crash on debian i386 in krb5_plugin_register(hdb_samba4_interface) (Re: waf, PYTHONHASHSEED & -I order on other architectures)

Michael Tokarev mjt at tls.msk.ru
Tue May 10 18:18:50 UTC 2022 

10.05.2022 19:48, Stefan Metzmacher via samba-technical wrote:
> 
> Hi Michael,
> 
>> As I already wrote in another email, it is not "just" the link order.
>> Well, it is, but sometimes it even produces an executable (or a library)
>> which starts but crashes later.  We have such a broken build of samba in
>> debian i386 stable right now.
> 
> Today I found a crash problem on i386 in:
> 
>          ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
>                                     PLUGIN_TYPE_DATA, "hdb_samba4_interface",
>                                     &hdb_samba4_interface);
> 
> This is because krb5_plugin_register => heim_plugin_register casts:
> 
> struct hdb_method {
>      int                 version;
>      unsigned int        is_file_based:1;
>      unsigned int        can_taste:1;
>      krb5_error_code     (*init)(krb5_context, void **);
>      void                (*fini)(void *);
>      const char *prefix;
>      krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
> };
> 
> into:
> 
> struct heim_plugin_common_ftable_desc {
>      int                 version;
>      int                 (HEIM_LIB_CALL *init)(heim_pcontext, void **);
>      void                (HEIM_LIB_CALL *fini)(void *);
> };

Oh lovely :)

Well, that definitely is not the right thing to cast one to another :)

> This seems to work on x86_64 as we have 4 padding bytes after 'int version',
> so that the 'init' function pointer is at offset 8.
> 
> But on i386 hdb_method has 'init' at offset 8 while
> heim_plugin_common_ftable_desc has it at offset 4.
> 
> So is_file_based and can_tast need to move behind the 'fini' function
> pointer.
> 
> Is that the crash you are seeing?

No. Because the crash we're seeing comes from the *order* of
the link of some of the libraries.  Yes, that's right, the
*order* in which you link things matter.  I weren't able to
reproduce the crash up until I learned about this PYTHONHASHSEED
thing and tried to do the link in the same *order* as seen in
the debian build log. Before that, we didn't set PYTHONHASHSEED
at all and the order was random.  smbd crashed at startup
regardless of krb5 stuff.

I didn't try to investigate further as it is pointless now, -
since the thing depend on particular "random" order, since
the affected version is old (4.13) and new one is already
available and since whole thing - "random" order of everything -
is what must be addressed, instead of finding which "random"
is sufficiently random to give the wrong results.  I just
did quite some ad-hoc grep/sed stuff to extract the link
lines and repeated the build, the result crashed.

https://bugs.debian.org/1009855 is the bug report in question.
https://bugs.debian.org/1006935 is of the same theme.

Neither of which is krb5-related.

But this krb5 thing is.. lovely :)

Thank you for sharing!

/mjt

More information about the samba-technical mailing list