Univention Bugzilla – Full Text Bug Listing |
Summary: | pam_saml/umc segfault if IDP metadata file does not exists | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | SAML | Assignee: | Jürn Brodersen <brodersen> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | brodersen, gohmann |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.2-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://github.com/univention/crudesaml/pull/2 | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=45042 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 7: Crash: Bug causes crash or data loss |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.200 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Florian Best
2015-09-16 15:16:02 CEST
The same applies to cy2saml if one changes the metadata.xml file without restarting slapd. Changing the file is necessary if one e.g. renews the SSL certificates. In that case slapd segfaulted: Dec 11 19:21:20 backup31 kernel: [221738.417586] slapd[19552]: segfault at f ip 00007fc82d063d82 sp 00007fc7a9aad220 error 4 in libxmlsec1.so.1.2.18[7fc82d021000+5e000] Comment on attachment 9066 [details] proposed patch The updated patch can be found on: https://github.com/univention/crudesaml/pull/3 r81546: add test 82_saml/25_broken_idp_metadata r81560: Fix SEGV if no idp config was found r81562: YAML Package: crudesaml Version: 1.8.0-2A~4.2.0.201707311310 Branch: ucs_4.2-0 Scope: errata4.2-1 (In reply to Florian Best from comment #1) > The same applies to cy2saml if one changes the metadata.xml file without > restarting slapd. > Changing the file is necessary if one e.g. renews the SSL certificates. > > In that case slapd segfaulted: > Dec 11 19:21:20 backup31 kernel: [221738.417586] slapd[19552]: segfault at f > ip 00007fc82d063d82 sp 00007fc7a9aad220 error 4 in > libxmlsec1.so.1.2.18[7fc82d021000+5e000] I think that was fixed in bug 45042. Reopened until the pull request is merged and the patch can be modified accordingly. (In reply to Jürn Brodersen from comment #5) > (In reply to Florian Best from comment #1) > > The same applies to cy2saml if one changes the metadata.xml file without > > restarting slapd. > > Changing the file is necessary if one e.g. renews the SSL certificates. > > > > In that case slapd segfaulted: > > Dec 11 19:21:20 backup31 kernel: [221738.417586] slapd[19552]: segfault at f > > ip 00007fc82d063d82 sp 00007fc7a9aad220 error 4 in > > libxmlsec1.so.1.2.18[7fc82d021000+5e000] > > I think that was fixed in bug 45042. > > Reopened until the pull request is merged and the patch can be modified > accordingly. No, the pull request is independent of this. So you would say this Bug is a duplicate of Bug #45042? (In reply to Florian Best from comment #6) > (In reply to Jürn Brodersen from comment #5) > > (In reply to Florian Best from comment #1) > > > The same applies to cy2saml if one changes the metadata.xml file without > > > restarting slapd. > > > Changing the file is necessary if one e.g. renews the SSL certificates. > > > > > > In that case slapd segfaulted: > > > Dec 11 19:21:20 backup31 kernel: [221738.417586] slapd[19552]: segfault at f > > > ip 00007fc82d063d82 sp 00007fc7a9aad220 error 4 in > > > libxmlsec1.so.1.2.18[7fc82d021000+5e000] > > > > I think that was fixed in bug 45042. > > > > Reopened until the pull request is merged and the patch can be modified > > accordingly. > No, the pull request is independent of this. Ok set to resolved again :) > So you would say this Bug is a duplicate of Bug #45042? The part about the slapd segfault. As far as I can tell the umc and slapd segfaults were caused by different bugs. The umc is using pam and slapd is using sasl. At least the fix I committed is only relevant for the pam part. umc segfault -> due to this bug 39355 slapd segfault (might have caused umc segfaults as well) -> due to bug 45042 REOPEN as discussed. I changed the patch to only include the relevant change that fixes the segfault. A test can be found under 82_saml/25_broken_idp_metadata. r81786: Only patch what fixed the segfault Package: crudesaml Version: 1.8.0-3A~4.2.0.201708041146 Branch: ucs_4.2-0-errata4.2-1 Scope: errata4.2-1 The test script reproduces the issue :-) # univention-management-console-server -n -d4 -L /dev/stdout … 08.08.17 18:43:08.801 AUTH ( INFO ) : Canonicalized username: 'Administrator' *** Error in `/usr/bin/python2.7': free(): invalid pointer: 0x00007f5a94c7e094 *** Abgebrochen OK: fix works, nice! OK: YAML (adjusted in r81910) |