Skip to content

XRootD getCredentials() periodically segfaulting due to missing name

We periodically get segfaults in taped, see e.g. https://gitlab.cern.ch/cta/CTA/-/jobs/52022772. This seems to be related to the following:

#15 XrdSecProtocolsss::getCredentials (this=0x7f0010001230, parms=<optimized out>, einfo=0x7f00177eec60) at /usr/src/debug/xrootd-5.7.1-1.el9.x86_64/src/XrdSecsss/XrdSecProtocolsss.cc:688
        k = <optimized out>
        n = 200
        rrHdr = {<XrdSecsssRR_Hdr> = {ProtID = "sss", Pad = "\000", knSize = 0 '\000', EncType = 48 '0', static etBFish32 = 48 '0', KeyID = 72057597868990823}, keyName = '\000' <repeats 191 times>}
        rrDataHdr = {P = 0x7f0010014360}
        encKey = {static maxKLen = 128, static NameSZ = 192, static UserSZ = 128, static GrupSZ = 64, Data = {ID = 7449334094434926593, Flags = 0, Crt = 1734433252, Exp = 0, Opts = 0, Len = 32, 
            Val = "2\206\233\316\346\373|ϸ5\342\213&\"(b`\331>\245\265\255Z\243\330T\272Y\310uN`\377,*\255+\230\034-\255+\0207\302\356̯ⲯ\v\354\255ݬ\312\373\354\337\273\273\354\353\376ʬ\357\373\376\255\277\273\255ʉ\260\332\314\f\252\316\v\354\353\372\332\377\017\373\017\352п\260\272ܠ\316\314\356\336\322\302ۯ\357\372\356+/\334\334\001,*\374\332\374\342\262\312,,\312\355", <incomplete sequence \373\254>, 
            Name = "\316\375+,\352\242\302ھ\255++\354\255ݬ\312\373\354߲\302ڮۯ\342\262\375\315\300\022\302\357\357\332ҲB\302\377+/\362\302ڮ\257\375+,\332\312\315\354\322\352id\":981,\"tid\":1037,\"message\":\"In RAOManager::queryRAO(), successfully performed RAO.\",\"drive_name\":\"VDSTK01\",\"instance\":\"CI\",\"sched_bac", 
            User = "daemon\000ceph\",\"thread\":\"RecallTaskInjector\",\"tapeDrive\":\"VDSTK01\",\"mountId\":\"4\",\"vo\":\"vo\",\"tapePool\":\"ctasystest\",\"transactionId\"", 
            Grup = "daemon\000xecutedRAOAlgorithm\":\"linear\",\"vectorInitializationTime\":"}, static allUSR = 1, static anyUSR = 2, static anyGRP = 4, static usrGRP = 8, static noIPCK = 16, Next = 0x0}
...

As can be seen, the User and Grup do contain the correct values, but the null terminator is not respected.

As a result, strcpy in https://github.com/xrootd/xrootd/blob/master/src/XrdSecsss/XrdSecProtocolsss.cc#L688 fails and segfaults.

The questions is whether there is something on our side that we can do about this or that it is on the XRootD side of things.