[Pkg-shadow-devel] Bug#1019917: /usr/bin/getsubids: Segfaults when nsswitch.conf refers to a libsubid_*.so library that does not exist

Sam Morris sam at robots.org.uk
Fri Sep 16 09:52:56 BST 2022 

Package: uidmap
Version: 1:4.11.1+dfsg1-2
Severity: normal
File: /usr/bin/getsubids

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

With:

    $ grep ^subid: /etc/nsswitch.conf
    subid: sss

I get:

    $ getsubids sam
    Segmentation fault (core dumped)

GDB reveals that this is happening while handling the failure to open
libsubid_sss.so:

    (gdb) where
    #0  __vfprintf_internal (s=0x0, format=0x7ffff7f94872 "Error opening %s: %s\n", ap=ap at entry=0x7fffffffdbd0, mode_flags=mode_flags at entry=2) at ./stdio-common/vfprintf-internal.c:1359
    #1  0x00007ffff7d1751f in ___fprintf_chk (fp=<optimized out>, flag=flag at entry=1, format=format at entry=0x7ffff7f94872 "Error opening %s: %s\n") at ./debug/fprintf_chk.c:33
    #2  0x00007ffff7f8318e in fprintf (__fmt=0x7ffff7f94872 "Error opening %s: %s\n", __stream=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:105
    #3  nss_init (nsswitch_path=0x7ffff7f94820 "/etc/nsswitch.conf", nsswitch_path at entry=0x0) at ./lib/nss.c:94
    #4  0x00007ffff7f831bb in get_subid_nss_handle () at ./lib/nss.c:148
    #5  0x00007ffff7f852db in list_owner_ranges (owner=owner at entry=0x7fffffffe2a6 "sam", id_type=id_type at entry=ID_TYPE_UID, in_ranges=in_ranges at entry=0x7fffffffddd0) at ./lib/subordinateio.c:776
    #6  0x00007ffff7f7efad in get_subid_ranges (ranges=0x7fffffffddd0, id_type=ID_TYPE_UID, owner=owner at entry=0x7fffffffe2a6 "sam") at ./libsubid/api.c:48
    #7  0x000055555555514f in main (argc=2, argv=0x7fffffffdf18) at ./src/getsubids.c:38

    (gdb) l
    89					goto done;
    90				}
    91				snprintf(libname, 64,  "libsubid_%s.so", token);
    92				h = dlopen(libname, RTLD_LAZY);
    93				if (!h) {
    94					fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
    95					fprintf(shadow_logfd, "Using files\n");
    96					subid_nss = NULL;
    97					goto done;
    98				}

    (gdb) p libname
    $1 = "libsubid_sss.so", '\000' <repeats 49 times>

    (gdb) p shadow_logfd
    $2 = (FILE *) 0x7ffff7df3680 <_IO_2_1_stderr_>

    (gdb) p dlerror()
    $3 = 0x0

Looks like dlerror is returning NULL which causes the crash.

- -- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 5.19.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages uidmap depends on:
ii  libaudit1    1:3.0.7-1+b1
ii  libc6        2.34-7
ii  libselinux1  3.4-1+b1
ii  libsubid4    1:4.11.1+dfsg1-2

uidmap recommends no packages.

uidmap suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iIgEARYIADAWIQTWOGqGn6HETecdzqZOEaKLhlAYigUCYyQ5YxIcc2FtQHJvYm90
cy5vcmcudWsACgkQThGii4ZQGIo6aAD/ZVNMtggK8Tvo0OcKDjaIgT9Gv5cBYflG
ymusOSHQ2X4A/1+aBe0EfugsEePoyn2golGRMn44gDj4z9Sk5rrJKKoF
=12CG
-----END PGP SIGNATURE-----

More information about the Pkg-shadow-devel mailing list