Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in Python Development Mode #360

Closed
Anthchirp opened this issue Jun 15, 2023 · 1 comment
Closed

Segmentation fault in Python Development Mode #360

Anthchirp opened this issue Jun 15, 2023 · 1 comment

Comments

@Anthchirp
Copy link

When running .get_sp_metadata() with the additional runtime checks of the Python Development Mode the interpreter crashes with a segmentation fault.

Expected output

$ python boom.py
This is fine.

Observed output

$ PYTHONDEVMODE=1 python boom.py
Debug memory block at address p=0x560098099e80: API '!'
    0 bytes originally requested
    The 7 pad bytes at p-7 are not all FORBIDDENBYTE (0xfd):
        at p-7: 0x00 *** OUCH
        at p-6: 0x00 *** OUCH
        at p-5: 0x00 *** OUCH
        at p-4: 0x00 *** OUCH
        at p-3: 0x00 *** OUCH
        at p-2: 0x00 *** OUCH
        at p-1: 0x00 *** OUCH
    Because memory is corrupted at the start, the count of bytes requested
       may be bogus, and checking the trailing pad bytes may segfault.
    The 8 pad bytes at tail=0x560098099e80 are not all FORBIDDENBYTE (0xfd):
        at tail+0: 0x10 *** OUCH
        at tail+1: 0x29 *** OUCH
        at tail+2: 0x77 *** OUCH
        at tail+3: 0x7b *** OUCH
        at tail+4: 0x92 *** OUCH
        at tail+5: 0x7f *** OUCH
        at tail+6: 0x00 *** OUCH
        at tail+7: 0x00 *** OUCH

Enable tracemalloc to get the memory block allocation traceback

Fatal Python error: _PyMem_DebugRawFree: bad ID: Allocated using API '!', verified using API 'm'
Python runtime state: initialized

Current thread 0x00007f927bfd1000 (most recent call first):
  File "/usr/local/lib/python3.10/dist-packages/onelogin/saml2/utils.py", line 763 in add_sign
  File "/usr/local/lib/python3.10/dist-packages/onelogin/saml2/metadata.py", line 216 in sign_metadata
  File "/usr/local/lib/python3.10/dist-packages/onelogin/saml2/settings.py", line 740 in get_sp_metadata
  File "boom.py", line 128 in <module>

Extension modules: lxml._elementpath, lxml.etree, xmlsec (total: 3)
Aborted

Environment

I'm running on Ubuntu 22.04 with system python 3.10.6 and python3-saml 1.15.0.

pip list

Package            Version
------------------ -------------
blinker            1.4
chardet            4.0.0
cryptography       3.4.8
devscripts         2.22.1ubuntu1
dh-virtualenv      1.2.2
distro             1.7.0
httplib2           0.20.2
importlib-metadata 4.6.4
isodate            0.6.1
jeepney            0.7.1
keyring            23.5.0
launchpadlib       1.10.16
lazr.restfulclient 0.14.4
lazr.uri           1.0.6
lxml               4.9.2
more-itertools     8.10.0
netifaces          0.11.0
oauthlib           3.2.0
pip                22.0.2
PyGObject          3.42.1
PyJWT              2.3.0
pyparsing          2.4.7
python-apt         2.4.0+ubuntu1
python-debian      0.1.43ubuntu1
python3-saml       1.15.0
SecretStorage      3.3.1
setuptools         59.6.0
six                1.16.0
supervisor         4.2.1
VapourSynth        54
wadllib            1.3.6
wheel              0.37.1
xmlsec             1.3.13
zipp               1.0.0

boom.py:

