[
https://issues.apache.org/jira/browse/KUDU-3274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17322189#comment-17322189
]
ASF subversion and git services commented on KUDU-3274:
-------------------------------------------------------
Commit 5cd8d574c020925e8257dc6d11af4ee516f329b7 in kudu's branch
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=5cd8d57 ]
KUDU-3274 Ignore buffer overflow in libsasl
We recently added a few test cases where the client negotiation fails
with this error (which is what we expect):
GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Server kudu/127.6.40....@krbtest.com not found in Kerberos database)
Apparently SASL doesn't allocate enough memory for this error message in
some cases which causes these tests to be flaky with a ~20% error rate
with AddressSanitizer enabled:
==9298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e00003e2d6
at pc 0x000000530bf4 bp 0x7f8eb50ad0f0 sp 0x7f8eb50ac8a0
READ of size 151 at 0x60e00003e2d6 thread T88 (client-negotiat)
#0 0x530bf3 in __interceptor_strlen.part.35
sanitizer_common/sanitizer_common_interceptors.inc:365:5
#1 0x7f8ee6ad9ee8 in std::basic_ostream<char, std::char_traits<char> >&
std::operator<<<std::char_traits<char> >(std::basic_ostream<char,
std::char_traits<char> >&, char const*)
(/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x113ee8)
#2 0x7f8eeb7c9c9b in kudu::rpc::SaslLogCallback(void*, int, char const*)
../src/kudu/rpc/sasl_common.cc:102:29
#3 0x7f8eeb30241c in sasl_seterror
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x1441c)
#4 0x7f8edd8f143d in _init
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/sasl2/libgssapiv2.so+0x243d)
#5 0x7f8edd8f2452 in _init
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/sasl2/libgssapiv2.so+0x3452)
#6 0x7f8eeb2f7844 in sasl_client_step
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x9844)
#7 0x7f8eeb2f7bc5 in sasl_client_start
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x9bc5)
#8 0x7f8eeb678679 in
kudu::rpc::ClientNegotiation::SendSaslInitiate()::$_1::operator()() const
../src/kudu/rpc/client_negotiation.cc:594:14
#9 0x7f8eeb67831c in std::_Function_handler<int (),
kudu::rpc::ClientNegotiation::SendSaslInitiate()::$_1>::_M_invoke(std::_Any_data
const&) ../../../include/c++/8/bits/std_function.h:282:9
#10 0x7f8ef3b28220 in std::function<int ()>::operator()() const
../../../include/c++/8/bits/std_function.h:687:14
#11 0x7f8eeb7c5840 in kudu::rpc::WrapSaslCall(sasl_conn*, std::function<int
()> const&, char const*) ../src/kudu/rpc/sasl_common.cc:341:12
#12 0x7f8eeb67363b in kudu::rpc::ClientNegotiation::SendSaslInitiate()
../src/kudu/rpc/client_negotiation.cc:593:20
#13 0x7f8eeb66e0c7 in
kudu::rpc::ClientNegotiation::AuthenticateBySasl(kudu::faststring*,
std::unique_ptr<kudu::rpc::ErrorStatusPB,
std::default_delete<kudu::rpc::ErrorStatusPB> >*)
../src/kudu/rpc/client_negotiation.cc:523:14
#14 0x7f8eeb667b99 in
kudu::rpc::ClientNegotiation::Negotiate(std::unique_ptr<kudu::rpc::ErrorStatusPB,
std::default_delete<kudu::rpc::ErrorStatusPB> >*)
../src/kudu/rpc/client_negotiation.cc:220:7
#15 0x7f8eeb715027 in
kudu::rpc::DoClientNegotiation(kudu::rpc::Connection*, kudu::TriStateFlag,
kudu::TriStateFlag, kudu::MonoTime, std::unique_ptr<kudu::rpc::ErrorStatusPB,
std::default_delete<kudu::rpc::ErrorStatusPB> >*)
../src/kudu/rpc/negotiation.cc:218:3
#16 0x7f8eeb712095 in
kudu::rpc::Negotiation::RunNegotiation(scoped_refptr<kudu::rpc::Connection>
