[Bug 359216] New: pam_libthinkfinger crashes
https://bugzilla.novell.com/show_bug.cgi?id=359216 Summary: pam_libthinkfinger crashes Product: openSUSE 10.3 Version: Final Platform: x86-64 OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: garloff@novell.com QAContact: qa@suse.de Found By: Product Management The fingerprint reader support works nicely in openSUSE-10.3 (x86-64) except that it sometimes causes crashes: garloff@f82:~ [0]$ xlock *** glibc detected *** /sbin/unix2_chkpwd: corrupted double-linked list: 0x00000 000021f9ae0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x7fa40232c21d] /lib64/libc.so.6[0x7fa40232e56f] /lib64/libc.so.6(__libc_malloc+0x9c)[0x7fa40232fc0c] /usr/lib64/libusb-0.1.so.4(usb_os_find_devices+0x376)[0x7fa40147af76] /usr/lib64/libusb-0.1.so.4(usb_find_devices+0x42)[0x7fa401477ef2] /usr/lib64/libthinkfinger.so.0[0x7fa40189bb3a] /usr/lib64/libthinkfinger.so.0(libthinkfinger_verify+0x58)[0x7fa40189bfa8] /lib64/security/pam_thinkfinger.so[0x7fa401a9f9e2] /lib64/libpthread.so.0[0x7fa401685020] /lib64/libc.so.6(clone+0x6d)[0x7fa402382f8d] ======= Memory map: ======== 00400000-00402000 r-xp 00000000 fd:02 49374 /sbin/unix2_chkpwd 00601000-00603000 rw-p 00001000 fd:02 49374 /sbin/unix2_chkpwd 021f9000-0221a000 rw-p 021f9000 00:00 0 [heap] 401ec000-401ed000 ---p 401ec000 00:00 0 401ed000-409ed000 rw-p 401ed000 00:00 0 409ed000-409ee000 ---p 409ed000 00:00 0 409ee000-411ee000 rw-p 409ee000 00:00 0 7fa3fffea000-7fa3ffff7000 r-xp 00000000 fd:02 245850 /lib64/libgcc_s.so.1 7fa3ffff7000-7fa4001f6000 ---p 0000d000 fd:02 245850 /lib64/libgcc_s.so.1 7fa4001f6000-7fa4001f8000 rw-p 0000c000 fd:02 245850 /lib64/libgcc_s.so.1 7fa4001f8000-7fa4001f9000 r-xp 00000000 fd:02 245877 /lib64/security/pam_deny.so 7fa4001f9000-7fa4003f8000 ---p 00001000 fd:02 245877 /lib64/security/pam_deny.so 7fa4003f8000-7fa4003fa000 rw-p 00000000 fd:02 245877 /lib64/security/pam_deny.so 7fa4003fa000-7fa4003fb000 r-xp 00000000 fd:02 245911 /lib64/security/pam_warn.so 7fa4003fb000-7fa4005fa000 ---p 00001000 fd:02 245911 /lib64/security/pam_warn.so 7fa4005fa000-7fa4005fc000 rw-p 00000000 fd:02 245911 /lib64/security/pam_warn.so 7fa4005fc000-7fa4005fe000 r-xp 00000000 fd:02 245909 /lib64/security/pam_umask.so 7fa4005fe000-7fa4007fd000 ---p 00002000 fd:02 245909 /lib64/security/pam_umask.so 7fa4007fd000-7fa4007ff000 rw-p 00001000 fd:02 245909 /lib64/security/pam_umask.so 7fa4007ff000-7fa400802000 r-xp 00000000 fd:02 245890 /lib64/security/pam_limits.so 7fa400802000-7fa400a01000 ---p 00003000 fd:02 245890 /lib64/security/pam_limits.so 7fa400a01000-7fa400a03000 rw-p 00002000 fd:02 245890 /lib64/security/pam_limits.so 7fa400a03000-7fa400a0b000 r-xp 00000000 fd:03 868997 /usr/lib64/libcrack.so.2.8.0 7fa400a0b000-7fa400c0b000 ---p 00008000 fd:03 868997 /usr/lib64/libcrack.so.2.8.0 