On and off I see adcli 0.8.2 SEGV, I can provoke SEGV using adcli -v info INFINERA.COM:
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Sending netlogon pings to domain controller: cldap://10.210.0.22 * Sending netlogon pings to domain controller: cldap://10.120.34.21 * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.100.98.21 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Received NetLogon info from: SV-DC01.infinera.com * Received NetLogon info from: SV-DC03.infinera.com * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
and here is one that didn't SEGV: adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.210.34.21 * Sending netlogon pings to domain controller: cldap://10.220.0.11 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.220.32.14 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Received NetLogon info from: se-dc01.infinera.com [domain] domain-name = infinera.com domain-short = INFINERA domain-forest = infinera.com domain-controller = se-dc01.infinera.com domain-controller-site = Sweden domain-controller-flags = gc ldap ds kdc timeserv closest writable full-secret ads-web domain-controller-usable = yes domain-controllers = se-dc01.infinera.com in-dc01.infinera.com sv-dc03.infinera.com ch-dc02.infinera.com ch- dc01.infinera.com sv-dc02.infinera.com uk-dc01.infinera.com in-dc02.infinera.com md-dc01.infinera.com sv- dc01.infinera.com sv-dc04.infinera.com pa-dc02.infinera.com md-dc02.infinera.com pa-dc01.infinera.com se- dc02.infinera.com [computer] computer-site = Sweden
Any ideas?
Got a BT now as well: ore was generated by `adcli -v info INFINERA.COM'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384
warning: Source file is more recent than executable. 384 if (disco->client_site[0] == '\0') { (gdb) bt #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384 #1 0x0000000001c8e706 in ?? () #2 0x0000000001c76bc0 in ?? () #3 0x0000000000000000 in ?? ()
On Wed, 2017-03-29 at 20:32 +0200, Joakim Tjernlund wrote:
On and off I see adcli 0.8.2 SEGV, I can provoke SEGV using adcli -v info INFINERA.COM:
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Sending netlogon pings to domain controller: cldap://10.210.0.22 * Sending netlogon pings to domain controller: cldap://10.120.34.21 * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.100.98.21 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Received NetLogon info from: SV-DC01.infinera.com * Received NetLogon info from: SV-DC03.infinera.com * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
and here is one that didn't SEGV: adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.210.34.21 * Sending netlogon pings to domain controller: cldap://10.220.0.11 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.220.32.14 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Received NetLogon info from: se-dc01.infinera.com [domain] domain-name = infinera.com domain-short = INFINERA domain-forest = infinera.com domain-controller = se-dc01.infinera.com domain-controller-site = Sweden domain-controller-flags = gc ldap ds kdc timeserv closest writable full-secret ads-web domain-controller-usable = yes domain-controllers = se-dc01.infinera.com in-dc01.infinera.com sv-dc03.infinera.com ch-dc02.infinera.com ch- dc01.infinera.com sv-dc02.infinera.com uk-dc01.infinera.com in-dc02.infinera.com md-dc01.infinera.com sv- dc01.infinera.com sv-dc04.infinera.com pa-dc02.infinera.com md-dc02.infinera.com pa-dc01.infinera.com se- dc02.infinera.com [computer] computer-site = Sweden
Any ideas?
with that BT I looked at the src and it became obvious, the check: https://cgit.freedesktop.org/realmd/adcli/commit/?id=213116ea8a16a10f4def750... needs to move into the else part holding _adcli_info ("Received NetLogon info from: %s", disco->host_name); as disco ptr can be NULL otherwise
Jocke
On Wed, 2017-03-29 at 20:36 +0200, Joakim Tjernlund wrote:
Got a BT now as well: ore was generated by `adcli -v info INFINERA.COM'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384
warning: Source file is more recent than executable. 384 if (disco->client_site[0] == '\0') { (gdb) bt #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384 #1 0x0000000001c8e706 in ?? () #2 0x0000000001c76bc0 in ?? () #3 0x0000000000000000 in ?? ()
On Wed, 2017-03-29 at 20:32 +0200, Joakim Tjernlund wrote:
On and off I see adcli 0.8.2 SEGV, I can provoke SEGV using adcli -v info INFINERA.COM:
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Sending netlogon pings to domain controller: cldap://10.210.0.22 * Sending netlogon pings to domain controller: cldap://10.120.34.21 * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.100.98.21 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Received NetLogon info from: SV-DC01.infinera.com * Received NetLogon info from: SV-DC03.infinera.com * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
and here is one that didn't SEGV: adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.210.34.21 * Sending netlogon pings to domain controller: cldap://10.220.0.11 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.220.32.14 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Received NetLogon info from: se-dc01.infinera.com [domain] domain-name = infinera.com domain-short = INFINERA domain-forest = infinera.com domain-controller = se-dc01.infinera.com domain-controller-site = Sweden domain-controller-flags = gc ldap ds kdc timeserv closest writable full-secret ads-web domain-controller-usable = yes domain-controllers = se-dc01.infinera.com in-dc01.infinera.com sv-dc03.infinera.com ch-dc02.infinera.com ch- dc01.infinera.com sv-dc02.infinera.com uk-dc01.infinera.com in-dc02.infinera.com md-dc01.infinera.com sv- dc01.infinera.com sv-dc04.infinera.com pa-dc02.infinera.com md-dc02.infinera.com pa-dc01.infinera.com se- dc02.infinera.com [computer] computer-site = Sweden
Any ideas?
