Univention Bugzilla – Bug 44164
crudesaml crashes slapd on i386
Last modified: 2021-06-15 16:41:10 CEST
+++ This bug was initially created as a clone of Bug #43732 +++slapd crashes on i386 @ billy: (gdb) bt #0 __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:50 #1 0xb7462bba in _sasl_add_string (out=0xadcee8f8, alloclen=0xadcee8fc, outlen=0xadcee900, add=0x2 <error: Cannot access memory at address 0x2>) at ../../lib/common.c:193 #2 0xb7462fbd in _sasl_log (conn=0x971121f8, level=5, fmt=0xb6be1c7c "SAML assertion condition NotBefore = %ld (%s)") at ../../lib/common.c:1961 #3 0xb6bdf269 in saml_log (params=0x971548d0, pri=<optimized out>, fmt=0xb6be1c7c "SAML assertion condition NotBefore = %ld (%s)") at cy2_saml.c:89 #4 0xb6be02c8 in saml_check_assertion_dates (ctx=<optimized out>, lasso_assertion=<optimized out>, params=<optimized out>) at saml.c:197 #5 saml_check_one_assertion (doc=<optimized out>, assertion=<optimized out>, userid=<optimized out>, params=<optimized out>, ctx=<optimized out>) at saml.c:452 #6 saml_check_all_assertions (ctx=0xad7f3c30, params=0x971548d0, userid=0xadcfee78, saml_msg=0x2 <error: Cannot access memory at address 0x2>, flags=0) at saml.c:562 #7 0xb6bdeb07 in saml_server_mech_step (conn_context=0xad7f3c30, params=0x971548d0, clientin=0x98b80ab2 "", clientinlen=0, serverout=0x2, serveroutlen=0xadcfefac, oparams=0x97112a58) at cy2_saml.c:261 #8 0xb74694c0 in sasl_server_step (conn=0x971121f8, clientin=0x98b80ab2 "", clientinlen=10593, serverout=0xadcfefb8, serveroutlen=0xadcfefac) at ../../lib/server.c:1618 #9 0xb74699cd in sasl_server_start (conn=0x971121f8, mech=0xad7b31f8 "SAML", clientin=0x98b80ab2 "", clientinlen=10593, serverout=0xadcfefb8, serveroutlen=0xadcfefac) at ../../lib/server.c:1533 #10 0x8010d413 in slap_sasl_bind (op=0xad701e60, rs=0xadcff0c0) at ../../../../servers/slapd/sasl.c:1525 #11 0x800d7250 in fe_op_bind (op=0xad701e60, rs=0xadcff0c0) at ../../../../servers/slapd/bind.c:280 #12 0x800d6a91 in do_bind (op=0xad701e60, rs=0xadcff0c0) at ../../../../servers/slapd/bind.c:205 #13 0x800b85fc in connection_operation (ctx=0xadcff1b8, arg_v=0xad701e60) at ../../../../servers/slapd/connection.c:1155 #14 0x800b8a5c in connection_read_thread (ctx=0xadcff1b8, argv=0x38) at ../../../../servers/slapd/connection.c:1291 #15 0xb770b5e9 in ?? () from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2 #16 0xb7185ecb in start_thread (arg=0xadcffb40) at pthread_create.c:309 #17 0xb70bdd0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129 (gdb) info all-registers eax 0x0 0 ecx 0x2 2 edx 0x73 115 ebx 0xb7475dd4 -1220059692 esp 0xadcee890 0xadcee890 ebp 0x2c 0x2c esi 0xadcee900 -1378948864 edi 0xb6be1c7c -1229054852 eip 0xb7462bba 0xb7462bba <_sasl_add_string+42> eflags 0x210287 [ CF PF SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 st0 -nan(0x000026c51) (raw 0xffff0000000000026c51) st1 -nan(0x00001ffff) (raw 0xffff000000000001ffff) st2 -nan(0x20249fffedb54) (raw 0xffff00020249fffedb54) st3 -nan(0x1ffffffff0b5a) (raw 0xffff0001ffffffff0b5a) st4 -nan(0xf17bfffdfdb6) (raw 0xffff0000f17bfffdfdb6) st5 -nan(0x062b7dd6c) (raw 0xffff0000000062b7dd6c) st6 -nan(0xf4a5ffff0e84) (raw 0xffff0000f4a5ffff0e84) st7 -nan(0x124abfffe8dc1) (raw 0xffff000124abfffe8dc1) fctrl 0x37f 895 fstat 0x4020 16416 ftag 0xffff 65535 fiseg 