out>, returnrealm=0xb55b763c) at src/modules/rlm_realm/rlm_realm.c:68
        inst = 0x822a7d8
#11 0xb7a2aa40 in mod_authorize (instance=0x822a7d8, request=0x82791f8) at src/modules/rlm_realm/rlm_realm.c:392
        rcode = <optimized out>
        realm = 0x0
#12 0x08065aaa in call_modsingle (request=0x82791f8, component=1, sp=<optimized out>) at src/main/modcall.c:311
---Type <return> to continue, or q <return> to quit---
        myresult = <optimized out>
        blocked = <optimized out>
#13 modcall (component=component@entry=1, c=c@entry=0x8232060, request=request@entry=0x82791f8) at src/main/modcall.c:785
        cursor = {first = 0xb7d8da9a, found = 0x1, last = 0x0, current = 0x0, next = 0x0}
        myresult = 1
        mypriority = 2
        stack = {pointer = 1, priority = {<optimized out> <repeats 32 times>}, result = {<optimized out> <repeats 32 times>}, children = {<optimized out> <repeats 32 times>}, start = {<optimized out> <repeats 32 times>}}
        parent = 0x8232060
        child = 0x82321b0
        if_taken = 0
        was_if = 0
#14 0x08063779 in indexed_modcall (comp=comp@entry=1, idx=idx@entry=0, request=request@entry=0x82791f8) at src/main/modules.c:758
        rcode = <optimized out>
        list = 0x8232060
        server = <optimized out>
#15 0x080642cb in process_authorize (autz_type=autz_type@entry=0, request=request@entry=0x82791f8) at src/main/modules.c:1640
No locals.
#16 0x08053dd0 in rad_authenticate (request=0x82791f8) at src/main/auth.c:426
        namepair = <optimized out>
        check_item = <optimized out>
        auth_item = 0x0
        module_msg = <optimized out>
        tmp = <optimized out>
        result = <optimized out>
        autz_retry = 0 '\000'
        autz_type = 0
#17 0x080727ad in request_running (action=1, request=0x82791f8) at src/main/process.c:1186
No locals.
#18 request_running (request=0x82791f8, action=1) at src/main/process.c:1155
No locals.
#19 0x0806cd6a in request_handler_thread (arg=0x8247d08) at src/main/threads.c:685
        self = 0x8247d08
#20 0xb7cd0c39 in start_thread () from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
No symbol table info available.
#21 0xb7bcc78e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.

Revision history for this message

Kevin Wasserman (krwasserman) wrote on 2013-11-11:

This segfault occurs in mecheap while constructing channel bindings when the acceptor principal has no realm component. I'll submit a fix shortly.

Kevin Wasserman (krwasserman) on 2013-11-11

Changed in moonshot:
assignee:	nobody → Kevin Wasserman (krwasserman)
status:	New → Fix Committed

Trish Zagarella (trishzag) on 2014-07-14

Changed in moonshot:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.