from onelogin.saml2.settings import OneLogin_Saml2_Settings

s = {
    "contactPerson": {
        "support": {
            "emailAddress": "support@wibble.example",
            "givenName": "Supporty McSupportFace",
        }
    },
    "debug": False,
    "organization": {
        "en-GB": {
            "displayname": "Wibble Ltd",
            "name": "Wibble Ltd",
            "url": "https://wibble.example",
        }
    },
    "security": {
        "authnRequestsSigned": True,
        "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256",
        "failOnAuthnContextMismatch": True,
        "logoutRequestSigned": True,
        "logoutResponseSigned": True,
        "nameIdEncrypted": True,
        "requestedAuthnContext": False,
        "signMetadata": True,
        "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
        "wantAssertionsEncrypted": True,
        "wantAssertionsSigned": True,
        "wantMessagesSigned": True,
        "wantNameId": True,
        "wantNameIdEncrypted": True,
    },
    "sp": {
        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
        "assertionConsumerService": {
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
            "url": "https://pam.wibble.example/ui/saml/acs",
        },
        "entityId": "My PAM Service",
        "privateKey": "\n"
        "MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDqEWzpkO1f+FyN\n"
        "PWMEdkmeDdImLzigB+csutW1i0Kq8RXLSKhsKFmvSXywCPkoN9GIpfvbv+uKxAXc\n"
        "0jJlf1KKiifiWZYqm2ZgFuw3GcKBQaF+yJORe+2qdcqp75i+DMZ+vsUwKpwbp2SH\n"
        "+hZ/NRwiUAoNyQ7DR1v7z8kJxcOKihWJcbvNassQF8A5PPMPi0ubHOdLXxq1bg5u\n"
        "uDZDEFf8W2b4yUk39HpmcuRgL/nlpn6V8OtpdaV+XQk7eB8Veh2jpVVzqGgW4FFn\n"
        "1Gn90jYWh6B0pgGBGCPZVDCu5Wa+4hVkbNrEHwdCbI4cTUJnae4o02WcFJZyBPUJ\n"
        "kPowdY5k3/zNW/NWj9URY8hTEHARdh3v/jeqVWIdgoHFjnGtp7Z5aw8+SyXxgfOS\n"
        "cIjUxc2DGcfAw6nhYWOnGn8/0H67KmKY+vFPzpNiwbG5KdNjJJLLKSnPVGP4YEbc\n"
        "xWC5i77YHckZd3aLh8KEH2PgmsvYxTK6+thAuiBMEAcLZpHkS4KqU96LvjVL4SF3\n"
        "sBwTI74L+wL5Zgn9j5lx0x4nhnaUn2IRLyFNlrGuoT2/0NEGfbOyNhSP9NEKfEzS\n"
        "G1IPvojS5oP+itJ/3tFDvKCZlvLId7xWkzIdvNGFVpS2wPNc8WALQsv74velILLb\n"
        "Z9dHn5LLQrU/pD6jIdrq8+k27RWY6wIDAQABAoICAQClsrRBHCGOgMk0CzLfY8V1\n"
        "qB8OfPs+/pk+Zv0GyZDmZkihYcwo1N+4YPNtwsxvFiS08Zu70r8xutbTndGjXGDY\n"
        "Rjk52WWev+fXOiL6VrgEvKtQjzk4El0LANv5NO4SDAUwkGgTUvaz9OoMAJSQdM53\n"
        "0+VqINzcjNWnC08sJd3pYxsf822ZW3Jo8AdZ/bWrWVaqdemex7KmoUSCSNHQ4+8F\n"
        "bMcWc5frjpxfjhHxrcTgN98A0k40l94R+FaizMRkddApms9FUwBswVuffxWRY5B6\n"
