1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • libkrb5 failed to alloc memory

    From Ming Zhi@21:1/5 to All on Sun Oct 25 13:31:59 2020
    Hi all,
    I have encountered a very rare situation, that the libkrb5 raised an
    exception with the message "malloc: invalid size (unsorted)", and the host process quit afterwards. At the same time, sssd_kcm kept at very high CPU
    usage till kinit succeeded. Does someone have some hint about this issue?
    The version of libkrb5 is krb5-libs-1.18.2-22.fc32.x86_64.
    The following is a stack backtrace:
    #0 0x00007ffff71d79e5 in raise () from /usr/lib64/libc.so.6
    #1 0x00007ffff71c0895 in abort () from /usr/lib64/libc.so.6
    #2 0x00007ffff721b857 in __libc_message () from /usr/lib64/libc.so.6
    #3 0x00007ffff7222d7c in malloc_printerr () from /usr/lib64/libc.so.6
    #4 0x00007ffff7225e6c in _int_malloc () from /usr/lib64/libc.so.6
    #5 0x00007ffff7228235 in calloc () from /usr/lib64/libc.so.6
    #6 0x00007ffff566346c in decode_atype_to_ptr () from
    /usr/lib64/libkrb5.so.3
    #7 0x00007ffff5663b67 in k5_asn1_full_decode () from
    /usr/lib64/libkrb5.so.3
    #8 0x00007ffff5666a72 in decode_krb5_tgs_rep () from
    /usr/lib64/libkrb5.so.3
    #9 0x00007ffff5682a78 in krb5int_decode_tgs_rep () from /usr/lib64/libkrb5.so.3
    #10 0x00007ffff5685933 in krb5int_process_tgs_reply () from /usr/lib64/libkrb5.so.3
    #11 0x00007ffff5687c83 in krb5_tkt_creds_step () from
    /usr/lib64/libkrb5.so.3
    #12 0x00007ffff568883f in krb5_tkt_creds_get () from /usr/lib64/libkrb5.so.3 #13 0x00007ffff568892c in try_get_creds () from /usr/lib64/libkrb5.so.3
    #14 0x00007ffff56889cf in krb5_get_credentials () from
    /usr/lib64/libkrb5.so.3
    #15 0x00007ffff57517d8 in get_credentials () from /usr/lib64/libgssapi_krb5.so.2
    #16 0x00007ffff57523fe in krb5_gss_init_sec_context_ext () from /usr/lib64/libgssapi_krb5.so.2
    #17 0x00007ffff5752e04 in krb5_gss_init_sec_context () from /usr/lib64/libgssapi_krb5.so.2
    #18 0x00007ffff573b679 in gss_init_sec_context () from /usr/lib64/libgssapi_krb5.so.2
    #19 0x00007ffff59371d7 in CK5AuthProxy::Krb5Login (this=0x7fffe8065b40, strUserName="raspbery@rpcfrmwrk.org", strSvcName="rasp1@rpcfrmwrk.org") at k5proxy.cpp:1142
    #20 0x00007ffff59386a3 in CK5AuthProxy::StartLogin (this=0x7fffe8065b40, pCallback=0x7fffe8006860) at k5proxy.cpp:1659

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Hudson@21:1/5 to Ming Zhi on Sun Oct 25 15:39:34 2020
    To: kerberos@mit.edu

    On 10/25/20 1:31 AM, Ming Zhi wrote:
    I have encountered a very rare situation, that the libkrb5 raised an exception with the message "malloc: invalid size (unsorted)", and the host process quit afterwards.

    This message is an indication that the heap was corrupted prior to the
    malloc() call. You might be able to use valgrind to determine where the
    heap corruption occurred.

    At the same time, sssd_kcm kept at very high CPU
    usage till kinit succeeded.

    I don't have any insight into this part.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ming Zhi@21:1/5 to Greg Hudson on Tue Oct 27 13:57:29 2020
    To: kerberos@mit.edu

    Greg,
    Yes, the heap should have been corrupted.
    Instead of using valgrind, I chose to review my code again. And found that 'gss_buffer_desc' passed to 'gss_import_name' had the `length' set to
    'strlen() + 1' with the terminal '\0' included. Probably it is the cause of
    the heap corruption.

    many thanks :-)



    On Mon, Oct 26, 2020 at 3:39 AM Greg Hudson <ghudson@mit.edu> wrote:

    On 10/25/20 1:31 AM, Ming Zhi wrote:
    I have encountered a very rare situation, that the libkrb5 raised an exception with the message "malloc: invalid size (unsorted)", and the
    host
    process quit afterwards.

    This message is an indication that the heap was corrupted prior to the malloc() call. You might be able to use valgrind to determine where the
    heap corruption occurred.

    At the same time, sssd_kcm kept at very high CPU
    usage till kinit succeeded.

    I don't have any insight into this part.


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Robbie Harwood@21:1/5 to Greg Hudson on Tue Oct 27 10:48:40 2020
    To: woodhead99@gmail.com (Ming Zhi)
    To: kerberos@mit.edu

    Greg Hudson <ghudson@mit.edu> writes:

    On 10/25/20 1:31 AM, Ming Zhi wrote:

    At the same time, sssd_kcm kept at very high CPU usage till kinit
    succeeded.

    I don't have any insight into this part.

    It's probably unrelated. sssd folks have been working on a similar
    looking behavior; the issue is https://github.com/SSSD/sssd/issues/5349

    Thanks,
    --Robbie

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAl+YM0gACgkQJTL5F2qV pELgLQ/+PxzGRS+TjBbUQIxTUVCg56HBjSgyWzFrbBLrxwgU9FuBivYOteWXTOjn ppjNfZNM6QVVMgIA3mb8ur90o9R9cLJv6XmyYW4UAHevs8iCIm2ffYv3OYyj3JjZ AkQ9yYpLIYQKImFUdvNzME2aeowkrge1C1pTIi+z9Bb7T8IOFzu8ffC2mZjVReQv +DMGRWaPib06e4XNxROIcW43AlOaKolAa2FVkiMzZOGf07c0m54Sxg2flYQQY9AF Dsn33jVnSuXJPhjfzBhZs/b3H20nQLg+pj/4ILqbbcWblxdDXnGArB7cgQowNt05 28haj+QYCiFOi77AgbwFEX3dFau6sAS8ZsrjZazIvnlU7Di6KCD1+xHQtEnvdj0n D3heTkmpaEzExCIYDz/7+FEU5yxO1ck+G1wqlsX9wvZY58J82dICkeFXuuRLTA3V AiT4vjWgTsW3IVbY+sivAXu7Chq35w+ddKYm3GhU21F6XWWkhwl9BP+nzN1Db3KR A6s1X1SlU/yX7s1/fGK34GMoQC21Ese67P+Y0rs5qvath3sUzBezWWI4jF/dghhp 1UD8ITLtyyeiEOQv9z1Z3zzYMgW843I8/8aHzR5Q0pKWEN84hjzYFOQ/lwWZypG9 BkQLygHdiqlBTaF7rYCzvjwlazLef4F1SWyOLEeQw4R93CEcefM=
    =Pj/U
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)