Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 679557 - PyPAM-0.5.0-3el5sat segfault when authenticating or registering clients on Satellite using users stored in Active Directory
Summary: PyPAM-0.5.0-3el5sat segfault when authenticating or registering clients on Sa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Usability
Version: 540
Hardware: All
OS: All
medium
medium
Target Milestone: ---
Assignee: Jan Pazdziora
QA Contact: Tomas Lestach
URL:
Whiteboard:
Depends On:
Blocks: sat541-blockers
TreeView+ depends on / blocked
 
Reported: 2011-02-22 20:45 UTC by Marcelo Moreira de Mello
Modified: 2018-11-14 15:40 UTC (History)
9 users (show)

Fixed In Version: PyPAM-0.5.0-11.1.el5sat
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 679714 (view as bug list)
Environment:
Last Closed: 2011-06-17 02:45:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
PyPAM-0.5.0-nofree.patch (1.61 KB, patch)
2011-02-22 20:58 UTC, Marcelo Moreira de Mello 		no flags Details | Diff
PyPAM-0.5.0-dealloc.patch (607 bytes, patch)
2011-02-22 20:59 UTC, Marcelo Moreira de Mello 		no flags Details | Diff
Correct patch with proper deallocation in the error condition (1.85 KB, patch)
2011-02-23 10:05 UTC, Tomas Mraz 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 658955 0 low CLOSED core dump when using example script 2022-05-16 11:32:56 UTC

Internal Links: 658955

Description Marcelo Moreira de Mello 2011-02-22 20:45:48 UTC 
Description of problem:

When using package provided in Satellite 5.4 PyPAM-0.5.0-3el5sat and registering clients using users stored in Active Directory (Samba + Winbind), httpd process dies with a segfault error. 

[Tue Jan 11 13:15:08 2011] [notice] child pid 25658 exit signal Segmentation fault (11)
[Tue Jan 11 13:15:13 2011] [notice] child pid 28084 exit signal Segmentation fault (11)
[Tue Jan 11 13:15:19 2011] [notice] child pid 27209 exit signal Segmentation fault (11)
[Tue Jan 11 13:15:24 2011] [notice] child pid 27213 exit signal Segmentation fault (11)
Tue Jan 11 13:15:30 2011] [notice] child pid 27210 exit signal Segmentation fault (11)

Analysing the core file, we can observe the follow error: 


Program terminated with signal 11, Segmentation fault.
#0  0x00002b13bbbb488e in free () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b13bbbb488e in free () from /lib64/libc.so.6
#1  0x00002b13d6bacdf0 in PyPAM_conv (num_msg=1, msg=0x7fff66806ef0, resp=0x7fff66806f10, appdata_ptr=0x2b13d6b0e330) at PAMmodule.c:59
#2  0x00002b13d73e3863 in ?? () from /lib64/security/pam_winbind.so
#3  0x00002b13d73e438d in ?? () from /lib64/security/pam_winbind.so
#4  0x00002b13d73e693c in pam_sm_authenticate () from /lib64/security/pam_winbind.so
#5  0x00002b13d6dbddc7 in _pam_dispatch () from /lib64/libpam.so.0
#6  0x00002b13d6dbd6d2 in pam_authenticate () from /lib64/libpam.so.0
#7  0x00002b13d6bad2d7 in PyPAM_authenticate (self=0x2b13d6b0e330, args=<value optimized out>) at PAMmodule.c:215


Looks like the free from the loop is what is causing issues:

    if (NULL != self->response_data) {
        for (int i = 0; i < self->response_len; i++) {
            free(self->response_data[0].resp);
        }
        free(self->response_data);
        self->response_data = NULL;
        self->response_len = 0;
    }

Version-Release number of selected component (if applicable):
Red Hat Network Satellite 5.4

How reproducible:
100%

Steps to Reproduce:
1. Configure Satellite to authenticate against AD using Samba + Winbind 
2. Set the pam environment

   /etc/pam.d/rhn-satellite

#%PAM-1.0
auth required /lib64/security/pam_winbind.so
auth sufficient /lib64/security/pam_winbind.so
auth required /lib64/security/pam_deny.so
account required /lib64/security/pam_winbind.so

3. Try to register a client
  
Actual results:

httpd segfault

Expected results:

register works properly 


Additional Info: 

