OL 2.3.20 on Debian Sarge: SASL bind, segmentation fault

[Samuel Tran <stran@amnh.org>]

Hi All,

We are running OL 2.3.20 (+ Berkeley 4.2.52 & patches) on Debian Linux
Sarge servers. OL was compiled with Cyrus SASL support but we are not
using SASL yet.

When I ran an ldapsearch with SASL bind instead of using simple
authentication, I was expecting to get a error message like that:

ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in database


Instead I got a segmentation fault:

info-ldap-006:~# ldapsearch -H ldap://localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)


I compiled cyrus-sasl 2.1.21 with the following options:

    $ ./configure \
        --disable-cram --disable-otp --disable-anon \
        --without-pam --without-saslauthd \
        --enable-plain --enable-login \
        --enable-digest \
        --disable-gssapi \
        --with-gnu-ld \
        --with-plugindir=/usr/local/lib/sasl2 \
        --with-devrandom=/dev/random \
        --with-openssl=/usr/local/ssl


OL 2.3.20 was compiled with the following options:

    $ export CPPFLAGS="-I/usr/local/BerkeleyDB.4.2/include
-I/usr/local/ssl/include"
    $ export LDFLAGS="-L/usr/local/BerkeleyDB.4.2/lib
-L/usr/local/ssl/lib"
    $ ./configure \
        --prefix=/usr/local --sysconfdir=/etc \
        --enable-dynamic \
        --disable-ipv6 \
        --enable-slapd \
        --enable-crypt \
        --enable-spasswd \
        --enable-modules \
        --enable-rlookups \
        --enable-wrappers \
        --enable-bdb=mod \
        --enable-hdb=mod \
        --enable-monitor=mod \
        --disable-relay \
        --enable-overlays=mod \
        --with-cyrus-sasl \
        --with-tls


Here is my stack back trace:

stran@info-ldap-006:/usr/local/src/openldap-2.3.20/servers/slapd/.libs$
sudo gdb ./slapd
GNU gdb 6.3-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-linux"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".
      
(gdb) set width 70
(gdb) run -d 0 -f /etc/openldap/slapd.conf
Starting
program: /usr/local/src/openldap-2.3.20/servers/slapd/.libs/slapd -d 0
-f /etc/openldap/slapd.conf
[Thread debugging using libthread_db enabled]
[New Thread -1212804992 (LWP 26283)]
[New Thread -1284973648 (LWP 26286)]
[Thread -1284973648 (LWP 26286) exited]
[New Thread -1284973648 (LWP 26287)]
[New Thread -1293362256 (LWP 26288)]
[New Thread -1301750864 (LWP 26289)]
      
