Mailinglist Archive: opensuse-bugs (13069 mails)

< Previous Next >
[Bug 464181] New: Segfault in ssh caused by _nss_nis_gethostbyname4_r()
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 7 Jan 2009 10:18:51 -0700 (MST)
  • Message-id: <bug-464181-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=464181


Summary: Segfault in ssh caused by _nss_nis_gethostbyname4_r()
Product: openSUSE 11.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: loose@xxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---


When running ssh (or traceroute, or entering a valid http address in firefox),
a segfault results in _nss_nis_gethostbyname4_r ()

I see segfaults in two situations:
1) when specifying only a hostname without a domain
2) when specifying a hostname with domain that resolves to a different
canonical name.

This problem might be related to a bug found in glibc-2.9-2 (see
https://bugzilla.redhat.com/show_bug.cgi?id=474800)

Below is the output a valgrind run

==29145== Memcheck, a memory error detector.
==29145== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==29145== Using LibVEX rev 1854, a library for dynamic binary translation.
==29145== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==29145== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==29145== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==29145== For more details, rerun with: -v
==29145==
==29145== Invalid free() / delete / delete[]
==29145== at 0x4C243AF: free (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==29145== by 0x7D57708: _nss_nis_gethostbyname4_r (in
/lib64/libnss_nis-2.9.so)
==29145== Address 0x7782e07 is 31 bytes inside a block of size 176 alloc'd
==29145== at 0x4C256AE: malloc (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==29145== by 0x55C70DD: yp_match (in /lib64/libnsl-2.9.so)
==29145== by 0x7D5760C: _nss_nis_gethostbyname4_r (in
/lib64/libnss_nis-2.9.so)
==29145== by 0x68862A5: (within /lib64/libc-2.9.so)
==29145== by 0x68885B1: getaddrinfo (in /lib64/libc-2.9.so)
==29145== by 0x145F6: (within /usr/bin/ssh)
==29145== by 0xAA14: main (in /usr/bin/ssh)
==29145==
==29145== Process terminating with default action of signal 11 (SIGSEGV)
==29145== Bad permissions for mapped region at address 0x1
==29145== at 0x47: (within /usr/bin/ssh)
==29145==
==29145== FILE DESCRIPTORS: 3 open at exit.
==29145== Open file descriptor 2: /dop131_1/loose/work/USG/bug.log
==29145== <inherited from parent>
==29145==
==29145== Open file descriptor 1: /dop131_1/loose/work/USG/bug.log
==29145== <inherited from parent>
==29145==
==29145== Open file descriptor 0: /dev/pts/9
==29145== <inherited from parent>
==29145==
==29145==
==29145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 2)
==29145== malloc/free: in use at exit: 63,343 bytes in 2,013 blocks.
==29145== malloc/free: 2,117 allocs, 105 frees, 123,137 bytes allocated.
==29145== For counts of detected errors, rerun with: -v
==29145== searching for pointers to 2,013 not-freed blocks.
==29145== checked 576,704 bytes.
==29145==
==29145==
==29145== 292 (52 direct, 240 indirect) bytes in 1 blocks are definitely lost
in loss record 2 of 9
==29145== at 0x4C256AE: malloc (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==29145== by 0x68AB552: (within /lib64/libc-2.9.so)
==29145== by 0x68ABCE6: __nss_database_lookup (in /lib64/libc-2.9.so)
==29145== by 0x7B4E35F: ???
==29145== by 0x7B4F04C: ???
==29145== by 0x6869CFB: getpwuid_r (in /lib64/libc-2.9.so)
==29145== by 0x686955E: getpwuid (in /lib64/libc-2.9.so)
==29145== by 0x9BE4: main (in /usr/bin/ssh)
==29145==
==29145==
==29145== 176 bytes in 1 blocks are possibly lost in loss record 6 of 9
==29145== at 0x4C256AE: malloc (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==29145== by 0x55C70DD: yp_match (in /lib64/libnsl-2.9.so)
==29145== by 0x7D5760C: ???
==29145== by 0x68862A5: (within /lib64/libc-2.9.so)
==29145== by 0x68885B1: getaddrinfo (in /lib64/libc-2.9.so)
==29145== by 0x145F6: (within /usr/bin/ssh)
==29145== by 0xAA14: main (in /usr/bin/ssh)
==29145==
==29145== LEAK SUMMARY:
==29145== definitely lost: 52 bytes in 1 blocks.
==29145== indirectly lost: 240 bytes in 10 blocks.
==29145== possibly lost: 176 bytes in 1 blocks.
==29145== still reachable: 62,875 bytes in 2,001 blocks.
==29145== suppressed: 0 bytes in 0 blocks.
==29145== Reachable blocks (those to which a pointer was found) are not shown.
==29145== To see them, rerun with: --leak-check=full --show-reachable=yes


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >