Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 464406 - net-proxy/squid with sys-libs/glibc-2.17 - basic_ncsa_auth segfaults after client credentials are sent
Summary: net-proxy/squid with sys-libs/glibc-2.17 - basic_ncsa_auth segfaults after cl...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: Normal normal (vote)
Assignee: Eray Aslan
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2013-04-03 20:42 UTC by Vetoll
Modified: 2013-04-16 15:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vetoll 2013-04-03 20:42:06 UTC
sys-libs/glibc-2.17:2.2 emerged with only the gd USE flag.

System:
Linux Vendetta 3.8.5-gentoo #1 SMP Mon Apr 1 15:39:02 SAST 2013 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux

Fault from: /var/log/messages

Apr  3 22:29:30 localhost kernel: [  435.229340] basic_ncsa_auth[2757]: segfault at 0 ip b75bc86a sp bf906ccc error 4 in libc-2.17.so[b753f000+1a2000]

Apr  3 22:29:31 localhost kernel: [  435.836294] basic_ncsa_auth[2759]: segfault at 0 ip b758886a sp bfaf88bc error 4 in libc-2.17.so[b750b000+1a2000]

Squid is configured for basic authentication using ncsa:
squid.conf: auth_param basic program /usr/libexec/squid/basic_ncsa_auth

When clients are prompted for username and password in the browser, after successfully entering the information, a segfault is logged and the client is prompted for their username/password again. Users are unable to authenticate using ncsa.

This segfault only occurred after glibc-2.17 was emerged.

Regards

Paul
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-04-04 16:26:26 UTC
Please post your `emerge --info net-proxy/squid' output in a comment.
Comment 2 Vetoll 2013-04-04 17:10:05 UTC
Vendetta ~ # emerge --info net-proxy/squid
Portage 2.1.11.59 (default/linux/x86/13.0, gcc-4.7.2, glibc-2.17, 3.8.5-gentoo i686)
=================================================================
                        System Settings
=================================================================
System uname: Linux-3.8.5-gentoo-i686-Intel-R-_Pentium-R-_4_CPU_2.80GHz-with-gentoo-2.2
KiB Mem:      501028 total,     56280 free
KiB Swap:    1004056 total,    956980 free
Timestamp of tree: Mon, 01 Apr 2013 17:30:01 +0000
ld GNU ld (GNU Binutils) 2.23.2
app-shells/bash:          4.2_p45
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.6.8-r1, 2.7.3-r3, 3.2.3-r2
dev-util/cmake:           2.8.10.2-r1
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.12.6, 1.13.1
sys-devel/binutils:       2.23.2
sys-devel/gcc:            4.6.3, 4.7.2-r1
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.8 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -march=i686 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS="-O2 -march=i686 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl alsa apng berkdb bluetooth bzip2 cairo cdda cli consolekit cracklib crypt ctype cxx dbus device-mapper dri dvd extras fastbuild fontconfig ftp gd gdbm gdu gif glibc-omitfp gnome gpm gstreamer gtk gtk3 gudev hal iconv ipv6 java jpeg lzo mmx modules mp3 mpeg mudflap mysql nautilus ncurses nls nptl openmp pam pcap pcre php png policykit python quicktime readline samba session sqlite sse sse2 ssl stackless svg tcpd threads truetype udev unicode unicodei x86 xml xmms xulrunner zip zlib" ABI_X86="32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

net-proxy/squid-3.3.3 was built with the following:
USE="caps ecap ipv6 ldap mysql pam samba ssl tproxy -icap-client (-ipf-transparent) -kerberos (-kqueue) -logrotate -nis (-pf-transparent) -postgres -qos -radius -sasl (-selinux) -snmp -sqlite -ssl-crtd -test"
Comment 3 Vetoll 2013-04-07 10:35:49 UTC
anyone managed to reproduce this ?

Regards
Comment 4 Attila Tóth 2013-04-08 03:04:08 UTC
(In reply to comment #3)
> anyone managed to reproduce this ?
> 
> Regards

After upgrading glibc from 2.16 to 2.17, squid-3.2.9's basic_ncsa_auth stopped working. It kept segfaulting:
Apr  6 23:00:12 kernel: basic_ncsa_auth[2819]: segfault at 0 ip
000003052a8c112a sp 000003e4a06628c8 error 4 in
libc-2.17.so[3052a79f000+1a2000]
Apr  6 23:00:12 kernel: grsec: Segmentation fault occurred at       
    (nil) in /usr/libexec/squid/basic_ncsa_auth[basic_ncsa_auth:2819]
uid/euid:31/0 gid/egid:31/31, parent /usr/sbin/squid[squid:2818]
uid/euid:31/31 gid/egid:31/31

I've found another report of the same problem here:
https://bbs.archlinux.org/viewtopic.php?id=158283

And also discovered a related commit:
http://pkgs.fedoraproject.org/cgit/squid.git/commit/?id=71ebdc6bb16abe75ff38b7573836d35a20bae880

The patch attached to the Fedora commit fixes the problem.

Please introduce the patch in the portage tree, until it gets fixed upstreams. Other version of squid might be also affected.

Regards:
Dw.
Comment 5 Eray Aslan gentoo-dev 2013-04-16 05:02:36 UTC
+*squid-3.3.3-r1 (16 Apr 2013)
+*squid-3.2.9-r1 (16 Apr 2013)
+
+  16 Apr 2013; Eray Aslan <eras@gentoo.org> +files/squid-3.3.3-ncsa_auth.patch,
+  +squid-3.2.9-r1.ebuild, +squid-3.3.3-r1.ebuild:
+  Fix ncsa_auth with glibc-2.17 - bug #464406
+

Thanks for the report.
Comment 6 Vetoll 2013-04-16 15:54:43 UTC
(In reply to comment #5)
> +*squid-3.3.3-r1 (16 Apr 2013)
> +*squid-3.2.9-r1 (16 Apr 2013)
> +
> +  16 Apr 2013; Eray Aslan <eras@gentoo.org>
> +files/squid-3.3.3-ncsa_auth.patch,
> +  +squid-3.2.9-r1.ebuild, +squid-3.3.3-r1.ebuild:
> +  Fix ncsa_auth with glibc-2.17 - bug #464406
> +
> 
> Thanks for the report.

Thanks for the patch!!