CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9

Kimmo Paasiala kpaasial at gmail.com
Thu Jan 17 13:07:40 UTC 2013 

On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis <brooks at freebsd.org> wrote:
> On Wed, Jan 16, 2013 at 08:01:00PM +0200, Kimmo Paasiala wrote:
>> On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric <dim at freebsd.org> wrote:
>> > On 2013-01-16 13:05, Kimmo Paasiala wrote:
>> >>
>> >> I just updated my stable/9 system after clang3.2 was added. My system
>> >> is amd64, both world and kernel are compiled with clang3.2 and the
>> >> default compiler is clang. I'm tracking the sources with GIT and the
>> >> version I have corresponds to SVN revision r245451.
>> >>
>> >> Everything else seems to work but the pam authentication module
>> >> security/pam_ssh_agent_auth segfaults immediately.
>> >
>> > ...
>> >
>> >> #0  0x0000000800ef2070 in strsvis () from /lib/libc.so.7
>> >> #1  0x0000000800ef2584 in strvis () from /lib/libc.so.7
>> >> #2  0x0000000800ef25e5 in strnvis () from /lib/libc.so.7
>> >> #3  0x0000000801c0e2e7 in do_log () from
>> >> /usr/local/lib/pam_ssh_agent_auth.so
>> >> #4  0x0000000801c0e4ff in logit () from
>> >> /usr/local/lib/pam_ssh_agent_auth.so
>> >
>> > ...
>> >
>> >> The str*vis() calls suggest that it's something in the libc maybe?
>> >
>> >
>> > Brooks merged the new strvis implementations in r245439, so you may have
>> > run into a bug with them.  I don't think this is caused specifically by
>> > clang, at least not without more proof. :-)
>> >
>> > Can you try reverting to the revision just before r245439, rebuilding
>> > and reinstalling at least libc, and see if the pam_ssh_agent_auth crash
>> > goes away?
>>
>> I'm rebuilding world now. Took me some time to figure out how to
>> revert the commits in git. I'll report back once finished.
>
> NetBSD and OpenBSD use different signatures for strnvis(). :(
> pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD
> one but ours is the NetBSD one.  The port will need to be patched to use
> the openbsd version like it was doing or to swap the second and third
> arguments when build on newer versions of FreeBSD.
>
> -- Brooks

It turns out that security/pam_ssh_agent_auth compiles its own version
of strnvis() when HAVE_STRNVIS is not defined. This in turn results in
an exported dynamic strnvis symbol in the plugin binary. I guess
that's what is breaking things when the plugin binary is loaded on
post r245439 world.

First thing that comes to my mind for a fix is renaming the local
strnvis() to something else conditionally based on HAVE_STRNVIS.

-Kimmo

More information about the freebsd-stable mailing list