You're welcome.
The lack of check is in the /etc/passwd parser file, so I don't think it
concerns the ypserv developers. I presume it's in the glibc.
Note that this "core dump" effect on malformed password lines affects
all programs using the parser. For myself I ran into the problem
while trying to uses "finger"...
Regards,
On Wed, 2011-10-05 at 12:00 +0200, Felip Moll wrote:
> A lot of thanks Jean-Paul.
>
> Following your indications I checked out the passwd file. All of the
> entries had six ":" , but at the end of the file, there was a blank
> line!.
>
> I deleted the blank line and the problem disappeared.
>
> It's good to know this but the Ypserv developers should take care of
> these cases and instead of generating a sigsegv, they should warn the
> user with an
> error.
>
> I will check new versions of Ypserv and report the bug to Ypserv
> developers if it's still present.
>
> Problem SOLVED.
>
> Thank you.
> Felip Moll
>
>
> 2011/10/5 Jean-Paul Chaput <[log in to unmask]>
>
> Hello Mr Moll,
>
>
> mknetid cores when it reads /etc/passwd.
>
> I've noticed that the passwd file parser is very sensitive on
> malformed lines, especially those with the wrong number of
> entries
> (some ":" are missing, there must be exactly six of them)
>
> If you work in compat mode (/etc/nsswitch.conf), uses:
> (in /etc/passwd)
>
> +::::::
>
> to include the yp entries an *not*:
>
> +
>
> But it also may occurs on any "normal" line...
>
>
> Regards,
>
>
>
> On Wed, 2011-10-05 at 10:50 +0200, Felip Moll wrote:
> > Dear SL developers,
> >
> > I have recently installed the package ypserv.x86_64, version
> > 2.19-18.el6, from repo. @sl/6.0. The same version is in the
> sl 6.1
> > repo.
> >
> > When executing the command /usr/lib64/yp/mknetid , a
> segmentation
> > fault occurs.
> >
> > Here there is some info:
> > [root@acuari ~]# /usr/lib64/yp/mknetid
> > Segmentation fault
> >
> > [root@acuari ~]# strace /usr/lib64/yp/mknetid
> > execve("/usr/lib64/yp/mknetid", ["/usr/lib64/yp/mknetid"],
> [/* 30 vars
> > */]) = 0
> > brk(0) = 0x2564000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_ANONYMOUS, -1,
> > 0) = 0x7f1d03292000
> > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such
> file or
> > directory)
> > open("/etc/ld.so.cache", O_RDONLY) = 3
> > fstat(3, {st_mode=S_IFREG|0644, st_size=71138, ...}) = 0
> > mmap(NULL, 71138, PROT_READ, MAP_PRIVATE, 3, 0) =
> 0x7f1d03280000
> > close(3) = 0
> > open("/lib64/libnsl.so.1", O_RDONLY) = 3
> > read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0
> \360?\340\3607
> > \0\0\0"..., 832) = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=116136, ...}) = 0
> > mmap(0x37f0e00000, 2198192, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|
> > MAP_DENYWRITE, 3, 0) = 0x37f0e00000
> > mprotect(0x37f0e16000, 2093056, PROT_NONE) = 0
> > mmap(0x37f1015000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_FIXED|
> > MAP_DENYWRITE, 3, 0x15000) = 0x37f1015000
> > mmap(0x37f1017000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_FIXED|
> > MAP_ANONYMOUS, -1, 0) = 0x37f1017000
> > close(3) = 0
> > open("/lib64/libc.so.6", O_RDONLY) = 3
> > read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260
> \355\241
> > \3437\0\0\0"..., 832) = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=1904312, ...}) = 0
> > mmap(0x37e3a00000, 3729576, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|
> > MAP_DENYWRITE, 3, 0) = 0x37e3a00000
> > mprotect(0x37e3b86000, 2093056, PROT_NONE) = 0
> > mmap(0x37e3d85000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_FIXED|
> > MAP_DENYWRITE, 3, 0x185000) = 0x37e3d85000
> > mmap(0x37e3d8a000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_FIXED|
> > MAP_ANONYMOUS, -1, 0) = 0x37e3d8a000
> > close(3) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_ANONYMOUS, -1,
> > 0) = 0x7f1d0327f000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_ANONYMOUS, -1,
> > 0) = 0x7f1d0327e000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_ANONYMOUS, -1,
> > 0) = 0x7f1d0327d000
> > arch_prctl(ARCH_SET_FS, 0x7f1d0327e700) = 0
> > mprotect(0x37f1015000, 4096, PROT_READ) = 0
> > mprotect(0x37e3d85000, 16384, PROT_READ) = 0
> > mprotect(0x37e341f000, 4096, PROT_READ) = 0
> > munmap(0x7f1d03280000, 71138) = 0
> > uname({sys="Linux", node="acuari", ...}) = 0
> > brk(0) = 0x2564000
> > brk(0x2585000) = 0x2585000
> > open("/etc/passwd", O_RDONLY) = 3
> > fstat(3, {st_mode=S_IFREG|0644, st_size=3739, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_ANONYMOUS, -1,
> > 0) = 0x7f1d03291000
> > read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3739
> > --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> > +++ killed by SIGSEGV +++
> > Segmentation fault
> >
> > dmesg output:
> > mknetid[22013]: segfault at 0 ip 00000037e3a371e2 sp
> 00007fff19e13c80
> > error 4 in libc-2.12.so[37e3a00000+186000]
> >
> >
> > It's an ugly problem and seems a simple out of bounds
> reading...
> >
> > Is it possible to solve the problem?
> >
> >
> > Thank you,
> >
> > great work with SL 6.1
>
>
> --
> .-. J e a n - P a u l C h a p u t /
> Administrateur Systeme
> /v\ [log in to unmask]
> /(___)\ work: (33) 01.44.27.53.99
> ^^ ^^ cell: 06.66.25.35.55 home: 01.47.46.01.31
>
> U P M C Universite Pierre & Marie Curie
> L I P 6 Laboratoire d'Informatique de Paris VI
> S o C System On Chip
>
>
>
--
.-. J e a n - P a u l C h a p u t / Administrateur Systeme
/v\ [log in to unmask]
/(___)\ work: (33) 01.44.27.53.99
^^ ^^ cell: 06.66.25.35.55 home: 01.47.46.01.31
U P M C Universite Pierre & Marie Curie
L I P 6 Laboratoire d'Informatique de Paris VI
S o C System On Chip
|