[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5561) SEGV using TLS/SASL



Lea Anthony wrote:
> The version I have does not have debugging info, however I was able to get hold of this backtrace:
>
>
> #0  0xb7b5bb05 in free () from /lib/libc.so.6
> #1  0xb7ac566e in _sasldb_getdata () from /usr/lib/sasl2/libsasldb.so.2
> #2  0xb7ac33d7 in sasldb_auxprop_lookup () from /usr/lib/sasl2/libsasldb.so.2
> #3  0xb7e2df6e in _sasl_auxprop_lookup () from /usr/lib/libsasl2.so.2
> #4  0xb7e2f6b4 in _sasl_canon_user () from /usr/lib/libsasl2.so.2
> #5  0xb7ac8425 in login_server_mech_step () from /usr/lib/sasl2/liblogin.so.2
> #6  0xb7e38567 in sasl_server_step () from /usr/lib/libsasl2.so.2
> #7  0x080a5c08 in ?? ()
> #8  0x08213c10 in ?? ()
> #9  0x082289fd in ?? ()
> #10 0x00000000 in ?? ()
>
> Looks like the bug is in libsasl2 ?

It seems so.

> ----- Original Message -----
> From: "Howard Chu"<hyc@symas.com>
> To: "lea anthony"<lea.anthony@meirion-dwyfor.ac.uk>
> Cc: openldap-its@openldap.org
> Sent: Tuesday, June 17, 2008 9:22:43 PM (GMT) Europe/London
> Subject: Re: (ITS#5561) SEGV using TLS/SASL
>
> lea.anthony@meirion-dwyfor.ac.uk wrote:
>> Full_Name: Lea Anthony
>> Version: 2.3.40
>> OS: Arch Linux
>> URL: http://pastebin.com/f6b680f22
>> Submission from: (NULL) (194.82.229.100)
>>
>>
>> I have TLS setup as follows:
>>
>> TLSCertificateFile /etc/openldap/certs/cert.pem
>> TLSCertificateKeyFile /etc/openldap/certs/key.pem
>> TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
>>
>> The server starts fine and doing "ldapsearch -x -ZZ" will do an anonymous bind
>> fine.
>>
>> However, doing "ldapsearch -ZZ" will cause a segfault on the server. The
>> pastebin URL contains the post SSL negotiation debug lines from "slapd -d -1".
>
> I'm unable to reproduce this crash. Please provide a stack trace.
>
> http://www.openldap.org/faq/data/cache/59.html
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/