7fa400c0b000-7fa400c0d000 rw-p 00008000 fd:03 868997 /usr/lib64/libcrack.so.2.8.0 7fa400c0d000-7fa400c10000 rw-p 7fa400c0d000 00:00 0 7fa400c10000-7fa400c18000 r-xp 00000000 fd:02 245947 /lib64/security/pam_pwcheck.so 7fa400c18000-7fa400e17000 ---p 00008000 fd:02 245947 /lib64/security/pam_pwcheck.so 7fa400e17000-7fa400e19000 rw-p 00007000 fd:02 245947 /lib64/security/pam_pwcheck.so 7fa400e19000-7fa400e24000 r-xp 00000000 fd:02 245823 /lib64/libxcrypt.so.1.2.4 7fa400e24000-7fa401023000 ---p 0000b000 fd:02 245823 /lib64/libxcrypt.so.1.2.4 7fa401023000-7fa401026000 rw-p 0000a000 fd:02 245823 /lib64/libxcrypt.so.1.2.4 7fa401026000-7fa401054000 rw-p 7fa401026000 00:00 0 7fa401054000-7fa401068000 r-xp 00000000 fd:02 245780 /lib64/libnsl-2.6.1.so 7fa401068000-7fa401267000 ---p 00014000 fd:02 245780 /lib64/libnsl-2.6.1.so 7fa401267000-7fa401269000 rw-p 00013000 fd:02 245780 /lib64/libnsl-2.6.1.so 7fa401269000-7fa40126b000 rw-p 7fa401269000 00:00 0 7fa40126b000-7fa401275000 r-xp 00000000 fd:02 245948 /lib64/security/pam_unix2.so 7fa401275000-7fa401474000 ---p 0000a000 fd:02 245948 /lib64/security/pam_unix2.so 7fa401474000-7fa401476000 rw-p 00009000 fd:02 245948 /lib64/security/pam_unix2.so 7fa401476000-7fa40147d000 r-xp 00000000 fd:03 869401 /usr/lib64/libusb-0.1.so.4.4.4 7fa40147d000-7fa40167c000 ---p 00007000 fd:03 869401 /usr/lib64/libusb-0.1.so.4.4.4 7fa40167c000-7fa40167f000 rw-p 00006000 fd:03 869401 /usr/lib64/libusb-0.1.so.4.4.4 7fa40167f000-7fa401694000 r-xp 00000000 fd:02 245795 *** glibc detected *** /sbin/unix2_chkpwd: corrupted double-linked list: 0x000000000078dae0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x7f9e6e5b821d] /lib64/libc.so.6[0x7f9e6e5ba56f] /lib64/libc.so.6(__libc_malloc+0x9c)[0x7f9e6e5bbc0c] /usr/lib64/libusb-0.1.so.4(usb_os_find_devices+0x376)[0x7f9e6d706f76] /usr/lib64/libusb-0.1.so.4(usb_find_devices+0x42)[0x7f9e6d703ef2] /usr/lib64/libthinkfinger.so.0[0x7f9e6db27b3a] /usr/lib64/libthinkfinger.so.0(libthinkfinger_verify+0x58)[0x7f9e6db27fa8] /lib64/security/pam_thinkfinger.so[0x7f9e6dd2b9e2] /lib64/libpthread.so.0[0x7f9e6d911020] /lib64/libc.so.6(clone+0x6d)[0x7f9e6e60ef8d] ======= Memory map: ======== 00400000-00402000 r-xp 00000000 fd:02 49374 /sbin/unix2_chkpwd 00601000-00603000 rw-p 00001000 fd:02 49374 /sbin/unix2_chkpwd .. Removing pam_thinkfinger from common-auth helps ... but then the fingerprint reader is not used ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 Kurt Garloff <garloff@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |thoenig@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c1 --- Comment #1 from Kurt Garloff <garloff@novell.com> 2008-02-06 09:22:17 MST --- valgrind ./unix2_chkpwd xlock garloff [...] ==27948== Syscall param ioctl(generic) points to unaddressable byte(s) ==27948== at 