Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-9.8
Affects Version/s: rhel-9.6.z
Component/s: ipa
Labels:
- fixed_upstream

Fixed in Build:
ipa-4.13.1-1.el9
Regression:
None
Severity:
Low
Epic Link:
IDM-2830
Keywords:

ZStream

AssignedTeam:
rhel-idm-ipa

Dev Target Milestone:
22
Internal Target Milestone:
24
Story Points:
0
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None
Release Blocker:
Regression Exception
Target Backport Versions:

rhel-9.4.z, rhel-9.6.z, rhel-9.7.z

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/154922
Test Coverage:

RegressionOnly

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

From https://issues.redhat.com/browse/RHEL-119339
ipa-4.12.2-14

=================================================================
==2651358==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7faacd7343ea bp 0x7faa6a6e2f48 sp 0x7faa6a6e2e60 T31)
==2651358==The signal is caused by a READ memory access.
==2651358==Hint: address points to the zero page.
    #0 0x7faacd7343ea in ipapwd_gen_checks /usr/src/debug/ipa-4.12.2-14.2.TESTBUILD.RHEL119339.el9_6.x86_64/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:584
    #1 0x7faacd73d8c0 in ipapwd_pre_bind /usr/src/debug/ipa-4.12.2-14.2.TESTBUILD.RHEL119339.el9_6.x86_64/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1531
    #2 0x7faad29370a4 in plugin_call_func ldap/servers/slapd/plugin.c:1996
    #3 0x7faad2937345 in plugin_call_list ldap/servers/slapd/plugin.c:1939
    #4 0x556f4d3dab9c in do_bind ldap/servers/slapd/bind.c:644
    #5 0x556f4d3e0832 in connection_dispatch_operation ldap/servers/slapd/connection.c:633
    #6 0x556f4d3e0832 in connection_threadmain ldap/servers/slapd/connection.c:1925
    #7 0x7faad2b7abd3 in _pt_root (/lib64/libnspr4.so+0x2cbd3)
    #8 0x7faad248a199 in start_thread (/lib64/libc.so.6+0x8a199)
    #9 0x7faad250f0ff in clone3 (/lib64/libc.so.6+0x10f0ff)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /usr/src/debug/ipa-4.12.2-14.2.TESTBUILD.RHEL119339.el9_6.x86_64/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:584 in ipapwd_gen_checks
Thread T31 created by T0 here:
    #0 0x7faad2c587d5 in pthread_create (/usr/lib64/libasan.so.6+0x587d5)
    #1 0x7faad2b7aeba in _PR_CreateThread (/lib64/libnspr4.so+0x2ceba)

==2651358==ABORTING

In https://github.com/freeipa/freeipa/blob/1d2897e3d7cc88c2c5698126ecb1e59fff396bbc/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c#L574-L587
there is a missing goto done; after the NULL check:

    /* get the kerberos context and master key */
    *config = ipapwd_getConfig();
    if (NULL == *config) {
        LOG_FATAL("Error Retrieving Master Key\n");
        *errMesg = "Fatal Internal Error";
        rc = LDAP_OPERATIONS_ERROR;
    }

    /* do not return the master key if asked */
    if (check_flags & IPAPWD_CHECK_ONLY_CONFIG) {
        free((*config)->kmkey->contents); // *config is NULL -> SEGV
        free((*config)->kmkey);
	(*config)->kmkey = NULL;
    }

split to

RHEL-138840 [Upstream]: AddressSanitizer: SEGV ipa-pwd-extop/common.c:584 in ipapwd_gen_checks

Closed

links to

RHSA-2025:154922 ipa security update

Upstream issue

Assignee:: Rob Crittenden

Reporter:: Viktor Ashirov

Developer:: Florence Renaud

QA Contact:: Sudhir Menon

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2026/01/06 9:46 AM

Updated:: 2026/02/02 11:05 AM

Dev Target end:: 2026/01/26

Target end:: 2026/02/09

Next Planned Release Date:: 2026/05/12

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates