Bug#941493: marked as done (/usr/bin/smbclient: smbclient segfaults when used with KCM kerberos credentials cache)

Thu, 12 Nov 2020 01:03:25 -0800 

Your message dated Thu, 12 Nov 2020 10:00:23 +0100
with message-id 
<cafx5sbyfnwxjq0bh4nbm8yt-srjfpyzx0sf9nvpxger5sre...@mail.gmail.com>
and subject line Already fixed in bullseye
has caused the Debian Bug report #941493,
regarding /usr/bin/smbclient: smbclient segfaults when used with KCM kerberos 
credentials cache
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
941493: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941493
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: smbclient
Version: 2:4.10.8+dfsg-1
Severity: normal
File: /usr/bin/smbclient

It appears that smbclient can't make use of the KCM kerberos credentials
cache (as implemented by sssd-kcm). It attempts to fall back to asking
for a password, but then segfaults:

        $ echo $KRB5CCNAME
        KCM:

        $ smbclient '//server.example.com/documentation$'
        Unable to initialize messaging context
        Enter [email protected]'s password: 
        Failed to resolve credential cache 'KCM:'! (Unknown credential cache 
type)
        free(): double free detected in tcache 2
        Aborted (core dumped)

Here's the backtrace:

        #0  0x00007ffff7484081 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/unix/sysv/linux/raise.c:50
        #1  0x00007ffff746f535 in __GI_abort () at abort.c:79
        #2  0x00007ffff74c5db8 in __libc_message (action=action@entry=do_abort, 
fmt=fmt@entry=0x7ffff75d0aae "%s\n") at ../sysdeps/posix/libc_fatal.c:181
        #3  0x00007ffff74cc48a in malloc_printerr (str=str@entry=0x7ffff75d2768 
"free(): double free detected in tcache 2") at malloc.c:5361
        #4  0x00007ffff74cde4d in _int_free (av=0x7ffff7603c40 <main_arena>, 
p=0x555555590b60, have_lock=<optimized out>) at malloc.c:4215
        #5  0x00007ffff6ccc925 in krb5_free_context (context=0x5555555cd0d0) at 
../../source4/heimdal/lib/krb5/context.c:595
        #6  0x00007ffff729a3bd in gse_context_destructor (ptr=<optimized out>) 
at ../../source3/librpc/crypto/gse.c:84
        #7  0x00007ffff773413e in  () at 
/usr/lib/x86_64-linux-gnu/libtalloc.so.2
        #8  0x00007ffff729b05c in gse_context_init 
(mem_ctx=mem_ctx@entry=0x5555555cd040, do_sign=<optimized out>, 
do_seal=<optimized out>, add_gss_c_flags=<optimized out>, 
_gse_ctx=_gse_ctx@entry=0x7fffffffce30, ccache_name=<optimized out>) at 
../../source3/librpc/crypto/gse.c:241
        #9  0x00007ffff729b223 in gse_init_client (ccache_name=0x0, 
realm=<optimized out>, username=<optimized out>, password=<optimized out>, 
_gse_ctx=<synthetic pointer>, add_gss_c_flags=<optimized out>, 
service=0x5555555cb060 "cifs", server=0x5555555caaf0 "server.example.com", 
do_seal=<optimized out>, do_sign=<optimized out>, mem_ctx=0x5555555cd040) at 
../../source3/librpc/crypto/gse.c:268
        #10 0x00007ffff729b223 in gensec_gse_client_start 
(gensec_security=0x5555555cd040) at ../../source3/librpc/crypto/gse.c:786
        #11 0x00007ffff71efef3 in gensec_start_mech 
(gensec_security=0x5555555cd040) at ../../auth/gensec/gensec_start.c:743
        #12 0x00007ffff71efef3 in gensec_start_mech 
(gensec_security=0x5555555cd040) at ../../auth/gensec/gensec_start.c:704
        #13 0x00007ffff71f39ce in gensec_spnego_client_negTokenInit_step 
(gensec_security=0x5555555c1e20, spnego_state=0x5555555c4750, n=0x5555555cc800, 
spnego_in=<optimized out>, last_status=..., in_mem_ctx=<optimized out>, 
in_next=0x5555555cc758) at ../../auth/gensec/spnego.c:624
        #14 0x00007ffff71f3f99 in gensec_spnego_client_negTokenInit_start 
(gensec_security=0x5555555c1e20, spnego_state=0x5555555c4750, n=0x5555555cc800, 