If the PyPAM is downgrade to version shipped in Red Hat Network Satellite 5.3, the segfault does not happen.
Comment 2 Marcelo Moreira de Mello 2011-02-22 20:58:36 UTC 
Created attachment 480248 [details]
PyPAM-0.5.0-nofree.patch

Hello, 

We created a **TEST** package to customer backporting 2 fixes: 

   * Tue Feb 22 2011 Marcelo Moreira de Mello <mmello> 0.5.0-9.SFDC.00401329.TEST
- backport fix PyPAM-0.5.0-nofree.patch

 * Tue Feb 22 2011 Miroslav Suchý <msuchy> 0.5.0-8
- 658955 - fix two bugs in the PAM object deallocation
- add -fno-strict-aliasing to CFLAGS

The backport patches files are attached on the case. 

Kind Regards, 
Marcelo Moreira de Mello
Comment 3 Marcelo Moreira de Mello 2011-02-22 20:59:25 UTC 
Created attachment 480249 [details]
PyPAM-0.5.0-dealloc.patch


Including PyPAM-0.5.0-dealloc.patch backport fix.
Comment 6 Marcelo Moreira de Mello 2011-02-22 21:04:27 UTC 
Hello, 

TEST package PyPAM-0.5.0-9.SFDC.00401329.TEST.el5sat.x86_64.rpm sent to customer. 

We are waiting customer's feedback. In our labs, the issue were fixed. 

Kind Regards, 
Marcelo Moreira de Mello
Comment 7 Marcelo Moreira de Mello 2011-02-22 21:07:38 UTC 
Hello, 

Customer confirmed that package worked: "Verified that the 0.5.0-9 build no longer segfaults for rhnreg_ks"

Kind Regards, 
Marcelo Moreira de Mello
Comment 8 Greg Bock 2011-02-22 21:17:47 UTC 
Other test cases were failures to push configs from the rhnproxy command line installer. I currently don't have enough entitlements to retest.
Comment 9 Greg Bock 2011-02-23 01:01:46 UTC 
After a bit more digging it seems you can work around the original issue by adding an auth option that will fail (I used pam_unix in the test case):

[pam.d]$ cat rhn-satellite
#%PAM-1.0

auth    sufficient      /lib64/security/$ISA/pam_unix.so likeauth nullok
auth    required        /lib64/security/$ISA/pam_winbind.so use_first_pass
auth    sufficient      /lib64/security/$ISA/pam_winbind.so use_first_pass
auth    required        /lib64/security/$ISA/pam_deny.so
account required        /lib64/security/$ISA/pam_winbind.so


I doubt this is directly related to winbind or AD.
Comment 10 Tomas Mraz 2011-02-23 10:05:46 UTC 
Created attachment 480399 [details]
Correct patch with proper deallocation in the error condition

Please test with this patch. Although to test the deallocation an error in the conversation function in the response must be done.
Comment 11 Miroslav Suchý 2011-02-23 15:06:21 UTC 
Fixed in Fedora and Epel in BZ 679714. Will be fixed in RHEL6.1.
Comment 12 Greg Bock 2011-02-23 15:46:44 UTC 
This appears to be working properly now.
Comment 15 Jan Pazdziora 2011-04-07 12:00:00 UTC 
Taking.
Comment 16 Jan Pazdziora 2011-04-07 13:00:15 UTC 
We've rebased to PyPAM-0.5.0-11 from RHEL 5 EPEL which is equivalent to PyPAM-0.5.0-12 from RHEL 6.1.

Tagged and built as PyPAM-0.5.0-11.1.el5sat.
Comment 17 Greg Bock 2011-04-07 13:10:47 UTC 
Any idea when this will hit GA?
Comment 18 Clifford Perry 2011-04-07 15:10:07 UTC 
It is aligned to the Satellite 5.4.1 Blocker bugfix. As such, it is part of the 5.4.1 release. Release dates are not posted in public, please contact Red Hat Support or your account sales rep to verify NDA agreements for the account before information such as release dates to be provided. 

Regards,
Clifford
Comment 20 Tomas Lestach 2011-05-19 15:20:57 UTC 
Setting Customer VERIFIED.
Comment 24 Clifford Perry 2011-06-17 02:45:00 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

https://rhn.redhat.com/errata/RHEA-2011-0875.html
Note You need to log in before you can comment on or make changes to this bug.