        "noSOTz5dXvNx1FGqXidAFdhDAXRUxgpjkWmAy4iooKrCJ/SUa1adXLkCjqkuSOoF\n"
        "UFBocp3uiO/G2ypIRcP/EaoV+JHzDsNly+CnWsuPgVVU82BxxmexzlU2Kh9WGOcT\n"
        "Jpo064UQcs2SFckR/Ky7h5tCO789W1ohiFEQBVwmSUf5mqOGUdM2vk4Xe4etPcKM\n"
        "3mqZioV/g9su6LCKlahx4UiqmTrsdScxSc/4XwpOnNhEkS6Y3qvjt0voNWZTkhLv\n"
        "lVld05ttLhNsOytydWVSRphVGoOz0c1r1eLmo2bVflaXWPlkDcgtxlWyBMijxOJt\n"
        "IjkLjF3jWA2AqDPa//YGEC5MtvdMT+VNmUcb2LsE7+7VWkyIq+EMLvkTgwHV3RMN\n"
        "8GEgv/kP0ZOAObItYpX8AQKCAQEA/0woDI8BPwmpY1UvI90FG4dIS2pFjubG33+/\n"
        "DSuvIV2TUIysPElaSCBexyCsHSXMv28qMc2fjHci1XY5Rk63Om758B/LMiq7UXEe\n"
        "jBvxOMcRIMYKKCM5Q5r85Uw3kBzigplHHrk1eKkj87nNuUjYyUUYiRdHiXcgYeey\n"
        "OqiQXIUKOfDlr6TKgQNYyegYfN/spc25odMaOoEJne7AztG1QblyKOiLVQJ1avs0\n"
        "G3OaRjRaLjbAHAxRk5ALboNOhyVYB2YewhYG5coN6rk+RJuBGmnwsNWjTF9JMGbQ\n"
        "ssgimO+7KCmd9+8vgRnnBDsKkrHZlFXSbW1SVDkk3pZulbCD6wKCAQEA6rZQYhWs\n"
        "ieSDm8B42F29fj042aNcJCyVRQBldgMBLfS/E6CBLfEVT52FOIX3Mc2N3StVINpN\n"
        "0UVZ0W1/auLAeRGHio/ezd/kZfxVfu+9utmghoB6+JMG8ogbuaK5J5FYzXr5+Gxo\n"
        "3iPVX2SHilgsECHKeN/l0la9sNSRZ6rKDjqAsjTXTZvChmGY0+ng75pA4WRVNDBZ\n"
        "tNFHZ9/3gPwAulW7bRJrEIjjANS/H4LfqC9E3/ILzGKG+AOXcE4d/KHgfJN5XPOc\n"
        "C5Mp6e/nJctatZiafxfZlZK6OzARB7JxFAzqmbxGGa7yZTMUWUBN9p07sOqKADDg\n"
        "cXESyYxwcnr/AQKCAQEAiFVtFbfQnI9WS9uTvv0q2xaVfuCToMqQ7Y3Uwv3PGmxU\n"
        "XTGiUNeDRP00X/aMs0waWSjOSaZbS7Hbgk8OKwOiSaw2AQuZgYLcYZOdEolhekak\n"
        "WPIpPmIBFJ9R6kmXanhiZgfguQGDEpqQvnk86XODgYhKn/s0kq5xNpd60GRwI1hQ\n"
        "q7x/jBreoaLd6YTuftE+GRURyt9nJFMAhbyYbloDB8Q2uK3mqlETzzuzCe3kNxWC\n"
        "Cyfl05Sog7rqv+uTJgzFQ74/Mrp8mH4cjHq8S/sXKLnmdSjBeelwtk5RqQfDohRz\n"
        "x/DhkSPEJJdmjRXSgaBEZzillRZKXvvdOpjvGTUYXQKCAQEA2npSYLrkHIdFqpmC\n"
        "44R+ex/p50yU3GdTmyM/TpaFZo3HvzFMjcM3nyB1faPV8dnxD8riNu5+OSpg7P0L\n"
        "+iaQGyIiFOzO7LxYEkbMHphy95bUQd8emHvjn6bqh+Xci+RT0RGD1aa0BvM8Dsu5\n"
        "DyH8AhgyLEnd1+k+MXfs0Z687nmuijN9ppQygnwekkPGScJAWo3Wcfn/xrx3x01H\n"
        "Sh1JYCmliWX3mzCQfZmLPn3ISvmVFxBrwxiDoiFVugg9CYh1OgDcm5V3z55xCX1y\n"
        "oE+mZBtk1KESvJQUHjwj3hJQB+XuCqSibA3ZPDJL4rhk2gaKJahsRLk6ct5aKpo7\n"
        "oZS0AQKCAQA2b+2z/Q3X57dRAQToChTJsRX0O7HtaB7Bp8s/MjCJyxbyNcoV8P7j\n"
        "w3ZEZzropvuQxKVpQ4iYE8rSNApJGjibx77ipRaF4VBxqnB6NG1fjJSQHrK1+a1S\n"
        "Zs88EQIB2AAelAMq9nFsDCaPkyUFNyll3sLlA9tIO5A7MBISM8sXf6ZuWD14ATIm\n"
        "JhjoE7zOogW4CoxXwVsP/Yvepuz2zV3K67ukdbBEG6eiWPO4X8E5TzPO30u5Q/CI\n"
        "OS3WvQXZMmtJrYW7XKn0IVHKD6+YmSNgkBQXz/R8+kCd/j766PyUMxtgj+Afc7R/\n"
        "dd2IcyGcFQ2sNMMUk0WPC3LuaRGcphwk",
        "x509cert": "\n"