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1293362256 (LWP 26288)]
0xb7aa705a in __bam_defpfx () from /usr/lib/libdb3.so.3
(gdb) bt full
#0  0xb7aa705a in __bam_defpfx () from /usr/lib/libdb3.so.3
No symbol table info available.
#1  0xb7b432e2 in berkeleydb_open (utils=0x81cd8f0, conn=0x81ccbe0,
    rdwr=0, mbdb=0xb2e8b474) at db_berkeley.c:89
        path = 0xb7b44060 "/etc/sasldb2"
        ret = 0
        flags = 0
        cntxt = (void *) 0x81ccbe0
        getopt = (sasl_getopt_t *) 0xb7e8b030 <_sasl_conn_getopt>
#2  0xb7b434d5 in _sasldb_getdata (utils=0x81cd8f0,
    context=0x81ccbe0, auth_identity=0x81d28b0 "root",
    realm=0x81d2898 "info-ldap-006",
    propName=0xb7b54f78 "userPassword", out=0xb2e8b520 "",
    max_out=8192, out_len=0xb2e8b514) at db_berkeley.c:173
        result = 0
        key = 0x81d28c0 "root"
        key_len = 31
        dbkey = {data = 0x0, size = 0, ulen = 3001595096,
  dlen = 3085515871, doff = 136108272, flags = 136128648}
        data = {data = 0x81d28b0, size = 136128648, ulen = 0,
  dlen = 136231944, doff = 3001595096, flags = 3085921488}
        mbdb = (DB *) 0x81d28e8
#3  0xb7b413c3 in sasldb_auxprop_lookup (glob_context=0x0,
    sparams=0x81cd718, flags=0, user=0x81cd5f1 "root",
    ulen=136164012) at sasldb.c:113
        realname = 0xb7b54f78 "userPassword"
        userid = 0x81d28b0 "root"
        realm = 0x81d2898 "info-ldap-006"
        user_realm = 0x7361732f <Address 0x7361732f out of bounds>
        ret = 1935766319
        to_fetch = (const struct propval *) 0x7361732f
        cur = (const struct propval *) 0x81db2ac
        value = '\0' <repeats 468 times>, "ÈÀ··L·è²<+ï·Ô\200¸·O\bÍ·\000
\000\000\000\000\000\000\0006\bÍ· ", '\0' <repeats 15 times>, "\226
\201¸·8/¸·8¤··èéÌ·\017\000\000\000È`··\230d·· \034ð·\\>ê·Î
\006Í·ä·è²¿4ï·Î\006Í·y:<\ahÿÌ· ·è²P¡î·\f\000\000\000\230d··\000\000\000
\000\001\000\000\000 ·è²", '\0' <repeats 16 times>, "y:<\a\034¸è²À<ê·
\000\000\000\000\000\000\000\000ÈÀ··èéÌ·", '\0' <repeats 44 times>,
"\030\001Í·,¸è²<+ï"...
---Type <return> to continue, or q <return> to quit---
        value_len = 778595949
        user_buf = 0x81d2888 "root"
#4  0xb7e863cb in _sasl_auxprop_lookup (sparams=0x81cd718, flags=0,
    user=0x81cd5f1 "root", ulen=4) at auxprop.c:870
        getopt = (sasl_getopt_t *) 0xb7e8b030 <_sasl_conn_getopt>
        ret = 1935766319
        found = 1
        context = (void *) 0x81ccbe0
        plist = 0x0
        ptr = (auxprop_plug_list_t *) 0x813f770
#5  0xb7e86b5b in _sasl_canon_user (conn=0x81ccbe0,
    user=0x81cd5f1 "root", ulen=4, flags=1, oparams=0x81cd440)
    at canonusr.c:190
        ptr = (canonuser_plug_list_t *) 0x0
        sconn = (sasl_server_conn_t *) 0x81ccbe0
        cconn = (sasl_client_conn_t *) 0x0
        cuser_cb = (
    sasl_canon_user_t *) 0x80ab950 <slap_sasl_canonicalize>
        getopt = (sasl_getopt_t *) 0xb7e8b030 <_sasl_conn_getopt>
        context = (void *) 0x81ccbe0
        result = 1935766319
        plugin_name = 0xb7e93fbf "INTERNAL"
        user_buf = 0x81cd5f1 "root"
        lenp = (unsigned int *) 0x81cd450
#6  0xb7b4f6fe in digestmd5_server_mech_step2 (stext=0x81cd9f0,
    sparams=0x81cd718, clientin=0x0, clientinlen=3001603824,
    serverout=0x7361732f, serveroutlen=0x7361732f, oparams=0x81cd440)
    at digestmd5.c:2281
        name = 0x81d27cb "response"
        value = 0x81d27d4 "b4cbec304a43db0b244e5ec38454301c"
        sec = (sasl_secret_t *) 0x0
        result = 0
        serverresponse = 0x0
        username = 0x81d2800 "root"