const&, kudu::TriStateFlag, kudu::TriStateFlag, kudu::MonoTime)
../src/kudu/rpc/negotiation.cc:295:9
#17 0x7f8eeb74d4ad in
kudu::rpc::ReactorThread::StartConnectionNegotiation(scoped_refptr<kudu::rpc::Connection>
const&)::$_1::operator()() const ../src/kudu/rpc/reactor.cc:614:3
#18 0x7f8eeb74d06c in std::_Function_handler<void (),
kudu::rpc::ReactorThread::StartConnectionNegotiation(scoped_refptr<kudu::rpc::Connection>
const&)::$_1>::_M_invoke(std::_Any_data const&)
../../../include/c++/8/bits/std_function.h:297:2
#19 0x71b760 in std::function<void ()>::operator()() const
../../../include/c++/8/bits/std_function.h:687:14
#20 0x7f8ee917d03d in kudu::ThreadPool::DispatchThread()
../src/kudu/util/threadpool.cc:669:7
#21 0x7f8ee91817dc in kudu::ThreadPool::CreateThread()::$_1::operator()()
const ../src/kudu/util/threadpool.cc:742:48
#22 0x7f8ee918162c in std::_Function_handler<void (),
kudu::ThreadPool::CreateThread()::$_1>::_M_invoke(std::_Any_data const&)
../../../include/c++/8/bits/std_function.h:297:2
#23 0x71b760 in std::function<void ()>::operator()() const
../../../include/c++/8/bits/std_function.h:687:14
#24 0x7f8ee915660a in kudu::Thread::SuperviseThread(void*)
../src/kudu/util/thread.cc:674:3
#25 0x7f8eec6106da in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#26 0x7f8ee64de71e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)
0x60e00003e2d6 is located 0 bytes to the right of 150-byte region
[0x60e00003e240,0x60e00003e2d6)
allocated by thread T88 (client-negotiat) here:
#0 0x5a4bb8 in malloc
/home/abukor/src/kudu/thirdparty/src/llvm-9.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:145:3
#1 0x7f8eeb2fa1df in _buf_alloc
(/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0xc1df)
This patch suppresses address sanitizer errors in sasl_seterror().
Change-Id: Ie66e1f14c9750b13676c7e28e6439057a5e73341
Reviewed-on: http://gerrit.cloudera.org:8080/17317
Tested-by: Attila Bukor <abu...@apache.org>
Reviewed-by: Alexey Serbin <aser...@cloudera.com>
Reviewed-by: Grant Henke <granthe...@apache.org>
> Buffer overflow in SASL
> -----------------------
>
> Key: KUDU-3274
> URL: https://issues.apache.org/jira/browse/KUDU-3274
> Project: Kudu
> Issue Type: Bug
> Reporter: Attila Bukor
> Priority: Major
>
> There seems to be a buffer overflow in SASL under certain conditions ("Server
> not found in Kerberos database" error):
> {code}
> ==9298==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x60e00003e2d6 at pc 0x000000530bf4 bp 0x7f8eb50ad0f0 sp 0x7f8eb50ac8a0
> READ of size 151 at 0x60e00003e2d6 thread T88 (client-negotiat)
> #0 0x530bf3 in __interceptor_strlen.part.35
> sanitizer_common/sanitizer_common_interceptors.inc:365:5
> #1 0x7f8ee6ad9ee8 in std::basic_ostream<char, std::char_traits<char> >&
> std::operator<<<std::char_traits<char> >(std::basic_ostream<char,
> std::char_traits<char> >&, char const*)
> (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x113ee8)
> #2 0x7f8eeb7c9c9b in kudu::rpc::SaslLogCallback(void*, int, char const*)
> ../src/kudu/rpc/sasl_common.cc:102:29
> #3 0x7f8eeb30241c in sasl_seterror
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x1441c)
> #4 0x7f8edd8f143d in _init
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/sasl2/libgssapiv2.so+0x243d)
> #5 0x7f8edd8f2452 in _init
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/sasl2/libgssapiv2.so+0x3452)
> #6 0x7f8eeb2f7844 in sasl_client_step
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x9844)
> #7 0x7f8eeb2f7bc5 in sasl_client_start
