[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4180) slapd (back-sql) hangs/segfaults on SASL bind



On 22 Nov 2005 at 21:06, Pierangelo Masarati wrote:

> OK, something is definitely going on across the two calls to
> slap_sasl_canonicalize() that fills that field, but I have no clue.  At
> this point, I'd suspect libsasl2 itself, because I don't see any strange
> behavior in slapd, either with gdb or with memory check tools.
> Something is polluting that "*slapAuthzDN" with apparently spurious
> values.  Just out of curiosity, can you print those values with their
> real type, i.e.
> 
> (gdb) p auxvals[1].values[0]
> 
> which in libsasl2's intentions should be a string (while slapd forces it
> to be a pointer to a buffer that contains a struct berval)?

573             prop_getnames( props, slap_propnames, auxvals );
(gdb) p auxvals
$16 = {{name = 0x0, values = 0x0, nvalues = 0, valsize = 0}, {name = 0x0, 
    values = 0x0, nvalues = 0, valsize = 0}, {name = 0x0, values = 0x0, 
    nvalues = 0, valsize = 0}}
(gdb) n
574             if ( !auxvals[0].name )
(gdb) p auxvals
$17 = {{name = 0x811f224 "*slapConn", values = 0x90761b4, nvalues = 1, 
    valsize = 4}, {name = 0x811f22e "*slapAuthcDN", values = 0x90761bc, 
    nvalues = 1, valsize = 8}, {name = 0x811f23b "*slapAuthzDN", 
    values = 0x90761d4, nvalues = 1, valsize = 6}}
(gdb) p auxvals[1].values[0]
$18 = 0x9076612 "\035"
(gdb) p *((struct berval *)(((char **)0x90761bc)[0]))
$19 = {bv_len = 29, bv_val = 0xb6c9f7a8 "cn=nels lindquist,o=maei,c=ca"}
(gdb) p *((struct berval *)(((char **)0x90761d4)[0]))
$20 = {bv_len = 1685217607, 
  bv_val = 0x47006e65 <Address 0x47006e65 out of bounds>}

> The next step, assuming there's some buffer overflow somewhere, would be
> to run slapd under valgrind or some other memory checker tool.

Some other odd things I noticed which may or may not provide clues:

When using a MySQL DSN for slapd-sql, the SASLv2 configuration file 
is /usr/lib/sasl2/Slapd.conf (note the capitalization) as you might 
expect.

When I switch to a PostgreSQL DSN for slapd-sql, Slapd.conf is 
ignored and the configuration file must be renamed slapd.conf.

The location of the password store doesn't seem to matter; ie, I can 
use either the MySQL database or the PostgreSQL database, and as long 
as the LDAP data is in MySQL, everything works.  When I switch to a 
postgres backend, it breaks regardless of whether the password store 
is in MySQL or PostgreSQL.

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.