Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668822 - dev-db/mysql-connector-c-6.1.11-r1 - mysqlclient segfault when .mylogin.cnf exists
Summary: dev-db/mysql-connector-c-6.1.11-r1 - mysqlclient segfault when .mylogin.cnf e...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Gentoo Linux MySQL bugs team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-16 19:51 UTC by Blakawk
Modified: 2019-12-07 16:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Proposed patch to fix CIPHER CTX initialization (6.1.11-openssl-fix-cipher-ctx-init.patch,725 bytes, patch)
2019-12-07 16:36 UTC, Blakawk 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Blakawk 2018-10-16 19:51:49 UTC 
After updating mysql-c-connector to dev-db/mysql-connector-c-6.1.11-r1, and openssl today to dev-libs/openssl-1.0.2p, and running revdep-rebuild, all programs using libmysqlclient.so.18.4.0 started to segfault in libcrypto.so.1.0.0, as soon as .mylogin.cnf exists (even if there is only an empty section [client] in it), for instance here, has soon as I use libnss-mysql to retrieve passwd entities:

# getent passwd
[/etc/passwd content...]
Segmentation fault

# dmesg
getent[7135]: segfault at 0 ip 00007f46db3692e5 sp 00007ffc273333b8 error 6 in libcrypto.so.1.0.0[7f46db265000+1e2000]

Bringing up strace showed that the segfault happens upon reading ~/.mylogin.cnf:

# strace -fttT getent passwd
[... useless output ...]
261 31385 21:43:02.863861 openat(AT_FDCWD, "/etc/mysql/my.cnf", O_RDONLY) = 4 <0.000011>
262 31385 21:43:02.863906 fstat(4, {st_mode=S_IFREG|0600, st_size=1565, ...}) = 0 <0.000008>
263 31385 21:43:02.863962 read(4, "# /etc/mysql/my.cnf: The global "..., 4096) = 1565 <0.000010>
264 31385 21:43:02.864043 read(4, "", 4096) = 0 <0.000009>
265 31385 21:43:02.864080 close(4)          = 0 <0.000008>
266 31385 21:43:02.864120 stat("/usr/etc/my.cnf", 0x7ffe8ba52eb8) = -1 ENOENT (No such file or directory) <0.000020>
267 31385 21:43:02.864179 stat("/root/.my.cnf", 0x7ffe8ba52eb8) = -1 ENOENT (No such file or directory) <0.000010>
268 31385 21:43:02.864229 stat("/root/.mylogin.cnf", {st_mode=S_IFREG|0600, st_size=44, ...}) = 0 <0.000010>
269 31385 21:43:02.864289 openat(AT_FDCWD, "/root/.mylogin.cnf", O_RDONLY) = 4 <0.000010>
270 31385 21:43:02.864334 lseek(4, 0, SEEK_CUR) = 0 <0.000008>
271 31385 21:43:02.864371 fstat(4, {st_mode=S_IFREG|0600, st_size=44, ...}) = 0 <0.000009>
272 31385 21:43:02.864424 lseek(4, 0, SEEK_SET) = 0 <0.000008>
273 31385 21:43:02.864457 read(4, "\0\0\0\0", 4) = 4 <0.000009>
274 31385 21:43:02.864497 read(4, "\33\r\f\24\33\f\1\24\22\37\36\35\34\26\21\32\r\32\36\20\20\0\0\0\255d\202J>w\32z"..., 4096) = 40 <0.000008>
275 31385 21:43:02.864552 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---

~/.mylogin.cnf file was created by simply running:
# mysql_config_editor set

Removing it "solves" the issue, but I cannot use MySQL config path anymore.

