Re: svnserve crash with SASL misconfiguration

From: Vlad Georgescu <vgeorgescu_at_gmail.com>
Date: 2007-09-12 19:21:07 CEST

Hi Philip,

Philip Martin wrote:
> While setting up my machine to run the regression tests with SASL I
> discovered that it is possible to get svnserve to crash. If I mess up
> the mech_list:CRAM-MD5 configuration, leave it out or misspell it say,
> then the server crashes when the client attempts to authenticate.

When SASL can't find a valid mech_list line, it will load _all_
available authentication plugins from a known location (/usr/lib/sasl2).
Looking at the stack trace, it ends up using a plugin that supports
encryption (sasl_write_cb is the callback that encrypts data before
sending it over the wire). However, I'm not able to reproduce the crash.

>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 1082132832 (LWP 6021)]
> 0x00002b1d86623b4c in sasl_write_cb (baton=0x538848,
> buffer=0x52c118 "( success ( ) ) nNwYXV0aD04MzRlNWVmNDhkMWQyOTQzNjc0ZDY2ZmQ2ODA2NmQ2MA==\n ) ) NnM9IixyZWFs\nbT0ic3ZudGVzdCIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAs\ncmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4Y"...,
> len=0x407ffa80) at ../svn/subversion/libsvn_ra_svn/cyrus_auth.c:585
> 585 sasl_baton->write_len -= tmplen;
> (gdb) p sasl_baton
> $1 = (sasl_baton_t *) 0x0

It's strange that sasl_baton is NULL here. sasl_baton is the same as
sasl_write_cb's baton argument, which is not NULL. Can you figure out
when sasl_baton becomes NULL?

> (gdb) bt 3
> #0 0x00002b1d86623b4c in sasl_write_cb (baton=0x538848,
> buffer=0x52c118 "( success ( ) ) nNwYXV0aD04MzRlNWVmNDhkMWQyOTQzNjc0ZDY2ZmQ2ODA2NmQ2MA==\n ) ) NnM9IixyZWFs\nbT0ic3ZudGVzdCIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAs\ncmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4Y"...,
> len=0x407ffa80) at ../svn/subversion/libsvn_ra_svn/cyrus_auth.c:585
> #1 0x00002b1d864f66e1 in svn_stream_write (stream=0x5388a0,
> data=0x52c118 "( success ( ) ) nNwYXV0aD04MzRlNWVmNDhkMWQyOTQzNjc0ZDY2ZmQ2ODA2NmQ2MA==\n ) ) NnM9IixyZWFs\nbT0ic3ZudGVzdCIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAs\ncmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4Y"...,
> len=0x407ffa80) at ../svn/subversion/libsvn_subr/stream.c:105
> #2 0x00002b1d8662b794 in svn_ra_svn__stream_write (stream=0x538880,
> data=0x52c118 "( success ( ) ) nNwYXV0aD04MzRlNWVmNDhkMWQyOTQzNjc0ZDY2ZmQ2ODA2NmQ2MA==\n ) ) NnM9IixyZWFs\nbT0ic3ZudGVzdCIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAs\ncmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4Y"...,
> len=0x407ffa80) at ../svn/subversion/libsvn_ra_svn/streams.c:230
> (More stack frames follow...)
> (gdb)
>

-- 
Vlad
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Sep 12 23:54:37 2007

This message: [ Message body ]
Next message: Hyrum K. Wright: "Re: Walking Merge History"
Previous message: Mark Phippard: "Re: Notifications when merge aborts due to conflicts"
In reply to: Philip Martin: "svnserve crash with SASL misconfiguration"
Next in thread: Philip Martin: "Re: svnserve crash with SASL misconfiguration"
Reply: Philip Martin: "Re: svnserve crash with SASL misconfiguration"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]