Segmentation Fault in libpcre2-8-0 when using regex in (cifs) volume

Bug #1891552 reported by Daniel von Obernitz on 2020-08-13
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpam-mount (Ubuntu)
Undecided
Unassigned
Focal
Undecided
Utkarsh Gupta
Groovy
Undecided
Unassigned

Bug Description

[Impact]
========

Mounting a cifs volume with a regex condition results in a segfault.

[Test Plan]
===========

$ lxc launch images:ubuntu/focal lp1891552-fix-segfault

$ lxc shell lp1891552-fix-segfault

# apt update && apt install cifs-utils libpam-mount

# adduser user

// add the following lines in /etc/security/pam_mount.conf.xml above the "<mkmountpoint enable="1" remove="true" />" line.

<volume fstype="cifs" server="server.example.com" path="folder/%(USER)" mountpoint="/home/%(USER)/SUBFOLDER_%(USER)" options="domain=DOMAIN,dir_mode=0700,file_mode=0700">
  <and>
    <user regex="yes">^[a-z]{3}.*$</user>
  </and>
</volume>

# su - user

// you'll get a segfault.

// with the patched version, it shouldn't segfault and everything
// should work fine, as intended.

[Where Problems Could Occur]
============================

With this problem known, if the user has found a workaround for mounting a cifs volume using some extra configuration or so, then that could break the same on upgrade, I believe. For example, having a workaround way of inserting <volume> in /etc/security/pam_mount.conf.xml with manipulation and some hacking could get this to work and then upgrade could break the hack. But on a brighter side, they could get back to using the "right" way of inserting a <volume> in the .conf.xml file.

[Other Info]

The autopkgtests of this package that we've added back in Bionic have degraded since then and were regularly failing. We know the fixes and they were already accepted by Debian. As usual with test fixes they do not
qualify for an upload/SRU on their own, but since we touch these packages anyway we also include the test fixes which will help to add back some coverage. Also OTOH the SRU would be blocked with unresolvable test issues without doing so.

[Discussion(s)]
===============

At system start the system freezes completely. Then I retested during a running session on the command line and I'm getting the error message

Segmentation fault

when I login to another user.

If I remove the 'regex="yes"' everything works.
If I remove the "and" condition everything works.
If I downgrade the libpam-mount package to version 2.16-3ubuntu0.1 of Ubuntu 18.04 everything works including using the regex condition. In Ubuntu 18.04 everything worked fine as well.

Related branches

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Daniel,
this seems like a legitimate issue but we'd need some more info.

1. can you on top of the XML config also provide the full exact commands/configs you used for server and client in this case

2. Which application gets the segfault - the server or the mounting client?

3. did you get a core dump of the segfault - if so could you attach that to the bug
See https://help.ubuntu.com/community/ReportingBugs#Reporting_a_crash for some help

Revision history for this message
Daniel von Obernitz (itzonban) wrote :

Hi Christian,

2. The mounting client gets the segfault.

1. To reproduce it on Ubuntu 20.04 I switch to root on the terminal via 'sudo -su'. Then I switch to another user.

Without the regex in the pam_mount.conf.xml it looks like this:

root@ubuntu2004:/# su - user
reenter password for pam_mount:
HXproc_run_async: pmvarrun: No such file or directory
user@ubuntu2004:~$

The CIFS-Directory is mounted.

With the regex it looks like this:

root@ubuntu2004:/# su - user
Segmentation fault
root@ubuntu2004:/#

3. Unfortunately there is no core dump of the segfault.

Revision history for this message
Daniel von Obernitz (itzonban) wrote :

In /var/log/syslog I get the following error message when the segfault appears:

Aug 14 11:26:26 ubuntu2004 kernel: [ 285.174018] traps: su[2526] general protection fault ip:7f5818e4c271 sp:7ffced650520 error:0 in libpcre2-8.so.0.9.0[7f5818e3d000+64000]

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

@Andreas - is that something that can be reproduced with one of your samba-related test suites without having to start from scratch?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Also adding src:pcre2 task as the crash seems to be in that lib.
Thanks Daniel for the log output.

summary: - Segmentation Fault when using regex in (cifs) volume
+ Segmentation Fault in libpcre2-8-0 when using regex in (cifs) volume
Revision history for this message
Daniel von Obernitz (itzonban) wrote :

Is there something new on this topic?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libpam-mount - 2.17-2

---------------
libpam-mount (2.17-2) unstable; urgency=medium

  * Make d/not-installed arch independent
  * Document sshfs without fd0ssh.
    Thanks to Michel Le Bihan (Closes: #952989)

 -- Jochen Sprickerhof <email address hidden> Fri, 25 Dec 2020 16:54:23 +0100

Changed in libpam-mount (Ubuntu):
status: New → Fix Released
Changed in pcre2 (Ubuntu):
status: New → Invalid
Revision history for this message
Daniel von Obernitz (itzonban) wrote :

Thanks for the fix. Do you know when this version will be released in the focal repository?

