Segmentation fault when trying to start kadmind

Greg Hudson ghudson at
Tue Jul 18 11:50:53 EDT 2017

On 07/17/2017 07:48 PM, Joshua Schaeffer wrote:
>>     1222            rc = krb5_db_get_principal(context, mname, 0, &master_entry);
>>     1223            if (rc == 0) {
>>     1224                *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
>>     1225                krb5_db_free_principal(context, master_entry);
>>     1226            } else
>>     1227                *kvno = 1;
>>     1228        }
>> I don't really know where to go from here. I don't know this code well enough to figure out why the segmentation error is occurring. Can anybody help me out? If you need additional information, I'd be happy to provide.

The proximal bug is that master_entry->key_data is an array, bounded by
master_entry->n_key_data, and this code isn't checking if
master_entry->n_key_data > 0 before dereferencing the first element.
You could fix that bug (set *kvno = 1 if n_key_data is 0) and probably
get kdb5_util stash and kadmind to report an error rather than crash.

That leaves several mysteries, which I don't have the answer to:

* Why does the master DB entry (K/M) have no key data?

* Why isn't the code able to load the shared object from
/usr/local/lib/krb5/plugins/kdb/kldap?  (It is probably falling back to
the module in the system directory which is the 1.13.x code, which is
why it continues to work at all.)

* Where is that "invalid file descriptor -1 in syscall write()" event
occurring in the code, and why?  It happens before the master password
is read, so it's presumably not from the code that writes the stash file.

* Why didn't kdb5_ldap_util create -s make a stash file?  (Did you
re-run kdb5_ldap_util create after locally building 1.15.1?  If not, the
stash file might be in a different place than the 1.15.1 code is looking
for it.)

More information about the Kerberos mailing list