[Bug 1571456] Re: id crashed with SIGSEGV in sock_eq()

Anders Kaseorg andersk at mit.edu
Tue Jul 19 02:54:00 UTC 2016 

This was fixed in yakkety’s libc6 2.23-1ubuntu1.  We are still waiting
for a xenial SRU.

** Description changed:

- To reproduce:
+ [Impact]
  
- sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
- cat > /etc/hesiod.conf <<EOF
+ The nss_hesiod nsswitch module, which worked in previous releases, does
+ not work at all in Ubuntu 16.04.  Enabling it causes NULL pointer
+ dereferences in calls such as getpwuid().
+ 
+ [Test Case]
+ 
+ # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
+ # cat > /etc/hesiod.conf <<EOF
  lhs=.ns
  rhs=.athena.mit.edu
  EOF
- id andersk
+ # id andersk
+ Segmentation fault (core dumped)
  
- This is a bug in nss_hesiod. See
- https://sourceware.org/bugzilla/show_bug.cgi?id=19573.
+ Expected output: uid=39270(andersk) gid=101(…) groups=101(…).
+ 
+ [Regression Potential]
+ 
+ I wrote a 6-line patch that conditionalizes an errant res_nclose call.
+ There is also a bigger upstream patch on the glibc 2.22 and 2.23 stable
+ branches that entirely removes the unused abstraction that necessitated
+ the res_nclose calls at all.  Neither patch makes any changes outside of
+ the glibc hesiod directory, which as of now is so thoroughly broken that
+ there is nothing left to regress.
+ 
  
  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: coreutils 8.25-2ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  NonfreeKernelModules: openafs
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Apr 17 22:39:06 2016
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/id
  ExecutableTimestamp: 1455802667
  InstallationDate: Installed on 2016-02-19 (58 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
  ProcCmdline: id andersk
  ProcCwd: /home/anders
  SegvAnalysis:
-  Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
-  PC (0x7fef32217a88) ok
-  source "%dx" ok
-  destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
+  Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
+  PC (0x7fef32217a88) ok
+  source "%dx" ok
+  destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: coreutils
  StacktraceTop:
-  sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
-  __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2 at entry=0x0, buflen2=buflen2 at entry=0, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
-  __GI___res_nsend (statp=<optimized out>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz at entry=1024) at res_send.c:630
-  get_txt_records (class=1, name=name at entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
-  hesiod_resolve (context=context at entry=0xff27e0, name=name at entry=0x7ffd88e81190 "39270", type=type at entry=0x7fef3242a486 "uid") at hesiod.c:240
+  sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
+  __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2 at entry=0x0, buflen2=buflen2 at entry=0, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
+  __GI___res_nsend (statp=<optimized out>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz at entry=1024) at res_send.c:630
+  get_txt_records (class=1, name=name at entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
+  hesiod_resolve (context=context at entry=0xff27e0, name=name at entry=0x7ffd88e81190 "39270", type=type at entry=0x7fef3242a486 "uid") at hesiod.c:240
  Title: id crashed with SIGSEGV in sock_eq()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark

** Description changed:

  [Impact]
  
  The nss_hesiod nsswitch module, which worked in previous releases, does
  not work at all in Ubuntu 16.04.  Enabling it causes NULL pointer
  dereferences in calls such as getpwuid().
  
  [Test Case]
  
  # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
  # cat > /etc/hesiod.conf <<EOF
  lhs=.ns
  rhs=.athena.mit.edu
  EOF
  # id andersk
  Segmentation fault (core dumped)
  
  Expected output: uid=39270(andersk) gid=101(…) groups=101(…).
  
  [Regression Potential]
  
  I wrote a 6-line patch that conditionalizes an errant res_nclose call.
  There is also a bigger upstream patch on the glibc 2.22 and 2.23 stable
  branches that entirely removes the unused abstraction that necessitated
  the res_nclose calls at all.  Neither patch makes any changes outside of
  the glibc hesiod directory, which as of now is so thoroughly broken that
  there is nothing left to regress.
  
+ [Other Info]
  
  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: coreutils 8.25-2ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  NonfreeKernelModules: openafs
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Apr 17 22:39:06 2016
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/id
  ExecutableTimestamp: 1455802667
  InstallationDate: Installed on 2016-02-19 (58 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
  ProcCmdline: id andersk
  ProcCwd: /home/anders
  SegvAnalysis:
   Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
   PC (0x7fef32217a88) ok
   source "%dx" ok
   destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: coreutils
  StacktraceTop:
   sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
   __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2 at entry=0x0, buflen2=buflen2 at entry=0, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
   __GI___res_nsend (statp=<optimized out>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz at entry=1024) at res_send.c:630
   get_txt_records (class=1, name=name at entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
   hesiod_resolve (context=context at entry=0xff27e0, name=name at entry=0x7ffd88e81190 "39270", type=type at entry=0x7fef3242a486 "uid") at hesiod.c:240
  Title: id crashed with SIGSEGV in sock_eq()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1571456

Title:
  id crashed with SIGSEGV in sock_eq()

Status in GLibC:
  Unknown
Status in glibc package in Ubuntu:
  Triaged
Status in glibc package in Debian:
  Fix Released
Status in glibc package in Fedora:
  Unknown

Bug description:
  [Impact]

  The nss_hesiod nsswitch module, which worked in previous releases,
  does not work at all in Ubuntu 16.04.  Enabling it causes NULL pointer
  dereferences in calls such as getpwuid().

  [Test Case]

  # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
  # cat > /etc/hesiod.conf <<EOF
  lhs=.ns
  rhs=.athena.mit.edu
  EOF
  # id andersk
  Segmentation fault (core dumped)

  Expected output: uid=39270(andersk) gid=101(…) groups=101(…).

  [Regression Potential]

  I wrote a 6-line patch that conditionalizes an errant res_nclose call.
  There is also a bigger upstream patch on the glibc 2.22 and 2.23
  stable branches that entirely removes the unused abstraction that
  necessitated the res_nclose calls at all.  Neither patch makes any
  changes outside of the glibc hesiod directory, which as of now is so
  thoroughly broken that there is nothing left to regress.

  [Other Info]

  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: coreutils 8.25-2ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  NonfreeKernelModules: openafs
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Apr 17 22:39:06 2016
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/id
  ExecutableTimestamp: 1455802667
  InstallationDate: Installed on 2016-02-19 (58 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
  ProcCmdline: id andersk
  ProcCwd: /home/anders
  SegvAnalysis:
   Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
   PC (0x7fef32217a88) ok
   source "%dx" ok
   destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: coreutils
  StacktraceTop:
   sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
   __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2 at entry=0x0, buflen2=buflen2 at entry=0, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
   __GI___res_nsend (statp=<optimized out>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz at entry=1024) at res_send.c:630
   get_txt_records (class=1, name=name at entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
   hesiod_resolve (context=context at entry=0xff27e0, name=name at entry=0x7ffd88e81190 "39270", type=type at entry=0x7fef3242a486 "uid") at hesiod.c:240
  Title: id crashed with SIGSEGV in sock_eq()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1571456/+subscriptions

More information about the foundations-bugs mailing list