spnego_in=0x5555555cc6c8, in_mem_ctx=0x5555555cc6a0, in_next=0x5555555cc758) at 
../../auth/gensec/spnego.c:528
        #15 0x00007ffff71f4ce4 in gensec_spnego_update_pre (req=0x5555555cc4f0) 
at ../../auth/gensec/spnego.c:1913
        #16 0x00007ffff71f4ce4 in gensec_spnego_update_send (mem_ctx=<optimized 
out>, ev=0x5555555a97f0, gensec_security=<optimized out>, in=...) at 
../../auth/gensec/spnego.c:1711
        #17 0x00007ffff71eee58 in gensec_update_send (mem_ctx=<optimized out>, 
ev=0x5555555a97f0, gensec_security=0x5555555c1e20, in=...) at 
../../auth/gensec/gensec.c:449
        #18 0x00007ffff7a7e986 in cli_session_setup_gensec_local_next 
(req=0x5555555c6c60) at ../../source3/libsmb/cliconnect.c:1016
        #19 0x00007ffff7a803e0 in cli_session_setup_gensec_send 
(target_service=0x7ffff7ab7041 "cifs", target_hostname=0x5555555c0d10 
"server.example.com", creds=0x5555555abd70, cli=0x5555555abd70, 
ev=0x5555555a97f0, mem_ctx=<optimized out>) at 
../../source3/libsmb/cliconnect.c:996
        #20 0x00007ffff7a803e0 in cli_session_setup_spnego_send 
(creds=0x5555555abd70, cli=0x5555555abd70, ev=0x5555555a97f0, 
mem_ctx=<optimized out>) at ../../source3/libsmb/cliconnect.c:1308
        #21 0x00007ffff7a803e0 in cli_session_setup_creds_send 
(mem_ctx=mem_ctx@entry=0x5555555a97f0, ev=ev@entry=0x5555555a97f0, 
cli=cli@entry=0x5555555abd70, creds=creds@entry=0x5555555b2130) at 
../../source3/libsmb/cliconnect.c:1467
        #22 0x00007ffff7a80b6d in cli_session_setup_creds (cli=0x5555555abd70, 
creds=creds@entry=0x5555555b2130) at ../../source3/libsmb/cliconnect.c:1805
        #23 0x00007ffff7a9c517 in do_connect (ctx=ctx@entry=0x5555555a8c70, 
server=<optimized out>, server@entry=0x0, share=share@entry=0x5555555be0f0 
"\\\\server.example.com\\documentation$", auth_info=0x5555555b20a0, 
force_encrypt=<optimized out>, max_protocol=max_protocol@entry=13, port=0, 
name_type=32, pcli=0x7fffffffd1d0) at ../../source3/libsmb/clidfs.c:236
        #24 0x00007ffff7a9ca68 in cli_cm_connect (ctx=ctx@entry=0x5555555a8c70, 
referring_cli=referring_cli@entry=0x0, server=server@entry=0x0, 
share=share@entry=0x5555555be0f0 "\\\\server.example.com\\documentation$", 
auth_info=<optimized out>, force_encrypt=force_encrypt@entry=false, 
max_protocol=13, port=0, name_type=32, pcli=0x7fffffffd230) at 
../../source3/libsmb/clidfs.c:339
        #25 0x00007ffff7a9cbef in cli_cm_open (ctx=0x5555555a8c70, 
referring_cli=0x0, server=0x0, share=0x5555555be0f0 
"\\\\server.example.com\\documentation$", auth_info=<optimized out>, 
force_encrypt=<optimized out>, max_protocol=13, port=0, name_type=32, 
pcli=0x55555557b398 <cli>) at ../../source3/libsmb/clidfs.c:441
        #26 0x000055555555e1c8 in main ()

-- System Information:
Debian Release: 10.1
  APT prefers stable-debug
  APT policy: (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), 
(550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (500, 
'stable-updates'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-0.bpo.2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_USER, TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages smbclient depends on:
ii  dpkg          1.19.7
ii  libarchive13  3.3.3-4
ii  libbsd0       0.9.1-2
ii  libc6         2.29-1
ii  libpopt0      1.16-12
ii  libreadline8  8.0-3
ii  libsmbclient  2:4.10.8+dfsg-1
ii  libtalloc2    2.3.0-2
ii  libtevent0    0.10.1-3
ii  libwbclient0  2:4.10.8+dfsg-1
ii  samba-common  2:4.10.8+dfsg-1
ii  samba-libs    2:4.10.8+dfsg-1

smbclient recommends no packages.

Versions of packages smbclient suggests:
ii  cifs-utils       2:6.8-2
pn  heimdal-clients  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 2:4.12.3+dfsg-1

Hi,

This bug is already fixed in bullseye.

Regards
-- 
Mathieu Parent

--- End Message ---

Reply via email to