[38892] in Kerberos
crash in krb5kdc
daemon@ATHENA.MIT.EDU (Sushmita Bhattacharya)
Thu Apr 1 10:39:16 2021
From: Sushmita Bhattacharya <sushmita.bhattacharya@oracle.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 1 Apr 2021 05:26:33 +0000
Message-ID: <CH2PR10MB4312B7673864226A43A597EC8B7B9@CH2PR10MB4312.namprd10.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am facing an issue with a Kerberos(krb5kdc) crash in process_tgs_req function, krb5 version 1.15.1. Backtrace below:-
(gdb) bt
#0 0x00007fec38d8d387 in raise () from /lib64/libc.so.6
#1 0x00007fec38d8ea78 in abort () from /lib64/libc.so.6
#2 0x00007fec38d861a6 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00007fec38d86252 in __assert_fail () from /lib64/libc.so.6
#4 0x00007fec3046d353 in ldap_get_values_len () from
/lib64/libldap_r-2.4.so.2
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#6 0x00007fec320173cb in ipadb_parse_ldap_entry () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#7 0x00007fec3201832b in ipadb_get_principal () from
/usr/lib64/krb5/plugins/kdb/ipadb.so
#8 0x00007fec3a918bb7 in krb5_db_get_principal () from /lib64/libkdb5.so.8
#9 0x000056443d95fff2 in kdc_get_server_key ()
#10 0x000056443d9603ce in kdc_process_tgs_req ()
#11 0x000056443d95ac97 in process_tgs_req ()
#12 0x000056443d958df3 in dispatch ()
#13 0x000056443d96c950 in process_tcp_connection_read ()
#14 0x00007fec39127b48 in verto_fire () from /lib64/libverto.so.1
#15 0x00007fec31242b13 in tevent_common_invoke_fd_handler () from
/lib64/libtevent.so.0
#16 0x00007fec31249087 in epoll_event_loop_once () from /lib64/libtevent.so.0
#17 0x00007fec31247057 in std_event_loop_once () from /lib64/libtevent.so.0
#18 0x00007fec3124225d in _tevent_loop_once () from /lib64/libtevent.so.0
#19 0x00007fec3912731f in verto_run () from /lib64/libverto.so.1
#20 0x000056443d957af6 in main ()
(gdb) q
We observed this crash with kerberos version 1.15.1.
The issue is that the ldap handle passed from function process_tgs_req , to function ipadb_parse_ldap_entry and eventually to openldap, is an invalid LDAP handle. Hence there is an assert failure in function ldap_get_values_len.
(gdb) f 4
#4 0x00007fec3046d353 in ldap_get_values_len (ld=ld@entry=0x56443f44b850,
entry=entry@entry=0x56443f5c4fe0,
target=target@entry=0x7fec3202192b "krbTicketFlags") at getvalues.c:98
98 assert( LDAP_VALID( ld ) );
(gdb) p ld->ldc->ldc_options.ldo_valid
$1 = -17435
(gdb) p/x ld->ldc->ldc_options.ldo_valid
$2 = 0xbbe5
(gdb) f 5
#5 0x00007fec3201422e in ipadb_ldap_attr_to_int
(lcontext=lcontext@entry=0x56443f44b850, le=le@entry=0x56443f5c4fe0,
attrname=attrname@entry=0x7fec3202192b "krbTicketFlags",
result=result@entry=0x7ffcdd2accc4) at ipa_kdb_common.c:383
383 vals = ldap_get_values_len(lcontext, le, attrname);
(gdb) f 7
#7 0x00007fec3201832b in ipadb_get_principal (kcontext=0x56443f47b920,
search_for=<optimized out>, flags=8192, entry=0x7ffcdd2acec8)
at ipa_kdb_principals.c:1311
1311 kerr = ipadb_parse_ldap_entry(kcontext, principal, lentry, entry,
&pol);
(gdb)
Any ideas on this issue ? Is there a specific fix available ? It looks like someone reported a similar crash here : https://pagure.io/freeipa/issue/5633, but there was no fix documented, and it got closed as there was insufficient info. Any help will be much appreciated.
Thanks,
Sushmita
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
