group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1571456] Re: id crashed with SIGSEGV in sock_eq()

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1571456@xxxxxxxxxxxxxxxxxx>
Date: Tue, 25 Oct 2016 12:01:49 -0000
Reply-to: Bug 1571456 <1571456@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package glibc - 2.23-0ubuntu4

---------------
glibc (2.23-0ubuntu4) xenial; urgency=medium

  * debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
  * debian/patches/git-updates.diff: Update from release/2.23/master branch:
    - Include fix for potential makecontext() hang on ARMv7 (CVE-2016-6323)
    - Include fix for SEGV in sock_eq with nss_hesiod module (LP: #1571456)
    - Include malloc fixes, addressing multithread deadlocks (LP: #1630302)
    - debian/patches/hurd-i386/cvs-libpthread.so.diff: Dropped, upstreamed.
    - debian/patches/any/submitted-argp-attribute.diff: Dropped, upstreamed.
    - debian/patches/hurd-i386/tg-hurdsig-fixes-2.diff: Rebased to upstream.
  * debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
    from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
  * debian/patches/any/cvs-cos-precision.diff: Fix cos() bugs (LP: #1614966)
  * debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.

 -- Adam Conrad <adconrad@xxxxxxxxxx>  Fri, 14 Oct 2016 00:00:34 -0600

** Changed in: glibc (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6323

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1571456

Title:
  id crashed with SIGSEGV in sock_eq()

Status in GLibC:
  Unknown
Status in glibc package in Ubuntu:
  Fix Released
Status in glibc source package in Xenial:
  Fix Released
Status in glibc package in Debian:
  Confirmed
Status in glibc package in Fedora:
  Unknown

Bug description:
  [Impact]

  The nss_hesiod nsswitch module, which worked in previous releases,
  does not work at all in Ubuntu 16.04.  Enabling it causes NULL pointer
  dereferences in calls such as getpwuid().  This will prevent any user
  logins from succeeding in our environment of hundreds of workstations,
  which in turn blocks us from upgrading from 14.04 to 16.04.

  [Test Case]

  # sed -i 's/passwd: *compat/& hesiod/' /etc/nsswitch.conf
  # cat > /etc/hesiod.conf <<EOF
  lhs=.ns
  rhs=.athena.mit.edu
  EOF
  # id andersk
  Segmentation fault (core dumped)

  Expected output: uid=39270(andersk) gid=101(…) groups=101(…).

  [Regression Potential]

  I wrote a 6-line patch that conditionalizes an errant res_nclose call.
  There is also a bigger upstream patch on the glibc 2.22 and 2.23
  stable branches that entirely removes the unused abstraction that
  necessitated the res_nclose calls at all.  Neither patch makes any
  changes outside of the glibc hesiod directory, which as of now is so
  thoroughly broken that there is nothing left to regress.

  [Other Info]

  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: coreutils 8.25-2ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  NonfreeKernelModules: openafs
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Sun Apr 17 22:39:06 2016
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/id
  ExecutableTimestamp: 1455802667
  InstallationDate: Installed on 2016-02-19 (58 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160218)
  ProcCmdline: id andersk
  ProcCwd: /home/anders
  SegvAnalysis:
   Segfault happened at: 0x7fef32217a88 <__libc_res_nsend+3192>:	cmp    %dx,(%rax)
   PC (0x7fef32217a88) ok
   source "%dx" ok
   destination "(%rax)" (0x00000000) not located in a known VMA region (needed writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: coreutils
  StacktraceTop:
   sock_eq (a2=0x0, a1=0x7fef33b9daf4 <_res+20>) at res_send.c:1584
   __libc_res_nsend (statp=0x7fef33b9dae0 <_res>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=45, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=ans@entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=1024, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0, ansp2_malloced=0x0) at res_send.c:408
   __GI___res_nsend (statp=<optimized out>, buf=buf@entry=0x7ffd88e80910 "@\267\001", buflen=<optimized out>, ans=ans@entry=0x7ffd88e80d10 " you want.  Don't add spaces after the\n", anssiz=anssiz@entry=1024) at res_send.c:630
   get_txt_records (class=1, name=name@entry=0xff3dd0 "39270.uid.ns.athena.mit.edu", ctx=0xff27e0) at hesiod.c:374
   hesiod_resolve (context=context@entry=0xff27e0, name=name@entry=0x7ffd88e81190 "39270", type=type@entry=0x7fef3242a486 "uid") at hesiod.c:240
  Title: id crashed with SIGSEGV in sock_eq()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sbuild sudo wireshark

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1571456/+subscriptions