LISTSERV 16.5 - XROOTD-DEV Archives

After updating from xrootd 4.6 to 4.7.0, a site using GSI authentication with LCMAPS and GUMS reported xrootd segfaults:

```
Program terminated with signal 11, Segmentation fault.
#0  AuthzFunCheck (this=0x7f2fe4002560, cred=<value optimized out>, parms=0x7f30497ff588, ei=0x7f30497ff590) at /usr/src/debug/xrootd-4.7.0/src/XrdSecgsi/XrdSecProtocolgsi.cc:1558
```
Source line: https://github.com/xrootd/xrootd/blob/771dbc31b2/src/XrdSecgsi/XrdSecProtocolgsi.cc#L1558

Looking at the core file, the variable notafter (e->buf2.buf) was null, and accessing the null pointer triggered the segfault:

    (gdb) info locals
    expired = false
    notafter = <error reading variable notafter (Cannot access memory at address 0x0)>
    st_ref = 2
    ts_ref = 1506456799
    to_ref = 43200
    st_exp = -1 

My guess as to what's happening in XrdSecProtocolgsi::Authenticate():
buf2 is [free()d](https://github.com/xrootd/xrootd/blob/771dbc31b21f1312fa6a95d8ffb7eb983d3cf1a2/src/XrdSecgsi/XrdSecProtocolgsi.cc#L1869) and then there happens to be a failure in the [AuthzFun LCMAPS callout](https://github.com/xrootd/xrootd/blob/771dbc31b21f1312fa6a95d8ffb7eb983d3cf1a2/src/XrdSecgsi/XrdSecProtocolgsi.cc#L1873). Authenticate() breaks out of the block and buf2 is never reassigned. A later authorization call with the same DN will retrieve the same cache entry and trigger the segfault in AuthzFunCheck().

This guess is supported by log entries of "ERROR: the authorization plug-in reported a failure for this handshake" shortly before the segfaults.

I'm not sure of the best place to fix it. Maybe just "if (e && e->buf2.buf)" in AuthzFunCheck(), similar to the [recent fix](https://github.com/xrootd/xrootd/commit/771dbc31b2) in QueryProxyCheck()?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/595

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1