URL: <http://savannah.cern.ch/bugs/?98567> Summary: Segfault in XrdSecGsi Project: XROOTD Submitted by: bbockelm Submitted on: 2012-10-31 13:49 Severity: 3 - Normal Priority: 5 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Fixed by commit(s): _______________________________________________________ Details: Hi, It appears there's an issue in XrdSecGsi when running a proxy, where the proxy authenticates its clients *and* uses GSI to authenticate the remote connections. In this case, XrdSecProtocolgsi::Init is called twice (once for the server startup, once for the first time it acts as a client authenticating with a remote service). XrdSecProtocolgsi::cacheCA is initialized when started as a server. The CAs are added to the hash. When cacheCA is initialized a second time, it leaves the object in an undefined state. Later on, when GetCA is called, cacheCA returns an invalid pointer for the CA (probably due to memory reuse?). When delete is called on the invalid pointer, xrootd segfaults and dies. Relevant valgrind and gdb snippets are below. This is very reliable to reproduce. Put the following lines in a standalone-server xrootd.cfg: sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem -crl:3 ofs.osslib /usr/lib64/libXrdPss.so pss.origin xrootd.unl.edu:1094 Then do the following as a client: xrdcp -d 1 -f root://localhost//store/test/xrootd/T2_US_Nebraska/store/data/Run2012B/SingleMu/AOD/13Jul2012-v1/0003/702C09D2-37D6-E111-9584-00259073E382.root /dev/null Brian ==15886== Thread 5: ==15886== Conditional jump or move depends on uninitialised value(s) ==15886== at 0x647C62D: XrdSecProtocolgsi::GetCA(char const*, XrdCryptoFactory*, gsiHSVars*) (XrdSecProtocolgsi.cc:4114) ==15886== by 0x647D595: XrdSecProtocolgsi::ParseCAlist(XrdOucString) (XrdSecProtocolgsi.cc:4341) ==15886== by 0x647FC7C: XrdSecProtocolgsi::ClientDoInit(XrdSutBuffer*, XrdSutBuffer**, XrdOucString&) (XrdSecProtocolgsi.cc:2790) ==15886== by 0x6480324: XrdSecProtocolgsi::ParseClientInput(XrdSutBuffer*, XrdSutBuffer**, XrdOucString&) (XrdSecProtocolgsi.cc:2701) ==15886== by 0x648342B: XrdSecProtocolgsi::getCredentials(XrdSecBuffer*, XrdOucErrInfo*) (XrdSecProtocolgsi.cc:1381) ==15886== by 0x73397BE: XrdClientConn::DoAuthentication(char*, int) (XrdClientConn.cc:1724) ==15886== by 0x733AA2B: XrdClientConn::DoLogin() (XrdClientConn.cc:1557) ==15886== by 0x733D11C: XrdClientConn::GetAccessToSrv() (XrdClientConn.cc:1294) ==15886== by 0x733EAD9: XrdClientConn::GoToAnotherServer(XrdClientUrlInfo&) (XrdClientConn.cc:2114) ==15886== by 0x733F6EE: XrdClientConn::HandleServerError(XReqErrorType&, XrdClientMessage*, ClientRequest*) (XrdClientConn.cc:1994) ==15886== by 0x733FC02: XrdClientConn::ReadPartialAnswer(XReqErrorType&, unsigned long&, ClientRequest*, bool, void**, XrdClientConn::EThreeStateReadHandler&) (XrdClientConn.cc:1122) ==15886== by 0x7340365: XrdClientConn::ClientServerCmd(ClientRequest*, void const*, void**, void*, bool, int) (XrdClientConn.cc:370) #1 0x00002aaaab83e6e2 in XrdSecProtocolgsi::GetCA (cahash=0x6f2790 "1c3f2ca8.0", cf=0x2aaaabca3f20, hs=0x6ee0f0) at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:4124 #2 0x00002aaaab83f596 in XrdSecProtocolgsi::ParseCAlist (this=0x6f0fd0, calist=...) at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:4341 #3 0x00002aaaab841c7d in XrdSecProtocolgsi::ClientDoInit (this=0x6f0fd0, br=<value optimized out>, bm=0x403fce60, emsg=...) at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:2790 #4 0x00002aaaab842325 in XrdSecProtocolgsi::ParseClientInput (this=0x37d1953218, br=0x0, bm=0x2aaaaba53780, cmsg=...) at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:2701 #5 0x00002aaaab84542c in XrdSecProtocolgsi::getCredentials (this=0x6f0fd0, parm=0x0, ei=0x403fcef0) at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:1381 _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/bugs/?98567> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/ ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1