Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1359327 - lslogins broken on non x86 and/or big endian
Summary: lslogins broken on non x86 and/or big endian
Keywords:
Status: CLOSED DUPLICATE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: util-linux-ng
Version: 6.6
Hardware: ppc64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Karel Zak
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-22 20:34 UTC by Paulo Andrade
Modified: 2016-08-01 12:02 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-01 12:02:18 UTC


Attachments (Terms of Use)
util-linux-ng-2.17-sfdc01671304.patch (deleted)
2016-07-26 18:53 UTC, Paulo Andrade
no flags Details | Diff

Description Paulo Andrade 2016-07-22 20:34:37 UTC
strtok happens to not crash in x86 in the first call and
if the first argument is NULL. This is undefined behavior,
and will crash like this on ppc64:

# gdb -q /usr/bin/lslogins 
Reading symbols from /usr/bin/lslogins...Reading symbols from /usr/lib/debug/usr/bin/lslogins.debug...done.
done.
(gdb) r
Starting program: /usr/bin/lslogins 

Program received signal SIGSEGV, Segmentation fault.
strspn (s=0x0, accept=0x1000b050 ",") at strspn.c:34
34	  for (p = s; *p != '\0'; ++p)
(gdb) bt
#0  strspn (s=0x0, accept=0x1000b050 ",") at strspn.c:34
#1  0x00000fffb7dfc294 in strtok (s=0x0, delim=0x1000b050 ",") at strtok.c:47
#2  0x00000000100045f8 in get_ulist (argc=<value optimized out>, argv=<value optimized out>) at lslogins.c:725
#3  main (argc=<value optimized out>, argv=<value optimized out>) at lslogins.c:1299

  On a first glance I also see a bad type punning in
get_sgroups, causing a failure:

# gdb -q /usr/bin/lslogins 
Reading symbols from /usr/bin/lslogins...Reading symbols from /usr/lib/debug/usr/bin/lslogins.debug...done.
done.
(gdb) b exit
Breakpoint 1 at 0x10009fd4
(gdb) r root
Starting program: /usr/bin/lslogins root
lslogins: cannot allocate 17179869184 bytes: Cannot allocate memory

Breakpoint 1, exit (status=1) at exit.c:99
99	{
(gdb) bt
#0  exit (status=1) at exit.c:99
#1  0x00000fffb7e69220 in verr (status=<value optimized out>, format=<value optimized out>) at err.c:166
#2  err (status=<value optimized out>, format=<value optimized out>) at err.c:181
#3  0x0000000010003fa8 in xcalloc (ctl=0x10020030, username=<value optimized out>) at ../include/xalloc.h:70
#4  get_sgroups (ctl=0x10020030, username=<value optimized out>) at lslogins.c:476
#5  get_user_info (ctl=0x10020030, username=<value optimized out>) at lslogins.c:572
#6  0x0000000010004784 in get_user (argc=<value optimized out>, argv=<value optimized out>) at lslogins.c:796
#7  create_usertree (argc=<value optimized out>, argv=<value optimized out>) at lslogins.c:817
#8  main (argc=<value optimized out>, argv=<value optimized out>) at lslogins.c:1301

  This is caused because:

static int get_sgroups(gid_t **list, size_t *len, struct passwd *pwd)
{
	size_t n = 0;

	*len = 0;
	*list = NULL;

	/* first let's get a supp. group count */
	getgrouplist(pwd->pw_name, pwd->pw_gid, *list, (int *) len);
	if (!*len)
		return -1;

	*list = xcalloc(1, *len * sizeof(gid_t));

len is a size_t pointer (64 bit) and it is cast to a int pointer,
what will fail on 64 bit:

(gdb) frame 4
#4  get_sgroups (ctl=0x10020030, username=<value optimized out>) at lslogins.c:476
476		*list = xcalloc(1, *len * sizeof(gid_t));
(gdb) p *len
$1 = 4294967296
(gdb) p/x *len
$2 = 0x100000000

Comment 2 Paulo Andrade 2016-07-26 18:53:50 UTC
Created attachment 1184378 [details]
util-linux-ng-2.17-sfdc01671304.patch

  I am asking the user to test a (ppc64) package built with
this patch.

  After doing some initial test, I noticed that --help tells
about the -z option, that is not implemented.
  Another difference from, for example rhel7 is that an
invalid argument causes a crash:

rhel6-ppc64$ lslogins foo
Segmentation fault (core dumped)

rhel7-x86_64$ lslogins foo
lslogins: libsmartcols/src/line.c:356: scols_line_get_cell: Assertion `ln' failed.
Aborted

Comment 3 Karel Zak 2016-08-01 12:02:18 UTC
Sounds like bug #1215840, already fixed in RHEL6.8. 

Please, try util-linux-ng >= 2.17.2-12.19. Closing.

*** This bug has been marked as a duplicate of bug 1215840 ***


Note You need to log in before you can comment on or make changes to this bug.