Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 600282 - sys-auth/nss-mdns: segv when resolving .local addresses
Summary: sys-auth/nss-mdns: segv when resolving .local addresses
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Amy Liffey
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-20 12:36 UTC by Michał Górny
Modified: 2018-01-23 08:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-20 12:36:08 UTC
sys-libs/glibc-2.23-r3::gentoo was built with the following:
USE="caps gd (multilib) rpc -audit -debug (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" ABI_X86="64"
CFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"
CXXFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"


(gdb) run
Starting program: /bin/ping6 pomiot.local

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff70841b0 in gaih_inet (name=name@entry=0x7fffffffe88a "pomiot.local", service=<optimized out>, req=req@entry=0x7fffffffe4c0,
    pai=pai@entry=0x7fffffffe368, naddrs=naddrs@entry=0x7fffffffe364) at ../sysdeps/posix/getaddrinfo.c:1052
1052                                status = NSS_STATUS_TRYAGAIN;
(gdb) bt
#0  0x00007ffff70841b0 in gaih_inet (name=name@entry=0x7fffffffe88a "pomiot.local", service=<optimized out>, req=req@entry=0x7fffffffe4c0,
    pai=pai@entry=0x7fffffffe368, naddrs=naddrs@entry=0x7fffffffe364) at ../sysdeps/posix/getaddrinfo.c:1052
#1  0x00007ffff70848fe in __GI_getaddrinfo (name=<optimized out>, name@entry=0x7fffffffe88a "pomiot.local", service=service@entry=0x0,
    hints=hints@entry=0x7fffffffe4c0, pai=pai@entry=0x7fffffffe4b0) at ../sysdeps/posix/getaddrinfo.c:2425
#2  0x00000000004032fe in main (argc=<optimized out>, argv=0x7fffffffe660) at ping6.c:932
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-20 12:37:04 UTC
Portage 2.3.2 (python 3.5.2-final-0, default/linux/amd64/13.0/desktop, gcc-5.4.0, glibc-2.23-r3, 4.8.0-pf6-pomiocik+ x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.8.0-pf6-pomiocik+-x86_64-Intel-R-_Core-TM-_i3-3217U_CPU_@_1.80GHz-with-gentoo-2.3
Timestamp of repository gentoo: Sun, 20 Nov 2016 07:02:46 +0000
sh bash 4.4_p5
ld GNU ld (Gentoo 2.27 p1.0) 2.27
distcc 3.2rc1 x86_64-pc-linux-gnu [enabled]
app-shells/bash:          4.4_p5::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.24.0-r2::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo, 3.5.2::gentoo
dev-util/cmake:           3.7.0::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.22.4::gentoo
sys-apps/sandbox:         2.10-r2::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.12.6-r1::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.27::gentoo
sys-devel/gcc:            4.9.3::gentoo, 4.9.4::gentoo, 5.4.0::gentoo, 6.2.0-r1::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r2::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.8::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r3::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-umask: 027
    sync-uri: https://github.com/swegener/gentoo-portage
    priority: -1000

gentoo-cvs
    location: /usr/src/gentoo-x86
    sync-umask: 027
    masters: gentoo
    priority: 9999

mgorny
    location: /home/mgorny/mgorny-repo
    sync-umask: 027
    masters: gentoo
    priority: 10000

Installed sets: @mg_cb_agent, @mg_gamebot, @mg_qanalytics
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CC="x86_64-pc-linux-gnu-gcc-5.4.0"
CFLAGS="-O2 -pipe -march=core-avx-i --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=3072"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXX="x86_64-pc-linux-gnu-g++-5.4.0"
CXXFLAGS="-O2 -pipe -march=core-avx-i --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=3072"
DISTDIR="/var/cache/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --keep-going --ask"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs binpkg-multi-instance buildpkg ccache cgroup collision-protect config-protect-if-modified distcc distlocks ebuild-locks fixlafiles ipc-sandbox lmirror merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms sign strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://pomiot.local/ http://mirror.netcologne.de/gentoo/ http://gentoo.mirror.web4u.cz/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://gentoo.mirror.pw.edu.pl/ http://ftp.vectranet.pl/gentoo/ http://ftp.fi.muni.cz/pub/linux/gentoo/"
LANG="pl_PL.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed"
MAKEOPTS="-j12"
PKGDIR="/var/cache/portage/packages"
PORTAGE_COMPRESS="lzip"
PORTAGE_COMPRESS_FLAGS="-9"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi adns alsa amd64 amr avx bash-completion berkdb bluetooth branding bzip2 cairo caps cdda cdr cli cracklib crypt cups cxx dbus djvu dri dts dvd dvdr emboss encode exif fam fftw firefox flac fortran gd gdbm gif glamor gmp gnome-keyring gnutls gphoto2 gtk hdri iconv icu id3tag idn imagemagick ipv6 jbig jit jpeg jpeg2k lapack lcms libedit liblockfile libnotify libsecret lzma lzo mad mmx mmxext mng modules mp3 mp4 mpeg mpfr mtp multilib ncurses nls nptl ogg openexr opengl openmp opus pam pango pcre pdf png policykit ppds pulseaudio qt3support qt4 readline schroedinger sctp sdl seccomp session smp sndfile speex spell sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg systemd tcpd theora threads tiff truetype udev udisks unicode upnp upower usb v4l vaapi vdpau vim-syntax vorbis vpx webp wmf wxwidgets x264 xattr xcb xcomposite xml xpm xv xvid zeroconf zlib" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="pl" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="pl" LLVM_TARGETS="*" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4 python3_5 pypy pypy3" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="nouveau intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

sys-libs/glibc-2.23-r3::gentoo was built with the following:
USE="caps gd (multilib) rpc -audit -debug (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" ABI_X86="64"
CFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"
CXXFLAGS="-ggdb -pipe -O2 -fno-strict-aliasing -fno-stack-protector"
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-20 12:37:33 UTC
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf:
# $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $

passwd:      compat
shadow:      compat
group:       compat

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files mdns_minimal [NOTFOUND=return] dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files
Comment 3 SpanKY gentoo-dev 2016-11-22 20:50:07 UTC
is this new to 2.23-r3 ?  did 2.23-r2 crash ?

does 2.24 work any better ?

what if you drop nss-mdns from your look up ?
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-22 21:04:39 UTC
(In reply to SpanKY from comment #3)
> is this new to 2.23-r3 ?  did 2.23-r2 crash ?

