This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12112] New: possible segfault in getlogin() when /proc/self/loginuid contains invalid uid..
- From: "tolzmann at molgen dot mpg.de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Tue, 12 Oct 2010 15:24:18 +0000
- Subject: [Bug libc/12112] New: possible segfault in getlogin() when /proc/self/loginuid contains invalid uid..
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12112
Summary: possible segfault in getlogin() when
/proc/self/loginuid contains invalid uid..
Product: glibc
Version: 2.12
Status: UNCONFIRMED
Severity: minor
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: tolzmann@molgen.mpg.de
Overview:
the screen cmd crahes with a Segfault, when /proc/self/loginuid contains an
invalid uid:
-bash-4.1# screen
Segmentation fault (core dumped)
-bash-4.1# cat /proc/self/loginuid
4294967295-bash-4.1#
-bash-4.1# echo 0 >/proc/self/loginuid
-bash-4.1# cat /proc/self/loginuid
0-bash-4.1#
-bash-4.1# screen
[screen is terminating]
gdb-backtrace:
Program terminated with signal 11, Segmentation fault.
#0 internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
206 ((unsigned char *) data->linebuffer)[linebuflen - 1] = '\xff';
(gdb) bt full
#0 internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
p = <value optimized out>
data = 0x7fff87a8d080
linebuflen = 8192
parse_result = <value optimized out>
#1 0x00007f00ce16a561 in _nss_files_getpwuid_r (uid=4294967295,
result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody", buflen=8192,
errnop=0x7f00cef896a8) at nss_files/files-pwd.c:40
status = NSS_STATUS_SUCCESS
#2 0x00007f00ce410aad in __getpwuid_r (uid=4294967295, resbuf=0x7fff87a8d4b0,
buffer=0x7fff87a8d080 "nobody", buflen=8192, result=0x7fff87a8d4f0) at
../nss/getXXbyYY_r.c:253
startp_initialized = true
startp = 0x5b5bbdb45faba935
start_fct = 0xa55a21551caba935
nip = 0x660520
fct = {l = 0x7f00ce16a4a0 <_nss_files_getpwuid_r>, ptr =
0x7f00ce16a4a0}
no_more = <value optimized out>
status = <value optimized out>
nscd_status = <value optimized out>
res = <value optimized out>
#3 0x00007f00ce41304a in __getlogin_r_loginuid (name=0x7f00ce6d8f40 "",
namesize=33) at ../sysdeps/unix/sysv/linux/getlogin_r.c:63
fd = <value optimized out>
uidbuf = "4294967295\000"
n = <value optimized out>
uid = 4294967295
endp = 0x7fff87a8d4ea ""
buflen = 8192
buf = 0x7fff87a8d080 "nobody"
use_malloc = false
pwd = {pw_name = 0x7fff87a8d080 "nobody", pw_passwd = 0x7fff87a8d087
"x", pw_uid = 65534, pw_gid = 65534, pw_gecos = 0x7fff87a8d095 "Unprivileged
User", pw_dir = 0x7fff87a8d0a7 "/dev/null",
pw_shell = 0x7fff87a8d0b1 "/bin/false"}
tpwd = <value optimized out>
res = <value optimized out>
result = <value optimized out>
needed = <value optimized out>
#4 0x00007f00ce412d25 in getlogin () at
../sysdeps/unix/sysv/linux/getlogin.c:35
No locals.
#5 0x0000000000404e7b in main (ac=<value optimized out>, av=0x7fff87a8e9a0) at
/tmp/beeroot/screen/screen-4.0.3-0/source/screen.c:851
n = <value optimized out>
ap = <value optimized out>
av0 = 0x7fff87a8ee55 "/usr/bin/screen"
socknamebuf =
"\330\022e\000\001\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\334\006\327\316\000\177\000\000P\345\250\207\377\177\000\000\000\000\000\000\000\000\000\000\310\022e\000\000\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\260\200\070\316\000\177\000\000\330\t\371\316\000\177\000\000\300\264\370\316\000\177\000\000\023\000\000\000\000\000\000\000\330\t\371\316\000\177\000\000\260\346\250\207\377\177\000\000t\361\327\316\000\177\000\000\300\025\070\316\000\177\000\000\212\212\327\316\000\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000Uu\307\001\000\000\000\000\240\027\371\316\000\177\000\000\177U\335q\000\000\000\000\022\222\327\316\000\177\000\000\001\000\000\000\000\000\000\000?\000\000\000\000\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\020\350\250\207\377\177\000\000\212\212\327\316\000\177\000\000\210a\251\207\377\177\000\000\000\347\250\207\377\177\000\000\250\005\327\316\000\177\000\000\000\347"...
mflag = <value optimized out>
myname = <value optimized out>
SockDir = <value optimized out>
st = {st_dev = 140735469381880, st_ino = 139641449157096, st_nlink =
4131212846, st_mode = 3470234914, st_uid = 32512, st_gid = 0, __pad0 = 0,
st_rdev = 139641449134752,
st_size = 139637976727553, st_blksize = 0, st_blocks = 1, st_atim =
{tv_sec = 139641449157096, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0},
st_ctim = {tv_sec = 0, tv_nsec = 0},
__unused = {139641449157952, 140735469381760, 140735469381784}}
oumask = <value optimized out>
nwin = {StartAt = -1, aka = 0x0, args = 0x0, dir = 0x0, term = 0x0,
aflag = -1, flowflag = -1, lflag = -1, histheight = -1, monitor = -1, wlock =
-1, silence = -1, wrap = -1, Lflag = -1,
slow = -1, gr = -1, c1 = -1, bce = -1, encoding = -1, hstatus = 0x0,
charset = 0x0}
detached = 0
sockp = <value optimized out>
(gdb) print LoginName
$7 = 0x0
Steps to Reproduce:
i was not able to get a simple getlogin()-program to crash the same way
yet.
but my screen-4.0.3 keeps crashing if there is an invalid uid in loginuid..
Actual Results:
SegFault
Expected Results:
no SegFault..
Build Date & Platform:
Linux deinemuddah 2.6.35.3.mx64.0 #1 SMP PREEMPT Thu Aug 26 12:46:39 CEST 2010
x86_64 x86_64 x86_64 GNU/Linux
GNU C Library stable release version 2.12.1, by Roland McGrath et al.
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.5.1.
Compiled on a Linux 2.6.35 system on 2010-09-13.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
Additional Information:
when pam_loginuid is configured to set the correct uid everything is fine.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.