[Bug 1571456] Re: id crashed with SIGSEGV in sock_eq()

Launchpad Bug Tracker 1571456 at bugs.launchpad.net
Tue Oct 25 12:01:49 UTC 2016 

This bug was fixed in the package glibc - 2.23-0ubuntu4

---------------
glibc (2.23-0ubuntu4) xenial; urgency=medium

  * debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
  * debian/patches/git-updates.diff: Update from release/2.23/master branch:
    - Include fix for potential makecontext() hang on ARMv7 (CVE-2016-6323)
    - Include fix for SEGV in sock_eq with nss_hesiod module (LP: #1571456)
    - Include malloc fixes, addressing multithread deadlocks (LP: #1630302)
    - debian/patches/hurd-i386/cvs-libpthread.so.diff: Dropped, upstreamed.
    - debian/patches/any/submitted-argp-attribute.diff: Dropped, upstreamed.
    - debian/patches/hurd-i386/tg-hurdsig-fixes-2.diff: Rebased to upstream.
  * debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
    from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
  * debian/patches/any/cvs-cos-precision.diff: Fix cos() bugs (LP: #1614966)
  * debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.

 -- Adam Conrad <adconrad at ubuntu.com>  Fri, 14 Oct 2016 00:00:34 -0600

** Changed in: glibc (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6323

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1571456

Title:
  id crashed with SIGSEGV in sock_eq()

Status in GLibC:
  Unknown
Status in glibc package in Ubuntu:
  Fix Released
Status in glibc source package in Xenial:
  Fix Released
Status in glibc package in Debian:
  Confirmed
Status in glibc package in Fedora:
  Unknown

Bug description:
  [Impact]

  The nss_hesiod nsswitch module, which worked in previous releases,
  does not work at all in Ubuntu 16.04.  Enabling it causes NULL pointer
  dereferences in calls such as getpwuid().  This will prevent any user
  logins from succeeding in our environment of hundreds of workstations,
  which in turn blocks us from upgrading from 14.04 to 16.04.

  [Test Case]

  # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
  # cat > /etc/hesiod.conf <<EOF
  lhs=.ns
  rhs=.athena.mit.edu
  EOF
  # id andersk
  Segmentation fault (core dumped)

  Expected output: uid=39270(andersk) gid=101(…) groups=101(…).

  [Regression Potential]

  I wrote a 6-line patch that conditionalizes an errant res_nclose call.
  There is also a bigger upstream patch on the glibc 2.22 and 2.23
  stable branches that entirely removes the unused abstraction that
  necessitated the res_nclose calls at all.  Neither patch makes any
  changes outside of the glibc hesiod directory, which as of now is so
  thoroughly broken that there is nothing left to regress.

  [Other Info]

  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: coreutils 8.25-2ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  NonfreeKernelModules: openafs
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Apr 17 22:39:06 2016
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/id
  ExecutableTimestamp: 1455802667
  InstallationDate: Installed on 2016-02-19 (58 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
  ProcCmdline: id andersk
  ProcCwd: /home/anders
  SegvAnalysis:
   Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
   PC (0x7fef32217a88) ok
   source "%dx" ok
   destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: coreutils
  StacktraceTop:
   sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
   __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2 at entry=0x0, buflen2=buflen2 at entry=0, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
   __GI___res_nsend (statp=<optimized out>, buf=buf at entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans at entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz at entry=1024) at res_send.c:630
   get_txt_records (class=1, name=name at entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
   hesiod_resolve (context=context at entry=0xff27e0, name=name at entry=0x7ffd88e81190 "39270", type=type at entry=0x7fef3242a486 "uid") at hesiod.c:240
  Title: id crashed with SIGSEGV in sock_eq()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1571456/+subscriptions

More information about the foundations-bugs mailing list