On Wed, Mar 29, 2017 at 06:54:09PM +0000, Joakim Tjernlund wrote:
with that BT I looked at the src and it became obvious, the check: https://cgit.freedesktop.org/realmd/adcli/commit/?id=213116ea8a16a10f4def750... needs to move into the else part holding _adcli_info ("Received NetLogon info from: %s", disco->host_name); as disco ptr can be NULL otherwise
d'oh, thank you very much for your analysis. You are right either the check can be move in the else block or disco should be checked for NULL before dereferencing it.
Would you like to send a patch for this? You can either use bugzilla.redhat.com or upstream's bugs.freedesktop.org with product realmd component adcli to open a ticket and attache a patch.
bye, Sumit
Jocke
On Wed, 2017-03-29 at 20:36 +0200, Joakim Tjernlund wrote:
Got a BT now as well: ore was generated by `adcli -v info INFINERA.COM'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384
warning: Source file is more recent than executable. 384 if (disco->client_site[0] == '\0') { (gdb) bt #0 0x000000000041087e in parse_disco_data (bv=0x7ffcbb9a7cb0) at /var/tmp/portage/sys-auth/adcli-0.8.2-r1/work/adcli-0.8.2/library/addisco.c:384 #1 0x0000000001c8e706 in ?? () #2 0x0000000001c76bc0 in ?? () #3 0x0000000000000000 in ?? ()
On Wed, 2017-03-29 at 20:32 +0200, Joakim Tjernlund wrote:
On and off I see adcli 0.8.2 SEGV, I can provoke SEGV using adcli -v info INFINERA.COM:
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Sending netlogon pings to domain controller: cldap://10.210.0.22 * Sending netlogon pings to domain controller: cldap://10.120.34.21 * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.100.98.21 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.120.34.22 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Sending netlogon pings to domain controller: cldap://10.120.2.22 * Received NetLogon info from: SV-DC01.infinera.com * Received NetLogon info from: SV-DC03.infinera.com * Received NetLogon info from: PA-DC02.infinera.com ! Could not parse NetLogon discovery data Segmentation fault (core dumped)
and here is one that didn't SEGV: adcli -v info INFINERA.COM * Discovering domain controllers: _ldap._tcp.INFINERA.COM * Sending netlogon pings to domain controller: cldap://10.210.34.21 * Sending netlogon pings to domain controller: cldap://10.220.0.11 * Sending netlogon pings to domain controller: cldap://10.100.130.21 * Sending netlogon pings to domain controller: cldap://10.220.32.14 * Sending netlogon pings to domain controller: cldap://10.220.32.12 * Received NetLogon info from: se-dc01.infinera.com [domain] domain-name = infinera.com domain-short = INFINERA domain-forest = infinera.com domain-controller = se-dc01.infinera.com domain-controller-site = Sweden domain-controller-flags = gc ldap ds kdc timeserv closest writable full-secret ads-web domain-controller-usable = yes domain-controllers = se-dc01.infinera.com in-dc01.infinera.com sv-dc03.infinera.com ch-dc02.infinera.com ch- dc01.infinera.com sv-dc02.infinera.com uk-dc01.infinera.com in-dc02.infinera.com md-dc01.infinera.com sv- dc01.infinera.com sv-dc04.infinera.com pa-dc02.infinera.com md-dc02.infinera.com pa-dc01.infinera.com se- dc02.infinera.com [computer] computer-site = Sweden
Any ideas?
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Thu, 2017-03-30 at 09:56 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 06:54:09PM +0000, Joakim Tjernlund wrote:
with that BT I looked at the src and it became obvious, the check: https://cgit.freedesktop.org/realmd/adcli/commit/?id=213116ea8a16a10f4def750... needs to move into the else part holding _adcli_info ("Received NetLogon info from: %s", disco->host_name); as disco ptr can be NULL otherwise
d'oh, thank you very much for your analysis. You are right either the check can be move in the else block or disco should be checked for NULL before dereferencing it.
Would you like to send a patch for this? You can either use bugzilla.redhat.com or upstream's bugs.freedesktop.org with product realmd component adcli to open a ticket and attache a patch.
https://bugs.freedesktop.org/show_bug.cgi?id=100466
Jocke
sssd-users@lists.fedorahosted.org
-
Joakim Tjernlund -
Sumit Bose