public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12112] New: possible segfault in getlogin() when /proc/self/loginuid contains invalid uid..
@ 2010-10-12 15:24 tolzmann at molgen dot mpg.de
2010-10-12 16:18 ` [Bug libc/12112] " drepper.fsp at gmail dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: tolzmann at molgen dot mpg.de @ 2010-10-12 15:24 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12112
Summary: possible segfault in getlogin() when
/proc/self/loginuid contains invalid uid..
Product: glibc
Version: 2.12
Status: UNCONFIRMED
Severity: minor
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: tolzmann@molgen.mpg.de
Overview:
the screen cmd crahes with a Segfault, when /proc/self/loginuid contains an
invalid uid:
-bash-4.1# screen
Segmentation fault (core dumped)
-bash-4.1# cat /proc/self/loginuid
4294967295-bash-4.1#
-bash-4.1# echo 0 >/proc/self/loginuid
-bash-4.1# cat /proc/self/loginuid
0-bash-4.1#
-bash-4.1# screen
[screen is terminating]
gdb-backtrace:
Program terminated with signal 11, Segmentation fault.
#0 internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
206 ((unsigned char *) data->linebuffer)[linebuflen - 1] = '\xff';
(gdb) bt full
#0 internal_getent (result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody",
buflen=8192, errnop=0x7f00cef896a8) at nss_files/files-XXX.c:206
p = <value optimized out>
data = 0x7fff87a8d080
linebuflen = 8192
parse_result = <value optimized out>
#1 0x00007f00ce16a561 in _nss_files_getpwuid_r (uid=4294967295,
result=0x7fff87a8d4b0, buffer=0x7fff87a8d080 "nobody", buflen=8192,
errnop=0x7f00cef896a8) at nss_files/files-pwd.c:40
status = NSS_STATUS_SUCCESS
#2 0x00007f00ce410aad in __getpwuid_r (uid=4294967295, resbuf=0x7fff87a8d4b0,
buffer=0x7fff87a8d080 "nobody", buflen=8192, result=0x7fff87a8d4f0) at
../nss/getXXbyYY_r.c:253
startp_initialized = true
startp = 0x5b5bbdb45faba935
start_fct = 0xa55a21551caba935
nip = 0x660520
fct = {l = 0x7f00ce16a4a0 <_nss_files_getpwuid_r>, ptr =
0x7f00ce16a4a0}
no_more = <value optimized out>
status = <value optimized out>
nscd_status = <value optimized out>
res = <value optimized out>
#3 0x00007f00ce41304a in __getlogin_r_loginuid (name=0x7f00ce6d8f40 "",
namesize=33) at ../sysdeps/unix/sysv/linux/getlogin_r.c:63
fd = <value optimized out>
uidbuf = "4294967295\000"
n = <value optimized out>
uid = 4294967295
endp = 0x7fff87a8d4ea ""
buflen = 8192
buf = 0x7fff87a8d080 "nobody"
use_malloc = false
pwd = {pw_name = 0x7fff87a8d080 "nobody", pw_passwd = 0x7fff87a8d087
"x", pw_uid = 65534, pw_gid = 65534, pw_gecos = 0x7fff87a8d095 "Unprivileged
User", pw_dir = 0x7fff87a8d0a7 "/dev/null",
pw_shell = 0x7fff87a8d0b1 "/bin/false"}
tpwd = <value optimized out>
res = <value optimized out>
result = <value optimized out>
needed = <value optimized out>
#4 0x00007f00ce412d25 in getlogin () at
../sysdeps/unix/sysv/linux/getlogin.c:35
No locals.
#5 0x0000000000404e7b in main (ac=<value optimized out>, av=0x7fff87a8e9a0) at
/tmp/beeroot/screen/screen-4.0.3-0/source/screen.c:851
n = <value optimized out>
ap = <value optimized out>
av0 = 0x7fff87a8ee55 "/usr/bin/screen"
socknamebuf =
"\330\022e\000\001\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\334\006\327\316\000\177\000\000P\345\250\207\377\177\000\000\000\000\000\000\000\000\000\000\310\022e\000\000\000\000\000d\275\327\316\000\177\000\000\001\000\000\000\000\000\000\000\260\200\070\316\000\177\000\000\330\t\371\316\000\177\000\000\300\264\370\316\000\177\000\000\023\000\000\000\000\000\000\000\330\t\371\316\000\177\000\000\260\346\250\207\377\177\000\000t\361\327\316\000\177\000\000\300\025\070\316\000\177\000\000\212\212\327\316\000\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000\000\000\000\000\000\000\000\000\220\346\250\207\377\177\000\000Uu\307\001\000\000\000\000\240\027\371\316\000\177\000\000\177U\335q\000\000\000\000\022\222\327\316\000\177\000\000\001\000\000\000\000\000\000\000?\000\000\000\000\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\020\350\250\207\377\177\000\000\212\212\327\316\000\177\000\000\210a\251\207\377\177\000\000\000\347\250\207\377\177\000\000\250\005\327\316\000\177\000\000\000\347"...
mflag = <value optimized out>
myname = <value optimized out>
SockDir = <value optimized out>
st = {st_dev = 140735469381880, st_ino = 139641449157096, st_nlink =
4131212846, st_mode = 3470234914, st_uid = 32512, st_gid = 0, __pad0 = 0,
st_rdev = 139641449134752,
st_size = 139637976727553, st_blksize = 0, st_blocks = 1, st_atim =
{tv_sec = 139641449157096, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0},
st_ctim = {tv_sec = 0, tv_nsec = 0},
__unused = {139641449157952, 140735469381760, 140735469381784}}
oumask = <value optimized out>
nwin = {StartAt = -1, aka = 0x0, args = 0x0, dir = 0x0, term = 0x0,
aflag = -1, flowflag = -1, lflag = -1, histheight = -1, monitor = -1, wlock =
-1, silence = -1, wrap = -1, Lflag = -1,
slow = -1, gr = -1, c1 = -1, bce = -1, encoding = -1, hstatus = 0x0,
charset = 0x0}
detached = 0
sockp = <value optimized out>
(gdb) print LoginName
$7 = 0x0
Steps to Reproduce:
i was not able to get a simple getlogin()-program to crash the same way
yet.
but my screen-4.0.3 keeps crashing if there is an invalid uid in loginuid..
Actual Results:
SegFault
Expected Results:
no SegFault..
Build Date & Platform:
Linux deinemuddah 2.6.35.3.mx64.0 #1 SMP PREEMPT Thu Aug 26 12:46:39 CEST 2010
x86_64 x86_64 x86_64 GNU/Linux
GNU C Library stable release version 2.12.1, by Roland McGrath et al.
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.5.1.
Compiled on a Linux 2.6.35 system on 2010-09-13.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.
Additional Information:
when pam_loginuid is configured to set the correct uid everything is fine.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-30 7:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-12 15:24 [Bug libc/12112] New: possible segfault in getlogin() when /proc/self/loginuid contains invalid uid tolzmann at molgen dot mpg.de
2010-10-12 16:18 ` [Bug libc/12112] " drepper.fsp at gmail dot com
2011-05-09 22:57 ` drepper.fsp at gmail dot com
2014-06-30 7:51 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).