Bug#821358: nss_hesiod segfaults in sock_eq

Sun, 17 Apr 2016 20:03:37 -0700 

Package: libc6
Version: 2.22-6
Severity: important
Tags: upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=19573

glibc 2.22 broke nss_hesiod so that it segfaults on almost all uses.  To 
reproduce:

# sed -i 's/^passwd:.*/& hesiod/' /etc/nsswitch.conf
# cat > /etc/hesiod.conf <<EOF
lhs=.ns
rhs=.athena.mit.edu
EOF
# id andersk
Segmentation fault (core dumped)

Backtrace:

(gdb) run
Starting program: /usr/bin/id andersk
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6531aa3 in sock_eq (a1=a1@entry=0x7ffff7bb7af4 <_res+20>, a2=0x0) at 
res_send.c:1629
1629    res_send.c: No such file or directory.
(gdb) bt
#0  0x00007ffff6531aa3 in sock_eq (a1=a1@entry=0x7ffff7bb7af4 <_res+20>, 
a2=0x0) at res_send.c:1629
#1  0x00007ffff65333f7 in __libc_res_nsend (statp=0x7ffff7bb7ae0 <_res>, 
buf=buf@entry=0x7fffffffdec0 "\322\325\001", buflen=45, buf2=buf2@entry=0x0, 
    buflen2=buflen2@entry=0, ans=ans@entry=0x7fffffffe2c0 
"`\343\377\377\377\177", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, 
resplen2=0x0, 
    ansp2_malloced=0x0) at res_send.c:416
#2  0x00007ffff6533bbd in __GI___res_nsend (statp=<optimized out>, 
buf=buf@entry=0x7fffffffdec0 "\322\325\001", buflen=<optimized out>, 
    ans=ans@entry=0x7fffffffe2c0 "`\343\377\377\377\177", 
anssiz=anssiz@entry=1024) at res_send.c:638
#3  0x00007ffff67417d6 in get_txt_records (class=1, name=name@entry=0x610a80 
"39270.uid.ns.athena.mit.edu", ctx=0x60f8c0) at hesiod.c:374
#4  0x00007ffff6741d95 in hesiod_resolve (context=context@entry=0x60f8c0, 
name=name@entry=0x7fffffffe780 "39270", type=type@entry=0x7ffff67432c6 "uid")
    at hesiod.c:240
#5  0x00007ffff6742aa2 in lookup (name=name@entry=0x7fffffffe780 "39270", 
type=type@entry=0x7ffff67432c6 "uid", 
    pwd=pwd@entry=0x7ffff7bb5e20 <resbuf.11041>, buffer=buffer@entry=0x60f260 
"saned", buflen=buflen@entry=1024, errnop=errnop@entry=0x7ffff7fe56b8)
    at nss_hesiod/hesiod-pwd.c:63
#6  0x00007ffff6742c2b in _nss_hesiod_getpwuid_r (uid=<optimized out>, 
pwd=0x7ffff7bb5e20 <resbuf.11041>, buffer=0x60f260 "saned", buflen=1024, 
    errnop=0x7ffff7fe56b8) at nss_hesiod/hesiod-pwd.c:112
#7  0x00007ffff78ccc0c in __getpwuid_r (uid=uid@entry=39270, 
resbuf=resbuf@entry=0x7ffff7bb5e20 <resbuf.11041>, buffer=0x60f260 "saned", 
    buflen=buflen@entry=1024, result=result@entry=0x7fffffffe848) at 
../nss/getXXbyYY_r.c:266
#8  0x00007ffff78cc52e in getpwuid (uid=39270) at ../nss/getXXbyYY.c:116
#9  0x00000000004022b9 in ?? ()
#10 0x00007ffff7835610 in __libc_start_main (main=0x401b20, argc=2, 
argv=0x7fffffffe9b8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe9a8) at libc-start.c:291
#11 0x00000000004026ac in ?? ()

See also:

https://sourceware.org/bugzilla/show_bug.cgi?id=19573
https://bugzilla.redhat.com/show_bug.cgi?id=1252570
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1571456

Anders

Reply via email to