# emerge --info dev-db/mysql-connector-c dev-db/mysql sys-auth/libnss-mysql
Portage 2.3.49 (python 3.6.5-final-0, default/linux/amd64/17.0/no-multilib, gcc-7.3.0, glibc-2.26-r7, 4.9.118-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.9.118-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_W3520_@_2.67GHz-with-gentoo-2.4.1
KiB Mem:    16470320 total,    178572 free
KiB Swap:   16777208 total,  13308688 free
Timestamp of repository gentoo: Tue, 16 Oct 2018 18:15:01 +0000
Head commit of repository gentoo: 71542483cbf1cec762e7901ebd4d5f6b67429b3d
sh bash 4.4_p12
ld GNU ld (Gentoo 2.29.1 p3) 2.29.1
app-shells/bash:          4.4_p12::gentoo
dev-lang/perl:            5.24.3-r1::gentoo
dev-lang/python:          2.7.15::gentoo, 3.6.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.38.2::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.15.1-r2::gentoo
sys-devel/binutils:       2.29.1-r1::gentoo, 2.30-r4::gentoo
sys-devel/gcc:            6.4.0-r1::gentoo, 7.3.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.26-r7::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://mirrors.soeasyto.com/gentoo-portage
    priority: -1000
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-jobs: 1
    sync-rsync-extra-opts: 
    sync-rsync-verify-metamanifest: yes

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA dlj-1.1 Oracle-BCLA-JavaSE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-Os -pipe -march=native -mtune=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-Os -pipe -march=native -mtune=native"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://mirrors.soeasyto.com/distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,--as-needed"
MAKEOPTS="-j9"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 bash-completion berkdb bzip2 caps cli crypt custom-cflags cxx dri fortran gdbm gnutls iconv icu idn ipv6 libtirpc lzo ncurses network-cron nls nptl openmp pam pcre readline seccomp ssl udev unicode vim-syntax xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_alias authn_anon authn_default authn_file authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias imagemap proxy proxy_connect proxy_ftp proxy_http proxy_fcgi http2 authn_core authz_core unixd socache_shmcb cache_socache" APACHE2_MPMS="event" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2 ssse3 mmxext smp" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_req limit_zone map proxy referer rewrite split_clients ssi upstream_ip_hash userid flv gzip_static headers_more upload upload_progress" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python3_6" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

dev-db/mysql-connector-c-6.1.11-r1::gentoo was built with the following:
USE="ssl -libressl -static-libs"

dev-db/mysql-5.6.40-r2::gentoo was built with the following:
USE="perl server (-client-libs) -cracklib -debug -jemalloc -latin1 -libressl -numa -profiling (-selinux) -static -static-libs -systemtap -tcmalloc -test -yassl"
CFLAGS="-Os -pipe -march=native -mtune=native -fno-strict-aliasing"
CXXFLAGS="-Os -pipe -march=native -mtune=native -felide-constructors -fno-strict-aliasing"