        "MIIFZTCCA02gAwIBAgIUKKsfVuB0saLEGTx64T9KP+g33E4wDQYJKoZIhvcNAQEL\n"
        "BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE\n"
        "CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMDEwMDIxNTQ2MDFaFw0zMDA5MzAx\n"
        "NTQ2MDFaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa\n"
        "BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4IC\n"
        "DwAwggIKAoICAQDqEWzpkO1f+FyNPWMEdkmeDdImLzigB+csutW1i0Kq8RXLSKhs\n"
        "KFmvSXywCPkoN9GIpfvbv+uKxAXc0jJlf1KKiifiWZYqm2ZgFuw3GcKBQaF+yJOR\n"
        "e+2qdcqp75i+DMZ+vsUwKpwbp2SH+hZ/NRwiUAoNyQ7DR1v7z8kJxcOKihWJcbvN\n"
        "assQF8A5PPMPi0ubHOdLXxq1bg5uuDZDEFf8W2b4yUk39HpmcuRgL/nlpn6V8Otp\n"
        "daV+XQk7eB8Veh2jpVVzqGgW4FFn1Gn90jYWh6B0pgGBGCPZVDCu5Wa+4hVkbNrE\n"
        "HwdCbI4cTUJnae4o02WcFJZyBPUJkPowdY5k3/zNW/NWj9URY8hTEHARdh3v/jeq\n"
        "VWIdgoHFjnGtp7Z5aw8+SyXxgfOScIjUxc2DGcfAw6nhYWOnGn8/0H67KmKY+vFP\n"
        "zpNiwbG5KdNjJJLLKSnPVGP4YEbcxWC5i77YHckZd3aLh8KEH2PgmsvYxTK6+thA\n"
        "uiBMEAcLZpHkS4KqU96LvjVL4SF3sBwTI74L+wL5Zgn9j5lx0x4nhnaUn2IRLyFN\n"
        "lrGuoT2/0NEGfbOyNhSP9NEKfEzSG1IPvojS5oP+itJ/3tFDvKCZlvLId7xWkzId\n"
        "vNGFVpS2wPNc8WALQsv74velILLbZ9dHn5LLQrU/pD6jIdrq8+k27RWY6wIDAQAB\n"
        "o1MwUTAdBgNVHQ4EFgQUHQnq55Od+WoFik6TXYV9Id7ru0gwHwYDVR0jBBgwFoAU\n"
        "HQnq55Od+WoFik6TXYV9Id7ru0gwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B\n"
        "AQsFAAOCAgEACemRaRLsnDFcaoXGehXwl3Uvf0LfG4XTVpElj5xcnq59jSw9K0dH\n"
        "gH9EwBJM7Sz0omxQDP2J9Cx8La6mTCr31KcQ83CwRruzuNTO2kBGZ/nG+XJBWMlh\n"
        "HbPr8v/Uc1VxZbbASbBWZBiT6crywqtnaIwP16EX1o99GqDEp5tSJFzcdjVjInxm\n"
        "E89gEMODj3BcZqYdObCP14jZN5l2SJgMShxTTVi7se5ROPPbXd1XEpKo/t1MCbIH\n"
        "vbHfsZEJ/BBi+LyqpaFwhSPZXJ3YAQKxmPlqO6GaZxSSxsXPq8k7SS0Hz6DlLtgd\n"
        "T4GzCnAcUko8vxEaR/r5vNQPZfdlF26Son9gbyMW4vcQ3Z9lGria1Kx2SZqWbFwb\n"
        "LiXbBWxFPbxEqqmx+rVNMceO9lpob8fjxCBGMkB5X/ob1Y19tI9FNbRrq+f6ireo\n"
        "MmXlFUC6ZK0on6MaqcPTOBZugyMZWrq0zcgscL6GQkPlA2cHIOXP4OTyE83aLACA\n"
        "75Pq2Kaz2VZFJRmaAUQzDNlxqtmkpTpO7RT5gayHJnfQgBHdXYODnXoCX8yRa7eE\n"
        "lmkhlGlshxqYHSp+4wjx2f+yZbasxg9n/DbQ+2vYwrajgqhhH7Rak0KVUAq7OI2P\n"
        "sawivRIEFDvN3CBR8Iq8d6GkJ/lJ/6PWbxW6jH0sjqCpQ/g4ueguZzg=",
    },
}
settings = OneLogin_Saml2_Settings(settings=s, sp_validation_only=True)
metadata = settings.get_sp_metadata()
print("This is fine.")
@Anthchirp
Copy link
Author

This is not a python3-saml issue, it's an xmlsec problem. Reported upstream.

@taesungh taesungh mentioned this issue Dec 31, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Anthchirp