Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#163260: FW: Re: [rt-users] Apache restart: can't login

74 views
Skip to first unread message

John Goerzen

unread,
Nov 8, 2002, 1:20:06 PM11/8/02
to
Y'all may be interested in this; there is what appears to be a manifestation
of this same problem in RT2 (debian package request-tracker) and Perl. The
Perl people apparently have a "workaround", but this is not yet in Debian,
and implies that glibc still has a problem.

----- Forwarded message from Rick Bradley <rt-u...@rickbradley.com> -----

From: Rick Bradley <rt-u...@rickbradley.com>
Date: Fri, 8 Nov 2002 11:53:47 -0600
To: John Goerzen <jgoe...@complete.org>
Cc: rt-u...@fsck.com
Subject: Re: [rt-users] Apache restart: can't login

* John Goerzen (jgoe...@complete.org) [021108 11:52]:
> > If it's a Linux system it could be a problem with a faulty crypt() in
> > glibc. Check the archives for more info.
>
> Hmm, that could make sense; however, despite repeated googling, I wasn't
> able to find any relevant info in the archives. Search term suggestions
> would be welcome :-)

Try these links:

http://lists.fsck.com/pipermail/rt-users/2002-September/010117.html
http://lists.fsck.com/pipermail/rt-users/2002-October/010256.html

Rick
--
http://www.rickbradley.com MUPRN: 67 (62F/62F)
| big of a deal. There's
random email haiku | a lot of useless bullshit
| in the protocol.

----- End forwarded message -----


--
To UNSUBSCRIBE, email to debian-gli...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Daniel Jacobowitz

unread,
Nov 8, 2002, 2:20:12 PM11/8/02
to
I forgot to send the patch to this bug; here it is. I'll ping libc
about it again upstream.

Right now, Perl has this code in it:

#ifdef HAS_CRYPT_R
#ifdef __GLIBC__
PL_reentrant_buffer->_crypt_struct.initialized = 0;
#endif
#endif /* HAS_CRYPT_R */

That's the only member of the _crypt_struct it changes at initialization.
This looks legitimate, according to the documentation:

The `crypt_r' function does the same thing as `crypt', but takes
an extra parameter which includes space for its result (among
other things), so it can be reentrant. `data->initialized' must be
cleared to zero before the first time `crypt_r' is called.

But we never clear the rest of the structure. We overwrite the sb0-sb3
tables, and we overwrite the keysched, but we read the current_salt and
current_saltbits out.

Sure enough valgrind detects some uses of uninitialized values in calls to
crypt_r. This patch fixes all of them (except for a couple coming out of
the dynamic linker! Which I'll look at in a bit and the patch doesn't
affect.)

--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer

2002-10-29 Daniel Jacobowitz <dr...@mvista.com>

* crypt/crypt_util.c (__init_des_r): Initialize current_salt
and current_saltbits.

--- crypt/crypt_util.c.fix 2002-10-29 13:56:46.000000000 -0500
+++ crypt/crypt_util.c 2002-10-29 13:56:13.000000000 -0500
@@ -536,6 +536,9 @@
}
}

+ __data->current_saltbits = 0;
+ __data->current_salt[0] = 0;
+ __data->current_salt[1] = 0;
__data->initialized++;
}

--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer

0 new messages