0x0 0 fioff 0xb72f488c -1221638004 foseg 0x0 0 fooff 0xb7397e68 -1220968856 fop 0x0 0 mxcsr 0x1f80 [ IM DM ZM OM UM PM ] ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0xff, 0x0 <repeats 31 times>}, v16_int16 = {0xff, 0x0 <repeats 15 times>}, v8_int32 = {0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xff, 0x0, 0x0, 0x0}, v2_int128 = {0x000000000000000000000000000000ff, 0x00000000000000000000000000000000}} ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0x0 <repeats 20 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xff00, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0xffffff00, 0x0, 0x0}, v2_int128 = { 0x00000000ffffff000000000000000000, 0x00000000000000000000000000000000}} ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = { 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}} mm0 {uint64 = 0x26c51, v2_int32 = {0x26c51, 0x0}, v4_int16 = {0x6c51, 0x2, 0x0, 0x0}, v8_int8 = {0x51, 0x6c, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}} mm1 {uint64 = 0x1ffff, v2_int32 = {0x1ffff, 0x0}, v4_int16 = {0xffff, 0x1, 0x0, 0x0}, v8_int8 = {0xff, 0xff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}} mm2 {uint64 = 0x20249fffedb54, v2_int32 = {0xfffedb54, 0x20249}, v4_int16 = {0xdb54, 0xfffe, 0x249, 0x2}, v8_int8 = {0x54, 0xdb, 0xfe, 0xff, 0x49, 0x2, 0x2, 0x0}} mm3 {uint64 = 0x1ffffffff0b5a, v2_int32 = {0xffff0b5a, 0x1ffff}, v4_int16 = {0xb5a, 0xffff, 0xffff, 0x1}, v8_int8 = {0x5a, 0xb, 0xff, 0xff, 0xff, 0xff, 0x1, 0x0}} mm4 {uint64 = 0xf17bfffdfdb6, v2_int32 = {0xfffdfdb6, 0xf17b}, v4_int16 = {0xfdb6, 0xfffd, 0xf17b, 0x0}, v8_int8 = {0xb6, 0xfd, 0xfd, 0xff, 0x7b, 0xf1, 0x0, 0x0}} mm5 {uint64 = 0x62b7dd6c, v2_int32 = {0x62b7dd6c, 0x0}, v4_int16 = {0xdd6c, 0x62b7, 0x0, 0x0}, v8_int8 = {0x6c, 0xdd, 0xb7, 0x62, 0x0, 0x0, 0x0, 0x0}} mm6 {uint64 = 0xf4a5ffff0e84, v2_int32 = {0xffff0e84, 0xf4a5}, v4_int16 = {0xe84, 0xffff, 0xf4a5, 0x0}, v8_int8 = {0x84, 0xe, 0xff, 0xff, 0xa5, 0xf4, 0x0, 0x0}} mm7 {uint64 = 0x124abfffe8dc1, v2_int32 = {0xfffe8dc1, 0x124ab}, v4_int16 = {0x8dc1, 0xfffe, 0x24ab, 0x1}, v8_int8 = {0xc1, 0x8d, 0xfe, 0xff, 0xab, 0x24, 0x1, 0x0}} (gdb) disassemble Dump of assembler code for function __strlen_sse2_bsf: 0xb7055b70 <+0>: push %esi 0xb7055b71 <+1>: push %edi 0xb7055b72 <+2>: mov 0xc(%esp),%edi 0xb7055b76 <+6>: xor %eax,%eax 0xb7055b78 <+8>: mov %edi,%ecx 0xb7055b7a <+10>: and $0x3f,%ecx 0xb7055b7d <+13>: pxor %xmm0,%xmm0 0xb7055b81 <+17>: cmp $0x30,%ecx 0xb7055b84 <+20>: ja 0xb7055b9d <__strlen_sse2_bsf+45> => 0xb7055b86 <+22>: movdqu (%edi),%xmm1 0xb7055b8a <+26>: pcmpeqb %xmm1,%xmm0 0xb7055b8e <+30>: pmovmskb %xmm0,%edx 0xb7055b92 <+34>: test %edx,%edx 0xb7055b94 <+36>: jne 0xb7055c09 <__strlen_sse2_bsf+153> 0xb7055b96 <+38>: mov %edi,%eax 0xb7055b98 <+40>: and $0xfffffff0,%eax 0xb7055b9b <+43>: jmp 0xb7055bb7 <__strlen_sse2_bsf+71> 0xb7055b9d <+45>: mov %edi,%eax 0xb7055b9f <+47>: and $0xfffffff0,%eax 0xb7055ba2 <+50>: pcmpeqb (%eax),%xmm0 0xb7055ba6 <+54>: mov $0xffffffff,%esi 0xb7055bab <+59>: sub %eax,%ecx 0xb7055bad <+61>: shl %cl,%esi 0xb7055baf <+63>: pmovmskb %xmm0,%edx 0xb7055bb3 <+67>: and %esi,%edx 0xb7055bb5 <+69>: jne 0xb7055c07 <__strlen_sse2_bsf+151> 0xb7055bb7 <+71>: pxor %xmm0,%xmm0 0xb7055bbb <+75>: pxor %xmm1,%xmm1 0xb7055bbf <+79>: pxor %xmm2,%xmm2 0xb7055bc3 <+83>: pxor %xmm3,%xmm3 