After updating from xrootd 4.6 to 4.7.0, a site using GSI authentication with LCMAPS and GUMS reported xrootd segfaults:
Program terminated with signal 11, Segmentation fault.
#0 AuthzFunCheck (this=0x7f2fe4002560, cred=<value optimized out>, parms=0x7f30497ff588, ei=0x7f30497ff590) at /usr/src/debug/xrootd-4.7.0/src/XrdSecgsi/XrdSecProtocolgsi.cc:1558
Source line: https://github.com/xrootd/xrootd/blob/771dbc31b2/src/XrdSecgsi/XrdSecProtocolgsi.cc#L1558
Looking at the core file, the variable notafter (e->buf2.buf) was null, and accessing the null pointer triggered the segfault:
(gdb) info locals
expired = false
notafter = <error reading variable notafter (Cannot access memory at address 0x0)>
st_ref = 2
ts_ref = 1506456799
to_ref = 43200
st_exp = -1
My guess as to what's happening in XrdSecProtocolgsi::Authenticate():
buf2 is free()d and then there happens to be a failure in the AuthzFun LCMAPS callout. Authenticate() breaks out of the block and buf2 is never reassigned. A later authorization call with the same DN will retrieve the same cache entry and trigger the segfault in AuthzFunCheck().
This guess is supported by log entries of "ERROR: the authorization plug-in reported a failure for this handshake" shortly before the segfaults.
I'm not sure of the best place to fix it. Maybe just "if (e && e->buf2.buf)" in AuthzFunCheck(), similar to the recent fix in QueryProxyCheck()?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1