URL:
<http://savannah.cern.ch/bugs/?98567>
Summary: Segfault in XrdSecGsi
Project: XROOTD
Submitted by: bbockelm
Submitted on: 2012-10-31 13:49
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Fixed by commit(s):
_______________________________________________________
Details:
Hi,
It appears there's an issue in XrdSecGsi when running a proxy, where the
proxy authenticates its clients *and* uses GSI to authenticate the remote
connections.
In this case, XrdSecProtocolgsi::Init is called twice (once for the server
startup, once for the first time it acts as a client authenticating with a
remote service).
XrdSecProtocolgsi::cacheCA is initialized when started as a server. The CAs
are added to the hash. When cacheCA is initialized a second time, it leaves
the object in an undefined state.
Later on, when GetCA is called, cacheCA returns an invalid pointer for the CA
(probably due to memory reuse?). When delete is called on the invalid
pointer, xrootd segfaults and dies.
Relevant valgrind and gdb snippets are below. This is very reliable to
reproduce. Put the following lines in a standalone-server xrootd.cfg:
sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates
-cert:/etc/grid-security/xrd/xrdcert.pem
-key:/etc/grid-security/xrd/xrdkey.pem -crl:3
ofs.osslib /usr/lib64/libXrdPss.so
pss.origin xrootd.unl.edu:1094
Then do the following as a client:
xrdcp -d 1 -f
root://localhost//store/test/xrootd/T2_US_Nebraska/store/data/Run2012B/SingleMu/AOD/13Jul2012-v1/0003/702C09D2-37D6-E111-9584-00259073E382.root
/dev/null
Brian
==15886== Thread 5:
==15886== Conditional jump or move depends on uninitialised value(s)
==15886== at 0x647C62D: XrdSecProtocolgsi::GetCA(char const*,
XrdCryptoFactory*, gsiHSVars*) (XrdSecProtocolgsi.cc:4114)
==15886== by 0x647D595: XrdSecProtocolgsi::ParseCAlist(XrdOucString)
(XrdSecProtocolgsi.cc:4341)
==15886== by 0x647FC7C: XrdSecProtocolgsi::ClientDoInit(XrdSutBuffer*,
XrdSutBuffer**, XrdOucString&) (XrdSecProtocolgsi.cc:2790)
==15886== by 0x6480324: XrdSecProtocolgsi::ParseClientInput(XrdSutBuffer*,
XrdSutBuffer**, XrdOucString&) (XrdSecProtocolgsi.cc:2701)
==15886== by 0x648342B: XrdSecProtocolgsi::getCredentials(XrdSecBuffer*,
XrdOucErrInfo*) (XrdSecProtocolgsi.cc:1381)
==15886== by 0x73397BE: XrdClientConn::DoAuthentication(char*, int)
(XrdClientConn.cc:1724)
==15886== by 0x733AA2B: XrdClientConn::DoLogin() (XrdClientConn.cc:1557)
==15886== by 0x733D11C: XrdClientConn::GetAccessToSrv()
(XrdClientConn.cc:1294)
==15886== by 0x733EAD9:
XrdClientConn::GoToAnotherServer(XrdClientUrlInfo&) (XrdClientConn.cc:2114)
==15886== by 0x733F6EE: XrdClientConn::HandleServerError(XReqErrorType&,
XrdClientMessage*, ClientRequest*) (XrdClientConn.cc:1994)
==15886== by 0x733FC02: XrdClientConn::ReadPartialAnswer(XReqErrorType&,
unsigned long&, ClientRequest*, bool, void**,
XrdClientConn::EThreeStateReadHandler&) (XrdClientConn.cc:1122)
==15886== by 0x7340365: XrdClientConn::ClientServerCmd(ClientRequest*,
void const*, void**, void*, bool, int) (XrdClientConn.cc:370)
#1 0x00002aaaab83e6e2 in XrdSecProtocolgsi::GetCA (cahash=0x6f2790
"1c3f2ca8.0", cf=0x2aaaabca3f20, hs=0x6ee0f0) at
/usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:4124
#2 0x00002aaaab83f596 in XrdSecProtocolgsi::ParseCAlist (this=0x6f0fd0,
calist=...) at
/usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:4341
#3 0x00002aaaab841c7d in XrdSecProtocolgsi::ClientDoInit (this=0x6f0fd0,
br=<value optimized out>, bm=0x403fce60, emsg=...)
at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:2790
#4 0x00002aaaab842325 in XrdSecProtocolgsi::ParseClientInput
(this=0x37d1953218, br=0x0, bm=0x2aaaaba53780, cmsg=...)
at /usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:2701
#5 0x00002aaaab84542c in XrdSecProtocolgsi::getCredentials (this=0x6f0fd0,
parm=0x0, ei=0x403fcef0) at
/usr/src/debug/xrootd/xrootd/src/XrdSecgsi/XrdSecProtocolgsi.cc:1381
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/bugs/?98567>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
