[Nss-mysql-devel] [Bug #757] Segfault which appears to be in nss-mysql.

[nobody]

=================== BUG #757: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=757&group_id=443

Changes by: Guillaume Morin <address@hidden>
Date: 2002-Jul-04 15:32 (Europe/Paris)

------------------ Additional Follow-up Comments ----------------------------
Hi,

Sorry for the late response, the bug email notification did not work :-(. It 
should work now.

Could you try  to reproduce that problem with current CVS and
send me the debug log ?

I'd like to know if the frontpage software is linked dynamically with the mysql 
libraries too.

Could you try to run ltrace on the process when reproducing the bug, that would 
be helpful ?

Regards,

Guillaume.



=================== BUG #757: FULL BUG SNAPSHOT ===================


Submitted by: kyrian                    Project: NSS MySQL                      
Submitted on: 2002-Jun-26 04:44
Category:  None                         Severity:  5 - Major                    
Bug Group:  None                        Resolution:  None                       
Assigned to:  gmorin                    Status:  Open                           

Summary:  Segfault which appears to be in nss-mysql.

Original Submission:  Hi,

This segfault problem comes about when using the frontpage extensions for 
linux, so it may well be a problem with that passing garbage to nss-mysql (even 
if that is the case, it's still a BAD problem!), or it could be a problem 
within nss-mysql itself, which is what I think is the case.

Basically what appears to be happening (guesswork, see the attached strace 
information - sorry about the format, daft X setup left me no choice - for more 
conclusive info) is that when the frontpage software attempts to look up a 
(non-existent in /etc/passwd, as per my /etc/nsswitch.conf configuration) UID 
to username mapping, in some cases, you get a segfault, whereas if I add the 
appropriate user line in /etc/passwd, I get no segfault, because I've 
circumvented nss-mysql...

Now, from the attached strace, I reckon that this is happening because when 
reading /etc/nss-mysql.conf, there is an old_mmap() call which gets a buffer 
space of 4096 (bytes, at address 0x40028000 in the strace)
to store the information that's read in.

This is then duplicate-freed with a munmap() towards the end of the strace, 
attempting which causes a segfault.

This is repeatable every time with the user inquestion without the 
aforementioned line in /etc/passwd (although I've made no mention of it, I'm 
also using shadow passwords, but no line in /etc/shadow is required to prevent 
this bug happening, thus implying that it's restricted to the UID->username 
mapping process...).

However, what (possibly) knackers my theory is that it only happens with this 
one user, and not other users with similar setups, on which I'm trying to do 
the same thing...

I've tried making the user that fails have the same user/group config, removing 
trailing slashes from home directory names, etc. all sorts of minor tweaks of 
both the frontpage and the nss-mysql side that might be different between 
working an non-working users, but the only one that works is the line in 
/etc/passwd with the right uid/gid/username.

More information is available on request, although I would like to maintain as 
much customer-information privacy as possible, obviously...

Hopefully someone can help with this, as it defeats the object of having 
nss-mysql in the first place if I still need users in /etc/password :(

K.

PS. With debug enabled, when I get the above segfault, I only get this in my 
logs:

Jun 26 02:31:38 lestat nss-mysql[560]: getpwuid called for 1004
Jun 26 02:31:38 lestat owsadm.exe[560]: _nss_mysql_read_conf_file: called for 
section users
Jun 26 02:31:38 lestat owsadm.exe[560]: _nss_mysql_read_conf_file ended for 
section users

Oh, and it's nss-mysql-0.37.1 ;-)

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Jul-04 15:32             By: gmorin
Hi,

Sorry for the late response, the bug email notification did not work :-(. It 
should work now.

Could you try  to reproduce that problem with current CVS and
send me the debug log ?

I'd like to know if the frontpage software is linked dynamically with the mysql 
libraries too.

Could you try to run ltrace on the process when reproducing the bug, that would 
be helpful ?

Regards,

Guillaume.

-------------------------------------------------------
Date: 2002-Jun-28 09:50             By: kyrian
Hmmm... After a thought struck me, I tried changing the working user's username 
to the same length as the non-working one.

Lo and behold, I began to get segfaults on certain operations from the formerly 
working user when I made its username seven characters long (as opposed to its 
original four).

Maybe it has something to do with it, maybe not...



File Attachments
****************

-------------------------------------------------------
Date: 2002-Jun-26 04:44  Name: crud  Size: 8KB   By: kyrian
strace of bug.
http://savannah.gnu.org/bugs/download.php?group_id=443&bug_id=757&bug_file_id=42


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=757&group_id=443