This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12112] New: possible segfault in getlogin() when /proc/self/loginuid contains invalid uid..


http://sourceware.org/bugzilla/show_bug.cgi?id=12112

           Summary: possible segfault in getlogin() when
                    /proc/self/loginuid contains invalid uid..
           Product: glibc
           Version: 2.12
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: tolzmann@molgen.mpg.de


Overview:

the screen cmd crahes with a Segfault, when /proc/self/loginuid contains an 
invalid uid:

        -bash-4.1# screen
        Segmentation fault (core dumped)
        -bash-4.1# cat /proc/self/loginuid
        4294967295-bash-4.1#
        -bash-4.1# echo 0 >/proc/self/loginuid
        -bash-4.1# cat /proc/self/loginuid
        0-bash-4.1#
        -bash-4.1# screen
        [screen is terminating]

gdb-backtrace:

    Program terminated with signal 11, Segmentation fault.
    #0  internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
206           ((unsigned char *) data->linebuffer)[linebuflen - 1] = '\xff';

(gdb) bt full
#0  internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
        p = <value optimized out>
        data = 0x7fff87a8d080
        linebuflen = 8192
        parse_result = <value optimized out>
#1  0x00007f00ce16a561 in _nss_files_getpwuid_r (uid=4294967295,
result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody", buflen=8192,
errnop=0x7f00cef896a8) at nss_files/files-pwd.c:40
        status = NSS_STATUS_SUCCESS
#2  0x00007f00ce410aad in __getpwuid_r (uid=4294967295, resbuf=0x7fff87a8d4b0,
buffer=0x7fff87a8d080 "nobody", buflen=8192, result=0x7fff87a8d4f0) at
../nss/getXXbyYY_r.c:253
        startp_initialized = true
        startp = 0x5b5bbdb45faba935
        start_fct = 0xa55a21551caba935
        nip = 0x660520
        fct = {l = 0x7f00ce16a4a0 <_nss_files_getpwuid_r>, ptr =
0x7f00ce16a4a0}
        no_more = <value optimized out>
        status = <value optimized out>
        nscd_status = <value optimized out>
        res = <value optimized out>
#3  0x00007f00ce41304a in __getlogin_r_loginuid (name=0x7f00ce6d8f40 "",
namesize=33) at ../sysdeps/unix/sysv/linux/getlogin_r.c:63
        fd = <value optimized out>
        uidbuf = "4294967295\000"
        n = <value optimized out>
        uid = 4294967295
        endp = 0x7fff87a8d4ea ""
        buflen = 8192
        buf = 0x7fff87a8d080 "nobody"
        use_malloc = false
        pwd = {pw_name = 0x7fff87a8d080 "nobody", pw_passwd = 0x7fff87a8d087
"x", pw_uid = 65534, pw_gid = 65534, pw_gecos = 0x7fff87a8d095 "Unprivileged
User", pw_dir = 0x7fff87a8d0a7 "/dev/null",
          pw_shell = 0x7fff87a8d0b1 "/bin/false"}
        tpwd = <value optimized out>
        res = <value optimized out>
        result = <value optimized out>
        needed = <value optimized out>
#4  0x00007f00ce412d25 in getlogin () at
../sysdeps/unix/sysv/linux/getlogin.c:35
No locals.
#5  0x0000000000404e7b in main (ac=<value optimized out>, av=0x7fff87a8e9a0) at
/tmp/beeroot/screen/screen-4.0.3-0/source/screen.c:851
        n = <value optimized out>
        ap = <value optimized out>
        av0 = 0x7fff87a8ee55 "/usr/bin/screen"
        socknamebuf =
"\330\022e\000\001\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\334\006\327\316\000\177\000\000P\345\250\207\377\177\000\000\000\000\000\000\000\000\000\000\310\022e\000\000\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\260\200\070\316\000\177\000\000\330\t\371\316\000\177\000\000\300\264\370\316\000\177\000\000\023\000\000\000\000\000\000\000\330\t\371\316\000\177\000\000\260\346\250\207\377\177\000\000t\361\327\316\000\177\000\000\300\025\070\316\000\177\000\000\212\212\327\316\000\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000Uu\307\001\000\000\000\000\240\027\371\316\000\177\000\000\177U\335q\000\000\000\000\022\222\327\316\000\177\000\000\001\000\000\000\000\000\000\000?\000\000\000\000\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\020\350\250\207\377\177\000\000\212\212\327\316\000\177\000\000\210a\251\207\377\177\000\000\000\347\250\207\377\177\000\000\250\005\327\316\000\177\000\000\000\347"...
        mflag = <value optimized out>
        myname = <value optimized out>
        SockDir = <value optimized out>
        st = {st_dev = 140735469381880, st_ino = 139641449157096, st_nlink =
4131212846, st_mode = 3470234914, st_uid = 32512, st_gid = 0, __pad0 = 0,
st_rdev = 139641449134752,
          st_size = 139637976727553, st_blksize = 0, st_blocks = 1, st_atim =
{tv_sec = 139641449157096, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0},
st_ctim = {tv_sec = 0, tv_nsec = 0},
          __unused = {139641449157952, 140735469381760, 140735469381784}}
        oumask = <value optimized out>
        nwin = {StartAt = -1, aka = 0x0, args = 0x0, dir = 0x0, term = 0x0,
aflag = -1, flowflag = -1, lflag = -1, histheight = -1, monitor = -1, wlock =
-1, silence = -1, wrap = -1, Lflag = -1,
          slow = -1, gr = -1, c1 = -1, bce = -1, encoding = -1, hstatus = 0x0,
charset = 0x0}
        detached = 0
        sockp = <value optimized out>
(gdb) print LoginName
$7 = 0x0

Steps to Reproduce:
    i was not able to get a simple getlogin()-program to crash the same way
yet.
    but my screen-4.0.3 keeps crashing if there is an invalid uid in loginuid..

Actual Results: 
    SegFault

Expected Results:
    no SegFault..

Build Date & Platform: 

Linux deinemuddah 2.6.35.3.mx64.0 #1 SMP PREEMPT Thu Aug 26 12:46:39 CEST 2010
x86_64 x86_64 x86_64 GNU/Linux

GNU C Library stable release version 2.12.1, by Roland McGrath et al.
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.5.1.
Compiled on a Linux 2.6.35 system on 2010-09-13.
Available extensions:
        crypt add-on version 2.1 by Michael Glad and others
        GNU Libidn by Simon Josefsson
        Native POSIX Threads Library by Ulrich Drepper et al
        BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.

Additional Information:

     when pam_loginuid is configured to set the correct uid everything is fine.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]