sys-auth/libnss-mysql-1.5_p20060915-r4::gentoo was built with the following:
USE="-debug"
Comment 1 Blakawk 2018-10-17 06:26:26 UTC 
Emerge --emptytree world and rebooting did not solve the issue. Still crashing on getent passwd when a ~/.mylogin.cnf exists, even if it was created by only issuing "mysql_config_editor set".
Comment 2 Blakawk 2019-12-07 16:30:03 UTC 
With following test program, I managed to pinpoint the root cause of this issue using gdb:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff787e3b1 in EVP_CipherInit_ex () from /usr/lib64/libcrypto.so.1.1
(gdb) bt
#0  0x00007ffff787e3b1 in EVP_CipherInit_ex () from /usr/lib64/libcrypto.so.1.1
#1  0x00007ffff7c785da in my_aes_decrypt (source=source@entry=0x7fffffffa540 "X\275YŁ™\024\356\064J\307\361\245\301\311\325i", source_length=source_length@entry=16, dest=dest@entry=0x7fffffff8540 "!includedir /etc/mysql/mysql.d",
    key=key@entry=0x7ffff7fc4200 <mysql_file_getline(char*, int, st_mysql_file*, char)::my_key> "\035\036\006\006\023\v\003\021\036\002\037\v\027\b\020\021\016\f\006\020", key_length=key_length@entry=20,
    mode=mode@entry=my_aes_128_ecb, iv=0x0, padding=true) at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/mysys_ssl/my_aes_openssl.cc:191
#2  0x00007ffff7c74788 in mysql_file_getline (size=4095, is_login_file=1 '\001', file=0x55555556c1d0, str=0x7fffffff8540 "!includedir /etc/mysql/mysql.d")
    at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/mysys_ssl/my_default.cc:1193
#3  search_default_file_with_ext (opt_handler=0x7ffff7c73e20 <handle_default_option(void*, char const*, char const*)>, handler_ctx=0x7fffffffc750, dir=<optimized out>, ext=<optimized out>, config_file=<optimized out>,
    recursion_level=0, is_login_file=<optimized out>) at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/mysys_ssl/my_default.cc:917
#4  0x00007ffff7c750be in search_default_file (opt_handler=opt_handler@entry=0x7ffff7c73e20 <handle_default_option(void*, char const*, char const*)>, handler_ctx=handler_ctx@entry=0x7fffffffc750, dir=dir@entry=0x0,
    config_file=config_file@entry=0x7fffffffcb30 "/root/.mylogin.cnf", is_login_file=is_login_file@entry=1 '\001') at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/mysys_ssl/my_default.cc:785
#5  0x00007ffff7c754ac in my_search_option_files (conf_file=conf_file@entry=0x7fffffffcb30 "/root/.mylogin.cnf", argc=argc@entry=0x7fffffffcd94, argv=argv@entry=0x7fffffffcd98, args_used=args_used@entry=0x7fffffffc74c,
    func=func@entry=0x7ffff7c73e20 <handle_default_option(void*, char const*, char const*)>, func_ctx=func_ctx@entry=0x7fffffffc750, default_directories=0x55555556bff0, is_login_file=1 '\001', found_no_defaults=0 '\000')
    at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/mysys_ssl/my_default.cc:389
#6  0x00007ffff7c75c12 in my_load_defaults (conf_file=conf_file@entry=0x7ffff7c803a6 "my", groups=<optimized out>, groups@entry=0x7fffffffcdd0, argc=argc@entry=0x7fffffffcd94, argv=argv@entry=0x7fffffffcd98,
    default_directories=default_directories@entry=0x0) at /usr/include/bits/stdio2.h:107
#7  0x00007ffff7c38968 in mysql_read_default_options (options=options@entry=0x7fffffffdb48, filename=0x7ffff7c803a6 "my", group=0x55555556be70 "test")
    at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/sql-common/client.c:1802
#8  0x00007ffff7c3fdbe in mysql_real_connect (mysql=0x7fffffffd7b0, host=0x555555556041 "localhost", user=0x555555556039 "__nss__", passwd=0x555555556018 "ada73f4b1a75daa49ad65c6547090463", db=0x55555555600d "soeasyto", port=0,
    unix_socket=0x55555555604b "/var/run/mysqld/mysqld.sock", client_flag=0) at /usr/src/debug/dev-db/mysql-connector-c-6.1.11-r2/mysql-connector-c-6.1.11-src/sql-common/client.c:4218
#9  0x0000555555555201 in main (argc=1, argv=0x7fffffffdda8) at test.c:8

Test file:
#include <mysql.h>

int main(int argc, char* argv[])
{
    MYSQL db;
    mysql_init(&db);
    mysql_options(&db, MYSQL_READ_DEFAULT_GROUP, "test");
    // credentials replaced with *** for anonymity, replace them with valid
    // ones from your server 
    mysql_real_connect(&db, "***", "***", "***", "***", 0, "***", 0);
    mysql_close(&db);
    return 0;
}
Comment 3 Blakawk 2019-12-07 16:36:31 UTC 
Created attachment 598858 [details, diff]
Proposed patch to fix CIPHER CTX initialization