Ubuntu
sssd package

sssd NULL dereference in monitor_service_shutdown

Bug #1982783 reported by Todd Seidelmann
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
New
Undecided
Unassigned
Focal
New
Undecided
Unassigned

Bug Description

sssd may intermittently crash on shutdown due to a NULL pointer dereference in src/monitor/monitor.c:

Core was generated by `/usr/sbin/sssd -i --logger=files'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000056546b6ac93c in monitor_service_shutdown (svc=0x56546c02d280) at ../src/monitor/monitor.c:2134
2134 ctx->num_services--;

(gdb) frame
#0 0x000055647890b93c in monitor_service_shutdown (svc=0x55647a24c690) at ../src/monitor/monitor.c:2134
2134 ctx->num_services--;

(gdb) p ctx
$1 = (struct mt_ctx *) 0x0

This is Ubuntu 20.04.4:
$ lsb_release -rd
Description: Ubuntu 20.04.4 LTS
Release: 20.04

It occurs in sssd-2.2.3-3ubuntu0.8:
$ apt-cache policy sssd
sssd:
  Installed: (none)
  Candidate: 2.2.3-3ubuntu0.8
  Version table:
     2.2.3-3ubuntu0.8 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages
        500 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 Packages
     2.2.3-3 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages

The struct mt_ctx pointer at line 2134 of monitor.c may be set to NULL elsewhere in the code (specifically, in monitor_ctx_destructor()). Correct behavior would be to check if the pointer is NULL before dereferencing to avoid the segfault.

This still appears to be unfixed in the latest (2.2.3-3ubuntu0.9, focal-proposed) package. It was fixed upstream in sssd 2.5.2 via this commit: https://github.com/SSSD/sssd/commit/38905cac4b67f0e4c4b0f59af9ea7474482f088e

I've attached a patch that implements the upstream fix in 2.2.3-3ubuntu0.8.

Tags: patch
Revision history for this message
Todd Seidelmann (tseidelmann) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Backported patch from sssd 2.5.2" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for taking the time to report this bug and trying to make Ubuntu better.

I am adding this bug to our work queue and someone should start to work on it as soon as we find some time.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Hello Todd,

I'm starting to take a look at this bug, and the first step here is to find a reproducer for it. This is needed because the bug affects stable releases of Ubuntu, so we will need to go through the SRU process in order to update sssd, and the process requires (among other things) that we provide a clear Test Plan for the bug.

I understand that the problem happens when sssd is being shutdown after socket-activated services are started. I'm wondering if you have any reproducer handy there. So far I haven't been able to trigger the error, but I will keep investigating.

Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.