getent segfault with bad libnss-mysql config
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnss-mysql-bg (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libnss-mysql-bg
I have do an error with my config getspent SELECT userid,
But instead of exiting with an error, getent segfault
This is the result of valgrind getent shadow
==20700== Invalid read of size 8
==20700== at 0x60766B5: mysql_fetch_row (in /usr/lib/
==20700== by 0x5DED7FB: ??? (in /lib/libnss_
==20700== by 0x5DED20F: ??? (in /lib/libnss_
==20700== by 0x5DEE023: ??? (in /lib/libnss_
==20700== by 0x5DEE54B: _nss_mysql_
==20700== by 0x4F2897D: __nss_getent_r (getnssent_r.c:171)
==20700== by 0x4F19395: getspent_
==20700== by 0x4F2857A: __nss_getent (getnssent.c:38)
==20700== by 0x4F18951: getspent (getXXent.c:84)
==20700== by 0x40257C: shadow_keys (getent.c:799)
==20700== by 0x40360C: main (getent.c:972)
==20700== Address 0x10 is not stack'd, malloc'd or (recently) free'd
this is the the lucid packages affected
ii libnss-mysql-bg 1.5-2build1 NSS module for using MySQL as a naming servi
ii mysql-client-5.1 5.1.41-3ubuntu12.8 MySQL database client binaries
ii mysql-client-
ii mysql-common 5.1.41-3ubuntu12.8 MySQL database common files (e.g. /etc/mysql
ii mysql-server 5.1.41-3ubuntu12.8 MySQL database server (metapackage depending
ii mysql-server-5.1 5.1.41-3ubuntu12.8 MySQL database server binaries
ii mysql-server-
I have the same problem with an etch server
I have recompiled libnss-mysql-bg with debug symbols and so valgrind output is much usable
==27078== Invalid read of size 8 libmysqlclient. so.16.0. 0) fetch_row (mysql.c:318) load_shadow (nss_support.c:189) getspent_ r (mysql-spwd.c:92) r@@GLIBC_ 2.2.5 (getXXent_r.c:162)
==27078== at 0x60766B5: mysql_fetch_row (in /usr/lib/
==27078== by 0x5DED7FB: _nss_mysql_
==27078== by 0x5DED20F: _nss_mysql_
==27078== by 0x5DEE023: _nss_mysql_lookup (lookup.c:172)
==27078== by 0x5DEE54B: _nss_mysql_
==27078== by 0x4F2897D: __nss_getent_r (getnssent_r.c:171)
==27078== by 0x4F19395: getspent_
==27078== by 0x4F2857A: __nss_getent (getnssent.c:38)
==27078== by 0x4F18951: getspent (getXXent.c:84)
==27078== by 0x40257C: shadow_keys (getent.c:799)
==27078== by 0x40360C: main (getent.c:972)
==27078== Address 0x10 is not stack'd, malloc'd or (recently) free'd