        authorization_id = 0x0
        realm = 0x81d2810 "info-ldap-006"
        nonce = (
    unsigned char *) 0x81ec610 "higdckAr1KQoAwz+USgrgBdJISri6awiQ
+LcfMW7wNw="
---Type <return> to continue, or q <return> to quit---
        cnonce = (
    unsigned char *) 0x81ec4a0
"XyQhQZ0Ek6Z7qTknAoEYC55pW/V8uba2M6zuvlExTNU="
        noncecount = 1
        qop = 0x81d2828 "auth-conf"
        digesturi = 0x81d2848 "ldap/info-ldap-006"
        response = 0x81d2860 "b4cbec304a43db0b244e5ec38454301c"
        client_maxbuf = 65536
        maxbuf_count = 1
        charset = 0x0
        cipher = 0x81d2838 "rc4"
        n = 0
        Secret = "\000\000\000\000\000 î·P×è²£jï·\234"
        password_request = {0xb7b54f77 "*userPassword",
  0xb7b54f85 "*cmusaslsecretDIGEST-MD5", 0x0}
        auxprop_values = {{name = 0x0, values = 0x0,
    nvalues = 237566880, valsize = 3085869056}, {
    name = 0x804fa08 "sasl_server_step", values = 0x643fb4b,
    nvalues = 3085869056, valsize = 3082093430}}
        in_start = 0x81d26e8 "username"
        in = 0x81d27f4 ""
#7  0xb7e90a94 in sasl_server_step (conn=0x81ccbe0,
    clientin=0x81d25d0 "username=\"root\",realm=\"info-ldap-006\",nonce=
\"higdckAr1KQoAwz+USgrgBdJISri6awiQ+LcfMW7wNw=\",cnonce=
\"XyQhQZ0Ek6Z7qTknAoEYC55pW/V8uba2M6zuvlExTNU=
\",nc=00000001,qop=auth-conf,cipher=rc4,maxbuf=65536,diges"...,
clientinlen=268, serverout=0xb2e8d794,
    serveroutlen=0x1b0) at server.c:1411
        ret = 136127952
#8  0x080acfba in slap_sasl_bind (op=0x81d22f0, rs=0xb2e8d8b0)
    at sasl.c:1399
        ctx = (sasl_conn_t *) 0x81ccbe0
        response = {bv_len = 0, bv_val = 0x0}
        reslen = 0
        sc = 1
#9  0x08083eff in fe_op_bind (op=0x81d22f0, rs=0xb2e8d8b0)
    at bind.c:275
        mech = {bv_len = 10, bv_val = 0x81d25c2 "DIGEST-MD5"}
        bd = (BackendDB *) 0x8127160
#10 0x080832cf in do_bind (op=0x81d22f0, rs=0xb2e8d8b0) at bind.c:200
---Type <return> to continue, or q <return> to quit---
        ber = (BerElement *) 0x80df767
        version = 3
        method = 163
        mech = {bv_len = 10, bv_val = 0x81d25c2 "DIGEST-MD5"}
        dn = {bv_len = 0, bv_val = 0x81d25bc ""}
        tag = 1935766319
        be = (Backend *) 0x0
#11 0x08068a7f in connection_operation (ctx=0xb2e8d940,
    arg_v=0x81d22f0) at connection.c:1307
        rc = 30
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0,
  sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0,
  sr_ctrls = 0x0, sr_un = {sru_sasl = {r_sasldata = 0x0},
    sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}, sru_search = {
      r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0,
      r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}}, sr_flags = 0}
        tag = 96
        opidx = 0
        conn = (Connection *) 0xb3733878
        memctx = (void *) 0x81cb8a8
        memctx_null = (void *) 0x0
#12 0xb7eafae8 in ldap_int_thread_pool_wrapper (xpool=0x813c360)
    at tpool.c:480
        ctx = (ldap_int_thread_ctx_t *) 0x81cbf98
        ltc_key = {{ltk_key = 0x80af490, ltk_data = 0x81cb8a8,
    ltk_free = 0x80af360 <slap_sl_mem_destroy>}, {
    ltk_key = 0x81ca430, ltk_data = 0xd,
    ltk_free = 0xb7a7d5b0 <bdb_locker_id_free>}, {ltk_key = 0x0,
    ltk_data = 0x0, ltk_free = 0} <repeats 30 times>}
        tid = 3001605040
        i = 136101784
        keyslot = 805
        hash = 432
#13 0xb7cb0b63 in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#14 0xb7c4f18a in clone () from /lib/tls/libc.so.6
No symbol table info available.

Any ideas?

Thanks in advance.
Sam