Paride Legovini (paride) on 2021-01-21
Changed in libpam-mount (Ubuntu Focal):
status: New → Triaged
Revision history for this message
Paride Legovini (paride) wrote :

This was fixed in Debian by [1] and landed in Hirsute as part of a sync. The fix won't land in Focal automatically, it's Stable Release Update [1] that has to be driven manually.

[1] https://salsa.debian.org/debian/libpam-mount/-/commit/c166793d582048587a4091a6deed9824b535f4c8
[2] https://wiki.ubuntu.com/StableReleaseUpdates

tags: added: server-next
Utkarsh Gupta (utkarsh) on 2021-03-26
description: updated
description: updated
Changed in libpam-mount (Ubuntu Focal):
assignee: nobody → Utkarsh Gupta (utkarsh)
no longer affects: pcre2 (Ubuntu)
no longer affects: pcre2 (Ubuntu Focal)
description: updated
Utkarsh Gupta (utkarsh) on 2021-03-30
Changed in libpam-mount (Ubuntu Focal):
status: Triaged → Fix Committed
status: Fix Committed → Triaged
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Daniel, or anyone else affected,

Accepted libpam-mount into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libpam-mount/2.16-10ubuntu0.20.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in libpam-mount (Ubuntu Groovy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-groovy
Changed in libpam-mount (Ubuntu Focal):
status: Triaged → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Daniel, or anyone else affected,

Accepted libpam-mount into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libpam-mount/2.16-10ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Daniel von Obernitz (itzonban) wrote :

Hi Brian,

I tested the focal-proposed version with my configured pam_mount.conf.xml and it seems to be working fine now.

Package Version:
libpam-mount/focal-proposed,now 2.16-10ubuntu0.20.04.1 amd64

In my pam_mount.conf.xml I am using a 'regex="yes"' and an "and" condition.

I switched to a different user on the terminal, the matching regex is shown and the volume is mounted correctly.

Thanks a lot!
Daniel

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Thank you for the verification! Can someone also verify the groovy (20.10) package? Since we can't release the older series without newer ones ready beforehand.

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Hello Lukasz,

Tested for groovy [libpam-mount:amd64 (2.16-10ubuntu0.20.10.1)]:

# Before applying the patched version

root@temp:~# nano /etc/security/pam_mount.conf.xml
root@temp:~# su - user
Segmentation fault (core dumped)

# Adding the proposed repository

root@temp:~# nano /etc/apt/sources.list
root@temp:~# apt update && apt upgrade

# After applying the patched version

root@temp:~# su - user
(rdconf1.c:618): pcre_exec: /^[a-z]{3}.*$/: 1 matches

Thus, confirmed that update works and indeed fixes the problem. Thanks!

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Oh, thanks! Adjusting the tags and proceeding with the release.

tags: added: verification-done verification-done-groovy
removed: verification-needed verification-needed-groovy
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for libpam-mount has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libpam-mount - 2.16-10ubuntu0.20.04.1

---------------
libpam-mount (2.16-10ubuntu0.20.04.1) focal; urgency=medium

  [ Utkarsh Gupta ]
  * Fix segmentation fault in libpcre2-8-0 when using regex
    in (cifs) volume. (LP: #1891552)
    - d/p/0016-Port-to-pcre2.patch: Fix pcre2 patch.
    Thanks to Jochen Sprickerhof for the patch.

  [ Christian Ehrhardt ]
  * d/t/local-luks: fix autopkgtests.

 -- Utkarsh Gupta <email address hidden> Fri, 26 Mar 2021 20:02:14 +0530

Changed in libpam-mount (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libpam-mount - 2.16-10ubuntu0.20.10.1

---------------
libpam-mount (2.16-10ubuntu0.20.10.1) groovy; urgency=medium

  [ Utkarsh Gupta ]
  * Fix segmentation fault in libpcre2-8-0 when using regex
    in (cifs) volume. (LP: #1891552)
    - d/p/0016-Port-to-pcre2.patch: Fix pcre2 patch.
    Thanks to Jochen Sprickerhof for the patch.

  [ Christian Ehrhardt ]
  * d/t/local-luks: fix autopkgtests.

 -- Utkarsh Gupta <email address hidden> Fri, 26 Mar 2021 20:02:14 +0530

Changed in libpam-mount (Ubuntu Groovy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers