Strange segmentation fault in libkrb5.so.3.3 (1.6.4-beta1)

Dan Searle dan.searle at censornet.com
Thu Jan 21 10:19:37 EST 2010 

Hi,

We have an application which uses pam_krb5.so to perform user auth, 
however sometimes it SEGV's in ld-linux, but ld-linux is invoked from 
within libkrb5.so.3.3, see this trace and gdb diagnostics:

(gdb) bt
#0  0xb7f6d38b in ?? () from /lib/ld-linux.so.2
#1  0xb7f72c80 in ?? () from /lib/ld-linux.so.2
#2  0xb776d84a in krb5_get_init_creds_password (context=0x9d01538,
    creds=0x82bb6b0, client=0x8361cd8, password=0x82bb750 "******",
    prompter=0xb5c3ced0, data=0x9dbcf90, start_time=0, in_tkt_service=0x0,
    options=0x82bb708) at gic_pwd.c:398
#3  0xb5c3a326 in ?? () from /lib/security/pam_krb5.so
#4  0xb5c380be in pam_sm_authenticate () from /lib/security/pam_krb5.so
#5  0xb7dcd1c8 in ?? () from /lib/libpam.so.0
#6  0xb7dcca8d in pam_authenticate () from /lib/libpam.so.0

------------------------[snip]-----------------------------------------------

(gdb) up
#1  0xb7f72c80 in ?? () from /lib/ld-linux.so.2
(gdb) up
#2  0xb776d84a in krb5_get_init_creds_password (context=0x9d01538,
    creds=0x82bb6b0, client=0x8361cd8, password=0x82bb750 "Vlhs1.",
    prompter=0xb5c3ced0, data=0x9dbcf90, start_time=0, in_tkt_service=0x0,
    options=0x82bb708) at gic_pwd.c:398
398     gic_pwd.c: No such file or directory.
        in gic_pwd.c
(gdb) print chpw_opts
$1 = (krb5_get_init_creds_opt *) 0x8a77b88
(gdb) print context
$2 = (krb5_context) 0x9d01538
(gdb) print krb5_get_init_creds_opt_free
$3 = {void (krb5_context,
    krb5_get_init_creds_opt *)} 0xb776ca00 <krb5_get_init_creds_opt_free>

Here's the code snippet around gic_pwd.c:398

------------------------[snip]-----------------------------------------------
               /* ignore an error here */
               /* PROMPTER_INVOCATION */
               (*prompter)(context, data, 0, banner, 0, 0);
            }
      }
   }

   if (chpw_opts)
      krb5_get_init_creds_opt_free(context, chpw_opts);
 ^^^^^^^^^^^^^^^^^^^ Line 398 above ^^^^^^^^^^^^^^^^^^^^^^
   if (opte && krb5_gic_opt_is_shadowed(opte))
      krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt 
*)opte);
   memset(pw0array, 0, sizeof(pw0array));
   memset(pw1array, 0, sizeof(pw1array));
   krb5_free_cred_contents(context, &chpw_creds);
------------------------[snip]-----------------------------------------------

My guess was that ld-linux was called because the symbol referenced at 
gic_pwd.c:398 was unresolved, however, executing "print 
krb5_get_init_creds_opt_free" works fine (see above), so why was 
ld-linux even invoked at gic_pwd.c:398? and why did it crash?

Maybe I should ask in the ld-linux dev lists, but I thought I better ask 
here first.

Regards, Dan...

-- 
Dan Searle

CensorNet Ltd - professional & affordable Web & E-mail filtering
email: dan.searle at censornet.com web: www.censornet.com
tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592
snail: Vallon House, Vantage Court Office Park, Winterbourne,
       Bristol, BS16 1GW, UK.

CensorNet Ltd is a registered company in England & Wales No. 05518629
VAT registration number 901-2048-78
Any views expressed in this email communication are those of the
individual sender, except where the sender specifically states them to
be the views of a member of Censornet Ltd.  Censornet Ltd. does not
represent, warrant or guarantee that the integrity of this
communication has been maintained nor that the communication is free
of errors or interference. 


------------------------------------------------------------------------------------
Scanned for viruses, spam and offensive content by CensorNet MailSafe

Try CensorNet free for 14 days. Provide Internet access on your terms.
Visit www.censornet.com for more information.

More information about the krbdev mailing list