0x50F1267: ioctl (in /lib64/libc-2.6.1.so) ==27948== by 0x59951FC: uinput_open (in /lib64/security/pam_thinkfinger.so) ==27948== by 0x599575F: pam_sm_authenticate (in /lib64/security/pam_thinkfinger.so) ==27948== by 0x4E29F20: _pam_dispatch (pam_dispatch.c:83) ==27948== by 0x4E29851: pam_authenticate (pam_auth.c:34) ==27948== by 0x4013B8: (within /tmp/unix2_chkpwd) ==27948== by 0x5050B53: (below main) (in /lib64/libc-2.6.1.so) ==27948== Address 0x1 is not stack'd, malloc'd or (recently) free'd ==27948== ==27948== Syscall param ioctl(generic) points to unaddressable byte(s) ==27948== at 0x50F1267: ioctl (in /lib64/libc-2.6.1.so) ==27948== by 0x599520F: uinput_open (in /lib64/security/pam_thinkfinger.so) ==27948== by 0x599575F: pam_sm_authenticate (in /lib64/security/pam_thinkfinger.so) ==27948== by 0x4E29F20: _pam_dispatch (pam_dispatch.c:83) ==27948== by 0x4E29851: pam_authenticate (pam_auth.c:34) ==27948== by 0x4013B8: (within /tmp/unix2_chkpwd) ==27948== by 0x5050B53: (below main) (in /lib64/libc-2.6.1.so) ==27948== Address 0x1C is not stack'd, malloc'd or (recently) free'd = -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c2 --- Comment #2 from Kurt Garloff <garloff@novell.com> 2008-02-06 11:16:13 MST --- The valgrind piece may be misleading ... The crash happens here: libusb/linux.c:493 bigbuffer = malloc(config.wTotalLength); Strange thing is that glibc does not detect any problem with MALLOC_CHECK=1 or 2 nor does valgrind or eFence :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c3 --- Comment #3 from Kurt Garloff <garloff@novell.com> 2008-02-06 12:52:34 MST --- It works nicely for su, login, ... (text mode programs), but segfaults on xlock, kdesktop_lock, kdm. So it seems to be somehow related to the environment. Multithreading? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c4 Timo Hoenig <thoenig@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #4 from Timo Hoenig <thoenig@novell.com> 2008-02-06 13:01:14 MST --- Thanks for the investigations, Kurt. There's definitely something fishy. When developing I ran never into similar things, but that was with a console + GTK/GNOME applications. GDM and such work fine, thus I really wonder why I never run into issues there (as that is mt, too). Dirk recently reported some similar issues. I'll post updates to this report as soon as I have updates on this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
From pam_sm_authenticate(), you call libthinkfinger_new(), which allocates
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c6 --- Comment #6 from Kurt Garloff <garloff@novell.com> 2008-02-07 06:51:26 MST --- Ouch, does not look like code from someone who's used to thread programming :-O the data structure. Then you start to threads, pam_prompt_thread and thinkfinger_thread.