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0x9bc5)
> #8 0x7f8eeb678679 in
> kudu::rpc::ClientNegotiation::SendSaslInitiate()::$_1::operator()() const
> ../src/kudu/rpc/client_negotiation.cc:594:14
> #9 0x7f8eeb67831c in std::_Function_handler<int (),
> kudu::rpc::ClientNegotiation::SendSaslInitiate()::$_1>::_M_invoke(std::_Any_data
> const&) ../../../include/c++/8/bits/std_function.h:282:9
> #10 0x7f8ef3b28220 in std::function<int ()>::operator()() const
> ../../../include/c++/8/bits/std_function.h:687:14
> #11 0x7f8eeb7c5840 in kudu::rpc::WrapSaslCall(sasl_conn*,
> std::function<int ()> const&, char const*)
> ../src/kudu/rpc/sasl_common.cc:341:12
> #12 0x7f8eeb67363b in kudu::rpc::ClientNegotiation::SendSaslInitiate()
> ../src/kudu/rpc/client_negotiation.cc:593:20
> #13 0x7f8eeb66e0c7 in
> kudu::rpc::ClientNegotiation::AuthenticateBySasl(kudu::faststring*,
> std::unique_ptr<kudu::rpc::ErrorStatusPB,
> std::default_delete<kudu::rpc::ErrorStatusPB> >*)
> ../src/kudu/rpc/client_negotiation.cc:523:14
> #14 0x7f8eeb667b99 in
> kudu::rpc::ClientNegotiation::Negotiate(std::unique_ptr<kudu::rpc::ErrorStatusPB,
> std::default_delete<kudu::rpc::ErrorStatusPB> >*)
> ../src/kudu/rpc/client_negotiation.cc:220:7
> #15 0x7f8eeb715027 in
> kudu::rpc::DoClientNegotiation(kudu::rpc::Connection*, kudu::TriStateFlag,
> kudu::TriStateFlag, kudu::MonoTime, std::unique_ptr<kudu::rpc::ErrorStatusPB,
> std::default_delete<kudu::rpc::ErrorStatusPB> >*)
> ../src/kudu/rpc/negotiation.cc:218:3
> #16 0x7f8eeb712095 in
> kudu::rpc::Negotiation::RunNegotiation(scoped_refptr<kudu::rpc::Connection>
> const&, kudu::TriStateFlag, kudu::TriStateFlag, kudu::MonoTime)
> ../src/kudu/rpc/negotiation.cc:295:9
> #17 0x7f8eeb74d4ad in
> kudu::rpc::ReactorThread::StartConnectionNegotiation(scoped_refptr<kudu::rpc::Connection>
> const&)::$_1::operator()() const ../src/kudu/rpc/reactor.cc:614:3
> #18 0x7f8eeb74d06c in std::_Function_handler<void (),
> kudu::rpc::ReactorThread::StartConnectionNegotiation(scoped_refptr<kudu::rpc::Connection>
> const&)::$_1>::_M_invoke(std::_Any_data const&)
> ../../../include/c++/8/bits/std_function.h:297:2
> #19 0x71b760 in std::function<void ()>::operator()() const
> ../../../include/c++/8/bits/std_function.h:687:14
> #20 0x7f8ee917d03d in kudu::ThreadPool::DispatchThread()
> ../src/kudu/util/threadpool.cc:669:7
> #21 0x7f8ee91817dc in kudu::ThreadPool::CreateThread()::$_1::operator()()
> const ../src/kudu/util/threadpool.cc:742:48
> #22 0x7f8ee918162c in std::_Function_handler<void (),
> kudu::ThreadPool::CreateThread()::$_1>::_M_invoke(std::_Any_data const&)
> ../../../include/c++/8/bits/std_function.h:297:2
> #23 0x71b760 in std::function<void ()>::operator()() const
> ../../../include/c++/8/bits/std_function.h:687:14
> #24 0x7f8ee915660a in kudu::Thread::SuperviseThread(void*)
> ../src/kudu/util/thread.cc:674:3
> #25 0x7f8eec6106da in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
> #26 0x7f8ee64de71e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)
> 0x60e00003e2d6 is located 0 bytes to the right of 150-byte region
> [0x60e00003e240,0x60e00003e2d6)
> allocated by thread T88 (client-negotiat) here:
> #0 0x5a4bb8 in malloc
> /home/abukor/src/kudu/thirdparty/src/llvm-9.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:145:3
> #1 0x7f8eeb2fa1df in _buf_alloc
> (/tmp/dist-test-taskexUtyr/build/dist-test-system-libs/libsasl2.so.3+0xc1df)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