0xb7055bc7 <+87>: mov %esi,%esi 0xb7055bc9 <+89>: lea 0x0(%edi,%eiz,1),%edi 0xb7055bd0 <+96>: pcmpeqb 0x10(%eax),%xmm0 0xb7055bd5 <+101>: pmovmskb %xmm0,%edx 0xb7055bd9 <+105>: test %edx,%edx 0xb7055bdb <+107>: jne 0xb7055c11 <__strlen_sse2_bsf+161> 0xb7055bdd <+109>: pcmpeqb 0x20(%eax),%xmm1 0xb7055be2 <+114>: pmovmskb %xmm1,%edx 0xb7055be6 <+118>: test %edx,%edx 0xb7055be8 <+120>: jne 0xb7055c1e <__strlen_sse2_bsf+174> 0xb7055bea <+122>: pcmpeqb 0x30(%eax),%xmm2 0xb7055bef <+127>: pmovmskb %xmm2,%edx 0xb7055bf3 <+131>: test %edx,%edx 0xb7055bf5 <+133>: jne 0xb7055c2b <__strlen_sse2_bsf+187> 0xb7055bf7 <+135>: pcmpeqb 0x40(%eax),%xmm3 0xb7055bfc <+140>: pmovmskb %xmm3,%edx 0xb7055c00 <+144>: lea 0x40(%eax),%eax 0xb7055c03 <+147>: test %edx,%edx 0xb7055c05 <+149>: je 0xb7055bd0 <__strlen_sse2_bsf+96> 0xb7055c07 <+151>: sub %edi,%eax 0xb7055c09 <+153>: bsf %edx,%edx 0xb7055c0c <+156>: add %edx,%eax 0xb7055c0e <+158>: pop %edi 0xb7055c0f <+159>: pop %esi 0xb7055c10 <+160>: ret 0xb7055c11 <+161>: sub %edi,%eax 0xb7055c13 <+163>: bsf %edx,%edx 0xb7055c16 <+166>: add %edx,%eax 0xb7055c18 <+168>: add $0x10,%eax 0xb7055c1b <+171>: pop %edi 0xb7055c1c <+172>: pop %esi 0xb7055c1d <+173>: ret 0xb7055c1e <+174>: sub %edi,%eax 0xb7055c20 <+176>: bsf %edx,%edx 0xb7055c23 <+179>: add %edx,%eax 0xb7055c25 <+181>: add $0x20,%eax 0xb7055c28 <+184>: pop %edi 0xb7055c29 <+185>: pop %esi 0xb7055c2a <+186>: ret 0xb7055c2b <+187>: sub %edi,%eax 0xb7055c2d <+189>: bsf %edx,%edx 0xb7055c30 <+192>: add %edx,%eax 0xb7055c32 <+194>: add $0x30,%eax 0xb7055c35 <+197>: pop %edi 0xb7055c36 <+198>: pop %esi 0xb7055c37 <+199>: ret The use if stdarg in cy2_saml.c is (probably) wrong.
* <http://c-faq.com/varargs/handoff.html> * <https://www.gnu.org/software/gnulib/manual/html_node/Exported-Symbols-of-Shared-Libraries.html> * <http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_MWG.html> * <http://www.sendmail.org/~ca/email/cyrus2/plugprog.html> r78560 | Bug #44164 saml: Fix SEGV on i386 r78559 | Bug #44164 saml: Fix SEGV on i386 saml_log() now does the vsnprintf() itself fixed lots of plugin issues, e.g. not hiding symbols, linkting to unneeded libraries, missing dependency information, using SONAME for PAM, FTBFS with new auto* tools, missing multi-arch awareness, .. Package: crudesaml Version: 1.5.0-5A~4.2.0.201703311449 Branch: ucs_4.2-0 IMPORTANT: crudesaml's upstream project is <https://ftp.espci.fr/pub/crudesaml/>; for UCS-4.2 the version was bumped; this has been reverted; so the correct version 1.5.0-x is lower than the interim version 2.0.0-y; you need to downgrade explicitly! apt-get install {cy2-saml,pam-saml}{,-dbg}=1.5.0-5A~4.2.0.201703311449
r78563 | Bug #44164 saml: Re-add missing .so link Package: crudesaml Version: 1.5.0-6A~4.2.0.201703311555 Branch: ucs_4.2-0 apt-get install {cy2-saml,pam-saml}{,-dbg}=1.5.0-6* saslpluginviewer -c -s -m SAML # https://de.slideshare.net/gabturtle/bp104-saml
The new version is installed on billy and it works. Great job! SAML in my other test environments works as well. Code review: OK
@Timo: FYI (In reply to Stefan Gohmann from comment #3) > The new version is installed on billy and it works. Great job! > > SAML in my other test environments works as well. > > Code review: OK
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".