From within the pam_prompt_thread you call libthinkfinger_free(). Bad idea. There's no guarantee that the thinkfinger_thread has ended at that point in time. (You have not called _join yet.) And you should do the free where you have done the allocation, that's a general sanity rule ... If there is a need to somehow notify the other thread (via _usb_deinit()), you may want to call that frpm the pam_prompt_thread.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c9 --- Comment #9 from Timo Hoenig <thoenig@novell.com> 2008-02-07 08:45:02 MST --- Sorry for the not posting updates, I'm busy preparing a talk for next Tuesday. Page 30ff. of http://nouse.net/talks/thinkfinger-fosdem-2007-thoenig.pdf shows why we need two threads. We're stuck in the application using PAM after calling pam_prompt. Due to the sorrowful design of PAM there is no other way to get back into the PAM module than by waiting for the 'real' carriage return or the 'fake' sent by the second thread after the swipe. That's how is is supposed to work. To decide on mistakes in the mutual cleanup of the threads I'd have to look at the code. I can recall that I discussed signal handlers with Ludwig, but our conclusion was not to use them as this brings pain to login managers. I implemented everything with signals before the current design which -- for a reason I can not recall -- cause problems in specific scenarios. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c14 --- Comment #14 from Kurt Garloff <garloff@novell.com> 2008-02-14 10:49:12 MST --- Thorsten, fortunately, we don't need to kill the input prompt thread, the thinkfinger sensor can send a return via uinput ... We just need to cancel the other thinkfinger thread once we have received a password. And that code was just buggy. I do think that cancelling the thread with pthread_cancel(tid) should really be safe, even if the app uses threads already for other things. Only the targeted thread should really be impacted by a pthread_cancel. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User dmueller@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c15 --- Comment #15 from Dirk Mueller <dmueller@novell.com> 2008-02-25 05:54:07 MST --- bug 358542 is around the same bug, which however blocks my SP2 feature implementation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c16 --- Comment #16 from Kurt Garloff <garloff@novell.com> 2008-02-25 21:30:28 MST --- Timo, do you need me to attach a patch to this bugreport? I have thinkfinger working fine for weeks now on my machine ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c17 --- Comment #17 from Timo Hoenig <thoenig@novell.com> 2008-02-26 02:30:18 MST --- Kurt, yes, please do so. I'm a little behind my schedule, thus the delay. Thorsten, could we sit down for a moment sometime later this week to discuss the issue and Kurt's patch? Dirk, I'll submit the outcome for both, STABLE and SLE10-SP2 Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User dmueller@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c19 --- Comment #19 from Dirk Mueller <dmueller@novell.com> 2008-03-18 04:41:40 MST --- *** Bug 358542 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=358542 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c20 --- Comment #20 from Timo Hoenig <thoenig@novell.com> 2008-03-25 13:40:52 MST --- Kurt, ping. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c21 Kurt Garloff <garloff@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|garloff@novell.com | --- Comment #21 from Kurt Garloff <garloff@novell.com> 2008-03-31 14:47:56 MST --- Created an attachment (id=205132) --> (https://bugzilla.novell.com/attachment.cgi?id=205132) thread-free.diff I tried to find a cleaner solution with pthread_cancel(), but this is not as easy as I thought. So here is a solution using the SIGINT signal to notify the tf thread to exist when we received a password from the keyboard. Works like a charm. For KDE3 there is a peculiarity, which however has nothing to do with this path AFAICT: You need to hit enter and only then swipe your finger. Or enter the password and swipe anything ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c22 Timo Hoenig <thoenig@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #22 from Timo Hoenig <thoenig@novell.com> 2008-04-01 02:07:31 MST --- Thanks, Kurt. The KDE3 issue should be addressed by Dirk's efforts I assume. Submitted a fixed package to SLES10-SP2, closing as FIXED. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User garloff@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c23 --- Comment #23 from Kurt Garloff <garloff@novell.com> 2008-04-01 04:00:55 MST --- Did you submit to STABLE as well? 10.3? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c24 --- Comment #24 from Timo Hoenig <thoenig@novell.com> 2008-04-01 04:21:56 MST --- Sure, I'll submit it to STABLE, too. Not sure if we want an online update for 10.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=359216 User thoenig@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=359216#c26 --- Comment #26 from Timo Hoenig <thoenig@novell.com> 2008-05-07 06:48:08 MST --- Created an attachment (id=213142) --> (https://bugzilla.novell.com/attachment.cgi?id=213142) The fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com