Hello Mr Moll,
mknetid cores when it reads /etc/passwd.
I've noticed that the passwd file parser is very sensitive on
malformed lines, especially those with the wrong number of entries
(some ":" are missing, there must be exactly six of them)
If you work in compat mode (/etc/nsswitch.conf), uses:
(in /etc/passwd)
+::::::
to include the yp entries an *not*:
+
But it also may occurs on any "normal" line...
Regards,
On Wed, 2011-10-05 at 10:50 +0200, Felip Moll wrote:
> Dear SL developers,
>
> I have recently installed the package ypserv.x86_64, version
> 2.19-18.el6, from repo. @sl/6.0. The same version is in the sl 6.1
> repo.
>
> When executing the command /usr/lib64/yp/mknetid , a segmentation
> fault occurs.
>
> Here there is some info:
> [root@acuari ~]# /usr/lib64/yp/mknetid
> Segmentation fault
>
> [root@acuari ~]# strace /usr/lib64/yp/mknetid
> execve("/usr/lib64/yp/mknetid", ["/usr/lib64/yp/mknetid"], [/* 30 vars
> */]) = 0
> brk(0) = 0x2564000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7f1d03292000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=71138, ...}) = 0
> mmap(NULL, 71138, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1d03280000
> close(3) = 0
> open("/lib64/libnsl.so.1", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360?\340\3607
> \0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=116136, ...}) = 0
> mmap(0x37f0e00000, 2198192, PROT_READ|PROT_EXEC, MAP_PRIVATE|
> MAP_DENYWRITE, 3, 0) = 0x37f0e00000
> mprotect(0x37f0e16000, 2093056, PROT_NONE) = 0
> mmap(0x37f1015000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0x15000) = 0x37f1015000
> mmap(0x37f1017000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_ANONYMOUS, -1, 0) = 0x37f1017000
> close(3) = 0
> open("/lib64/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\355\241
> \3437\0\0\0"..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1904312, ...}) = 0
> mmap(0x37e3a00000, 3729576, PROT_READ|PROT_EXEC, MAP_PRIVATE|
> MAP_DENYWRITE, 3, 0) = 0x37e3a00000
> mprotect(0x37e3b86000, 2093056, PROT_NONE) = 0
> mmap(0x37e3d85000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0x185000) = 0x37e3d85000
> mmap(0x37e3d8a000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_ANONYMOUS, -1, 0) = 0x37e3d8a000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7f1d0327f000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7f1d0327e000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7f1d0327d000
> arch_prctl(ARCH_SET_FS, 0x7f1d0327e700) = 0
> mprotect(0x37f1015000, 4096, PROT_READ) = 0
> mprotect(0x37e3d85000, 16384, PROT_READ) = 0
> mprotect(0x37e341f000, 4096, PROT_READ) = 0
> munmap(0x7f1d03280000, 71138) = 0
> uname({sys="Linux", node="acuari", ...}) = 0
> brk(0) = 0x2564000
> brk(0x2585000) = 0x2585000
> open("/etc/passwd", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=3739, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7f1d03291000
> read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3739
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> +++ killed by SIGSEGV +++
> Segmentation fault
>
> dmesg output:
> mknetid[22013]: segfault at 0 ip 00000037e3a371e2 sp 00007fff19e13c80
> error 4 in libc-2.12.so[37e3a00000+186000]
>
>
> It's an ugly problem and seems a simple out of bounds reading...
>
> Is it possible to solve the problem?
>
>
> Thank you,
>
> great work with SL 6.1
--
.-. J e a n - P a u l C h a p u t / Administrateur Systeme
/v\ [log in to unmask]
/(___)\ work: (33) 01.44.27.53.99
^^ ^^ cell: 06.66.25.35.55 home: 01.47.46.01.31
U P M C Universite Pierre & Marie Curie
L I P 6 Laboratoire d'Informatique de Paris VI
S o C System On Chip
|