Bug#163260: FW: Re: [rt-users] Apache restart: can't login

Showing 1-2 of 2 messages
Bug#163260: FW: Re: [rt-users] Apache restart: can't login John Goerzen 11/8/02 10:20 AM
Y'all may be interested in this; there is what appears to be a manifestation
of this same problem in RT2 (debian package request-tracker) and Perl.  The
Perl people apparently have a "workaround", but this is not yet in Debian,
and implies that glibc still has a problem.

----- Forwarded message from Rick Bradley <rt-u...@rickbradley.com> -----

From: Rick Bradley <rt-u...@rickbradley.com>
Date: Fri, 8 Nov 2002 11:53:47 -0600
To: John Goerzen <jgoe...@complete.org>
Cc: rt-u...@fsck.com
Subject: Re: [rt-users] Apache restart: can't login

* John Goerzen (jgoe...@complete.org) [021108 11:52]:
> > If it's a Linux system it could be a problem with a faulty crypt() in
> > glibc.  Check the archives for more info.
>
> Hmm, that could make sense; however, despite repeated googling, I wasn't
> able to find any relevant info in the archives.  Search term suggestions
> would be welcome :-)

Try these links:

http://lists.fsck.com/pipermail/rt-users/2002-September/010117.html
http://lists.fsck.com/pipermail/rt-users/2002-October/010256.html

Rick
--
 http://www.rickbradley.com    MUPRN: 67    (62F/62F)
                       |  big of a deal. There's
   random email haiku  |  a lot of useless bullshit
                       |  in the protocol.

----- End forwarded message -----


--
To UNSUBSCRIBE, email to debian-gli...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Bug#163260: FW: Re: [rt-users] Apache restart: can't login Daniel Jacobowitz 11/8/02 11:20 AM
I forgot to send the patch to this bug; here it is.  I'll ping libc
about it again upstream.

Right now, Perl has this code in it:

#ifdef HAS_CRYPT_R
#ifdef __GLIBC__
        PL_reentrant_buffer->_crypt_struct.initialized = 0;
#endif
#endif /* HAS_CRYPT_R */

That's the only member of the _crypt_struct it changes at initialization.
This looks legitimate, according to the documentation:

     The `crypt_r' function does the same thing as `crypt', but takes
     an extra parameter which includes space for its result (among
     other things), so it can be reentrant.  `data->initialized' must be
     cleared to zero before the first time `crypt_r' is called.

But we never clear the rest of the structure.  We overwrite the sb0-sb3
tables, and we overwrite the keysched, but we read the current_salt and
current_saltbits out.

Sure enough valgrind detects some uses of uninitialized values in calls to
crypt_r.  This patch fixes all of them (except for a couple coming out of
the dynamic linker!  Which I'll look at in a bit and the patch doesn't
affect.)

--
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

2002-10-29  Daniel Jacobowitz  <dr...@mvista.com>

        * crypt/crypt_util.c (__init_des_r): Initialize current_salt
        and current_saltbits.

--- crypt/crypt_util.c.fix        2002-10-29 13:56:46.000000000 -0500
+++ crypt/crypt_util.c        2002-10-29 13:56:13.000000000 -0500
@@ -536,6 +536,9 @@
     }
   }
 
+  __data->current_saltbits = 0;
+  __data->current_salt[0] = 0;
+  __data->current_salt[1] = 0;
   __data->initialized++;
 }
 

--
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer


--
To UNSUBSCRIBE, email to debian-gli...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org