I don't know. I investigated it with -r3 but it might have happened with -r2 already. The glibc ebuild doesn't allow downgrades, so can't test.

> does 2.24 work any better ?

I can try it later today. Should I expect it to make my system unbootable or can I try it on the live system?

> what if you drop nss-mdns from your look up ?

Then I get NXDOMAIN, obviously. A few random Internet domains resolve fine, if that's what you're asking. But then, it might be mdns, it might be nss, it might be a generic problem with local Ethernet addresses (fe80::).
Comment 5 SpanKY gentoo-dev 2016-11-23 07:14:57 UTC
(In reply to Michał Górny from comment #4)

glibc versions don't get added to the tree if they're known to eat systems

nss-mdns is known to have issues.  you could also try the latest git:
  https://github.com/lathiat/nss-mdns
Comment 6 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-23 09:02:23 UTC
(In reply to SpanKY from comment #5)
> (In reply to Michał Górny from comment #4)
> 
> glibc versions don't get added to the tree if they're known to eat systems

Ok, I'll try it today.

> nss-mdns is known to have issues.  you could also try the latest git:
>   https://github.com/lathiat/nss-mdns

Oh, I see it's been forked. Also, I see that the whole local IPv6 addresses support is a custom, undocumented patch that's not upstream (in the fork) and does not apply anymore...
Comment 7 Amy Liffey gentoo-dev 2016-11-23 09:07:10 UTC
We decided with upstream that they will apply another ipv6 patch which was already as pull request in the upstream.

https://github.com/lathiat/nss-mdns/issues/4
Comment 8 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-23 09:10:05 UTC
(In reply to Amy Winston from comment #7)
> We decided with upstream that they will apply another ipv6 patch which was
> already as pull request in the upstream.
> 
> https://github.com/lathiat/nss-mdns/issues/4

Ok, I'll try that patch instead, thanks.
Comment 9 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-23 11:19:45 UTC
So, update: 2.24 segvs the same, and (as replied upstream) the alternative IPv6 patch does not fill in scopes correctly.
Comment 10 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-23 16:02:58 UTC
Ok, I have a suspicion where the segv might be coming from. The ipv6 patch used by Gentoo appends scope to the IPv6 address struct that is afterwards passed to glibc in the 'old' APIs. I guess glibc obviously doesn't expect that.

I don't know why it exactly used to work. It's possible that glibc used to use gethostbyname4_r() internally more often in the past, and for some reason prefers gethostbyname2_r() now. For the little random testing I've done locally, it seems that _nss_mdns_gethostbyname4_r() is called by my little test example but e.g. ping6 calls _nss_mdns_gethostbyname2_r() instead for some reason (even though AFAICS it also calls getaddrinfo()).

It's also possible that it just called *2_r() as well but it gained some checks. I suppose it could've worked if it just passed through the (wrong) address length from _nss_mdns_gethostbyname2_r() and people used it to construct sockaddr_in6. The resulting overflow would have caused the additional 32 bits corresponding to scope id land in sin6_scope_id.

Anyway, I think switching to the new upstream IPv6 patch sounds like the way to go for nss-mdns. However, we still need to determine why glibc doesn't want to call gethostbyname4_r() when used by most tools...
Comment 11 SpanKY gentoo-dev 2016-11-23 19:51:23 UTC
i think it's safe to say that it's not a bug in glibc.  it'd be nice if we could isolate glibc code from buggy nss modules, but i don't think that's feasible considering the nss API where everything is in-process and dlopened modules.
Comment 12 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-11-23 22:55:37 UTC
@Amynka, would you mind me adding a live ebuild for it (the fork)?
Comment 13 Adam Goode 2018-01-22 05:24:09 UTC
This should be resolved with the inclusion upstream of
https://github.com/lathiat/nss-mdns/pull/23

This is included in the new release:
https://github.com/lathiat/nss-mdns/releases/tag/v0.11
Comment 14 Adam Goode 2018-01-22 05:26:20 UTC
Sorry, I am not sure if that pull request in the previous comment was the correct one, but the bug may have been fixed regardless.
Comment 15 Larry the Git Cow gentoo-dev 2018-01-23 08:28:19 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5adf255b5716f5b9c2b28dcb9898d3bafa732ea9

commit 5adf255b5716f5b9c2b28dcb9898d3bafa732ea9
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2018-01-23 08:27:28 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-01-23 08:28:08 +0000

    sys-auth/nss-mdns: Bump to 0.11
    
    Bump to the first release from the new upstream. Big thanks to Adam
    Goode for merging our patches and working on the code!
    
    Closes: https://bugs.gentoo.org/590968
    Closes: https://bugs.gentoo.org/600282
    Closes: https://bugs.gentoo.org/627770

 sys-auth/nss-mdns/Manifest             |  1 +
 sys-auth/nss-mdns/nss-mdns-0.11.ebuild | 54 ++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)