OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6880
Full headers

From: mro@rocam.com
Subject: SECURITY: ldap_free_urllist segfault
Compose comment
Download message
State:
1 replies: 1
2 followups: 1 2

Major security issue: yes  no

Notes:

Notification:


Date: Sun, 27 Mar 2011 02:50:57 +0000
From: mro@rocam.com
To: openldap-its@OpenLDAP.org
Subject: SECURITY: ldap_free_urllist segfault
Full_Name: Marcus Rottensteiner
Version: 2.4.24
OS: gentoo
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (188.20.205.34)


running a php program, openldap 2.4.24 has a problem in libldap_r-2.4.so.2

in conjunction with php 5.3 (tested 5.3.5 , 5.3.6) ?

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff39bcb4b in ldap_free_urllist () from /usr//lib/libldap-2.4.so.2
(gdb) backtrace
#0 0x00007ffff39bcb4b in ldap_free_urllist () from /usr//lib/libldap-2.4.so.2
#1 0x00007ffff1a60c1b in ?? () from /usr/lib64/libldap_r-2.4.so.2
#2 0x00007ffff1a4680e in ?? () from /usr/lib64/libldap_r-2.4.so.2
#3 0x0000000000000030 in ?? ()
#4 0x0000000000000000 in ?? ()

Reverting to openldap 2.4.23 does not cause a problem !

Since 2.4.24 without php intervention is running on other servers without a
problem at all until now, it seems, that this is related to php somehow... ?

dmesg-----------------
...
php[27915]: segfault at 500000000 ip 00007f4818d00b4b sp 00007fffb49a93c0 error
4 in libldap-2.4.so.2.6.0[7f4818cdf000+3f000]
php[28059]: segfault at 500000000 ip 00007f5e0f76db4b sp 00007fff678dc550 error
4 in libldap-2.4.so.2.6.0[7f5e0f74c000+3f000]
php[28061]: segfault at 500000000 ip 00007eff31d52b4b sp 00007fffe3dc1ca0 error
4 in libldap-2.4.so.2.6.0[7eff31d31000+3f000]
conftest[4700]: segfault at 1 ip 00000000004053c7 sp 00007fff6d614f40 error 4 in
conftest[400000+a2000]
conftest[17921]: segfault at 1 ip 00000000004053c7 sp 00007fff0bda5530 error 4
in conftest[400000+a2000]
php[24291]: segfault at 500000000 ip 00007f8626688b4b sp 00007fffe3aebd90 error
4 in libldap-2.4.so.2.6.0[7f8626667000+3f000]
php[24314]: segfault at 500000000 ip 00007f5ea231ab4b sp 00007fff2f5b3590 error
4 in libldap-2.4.so.2.6.0[7f5ea22f9000+3f000]
php[24876]: segfault at 500000000 ip 00007f441219bb4b sp 00007fff8dff7420 error
4 in libldap-2.4.so.2.6.0[7f441217a000+3f000]
...
dmesg-----------------

Followup 1

Download message
Date: Mon, 28 Mar 2011 11:28:09 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: mro@rocam.com, openldap-its@openldap.org
Subject: Re: (ITS#6880) SECURITY: ldap_free_urllist segfault
--On Sunday, March 27, 2011 2:50 AM +0000 mro@rocam.com wrote:

> Full_Name: Marcus Rottensteiner
> Version: 2.4.24
> OS: gentoo
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.20.205.34)
>
>
> running a php program, openldap 2.4.24 has a problem in libldap_r-2.4.so.2
>
> in conjunction with php 5.3 (tested 5.3.5 , 5.3.6) ?

Did you rebuild PHP against the new 2.4.24 libldap(_r)?  This would be 
required...

--Quanah



--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 2

Download message
Date: Tue, 29 Mar 2011 12:20:52 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#6880) SECURITY: ldap_free_urllist segfault
Forwarding this into the ITS system.  PHP was apparently re-linked against 
the new openldap build.

--Quanah

--On Tuesday, March 29, 2011 1:06 AM +0200 Marcus Rottensteiner 
<mro@rocam.com> wrote:

> yes, I did
>
> "emerge -eav system" and "emerge -eav world"
>
> Which I assume should do the trick.
>
> Also checking with revdep-rebuild
>
> said
>
> * Dynamic linking on your system is consistent... All done.
>
> I tried again right now to emerge openldap 2.4.24 and then again php.
> 5.3.6 -> segfault
>
> reverted back to 2.4.23 and recompiled php 5.3.6 --> no segfault
>
> this segfault  happens when calling
>
> /usr/bin/php -qC
> /var/www/egroupware_TRUNK/htdocs/egroupware/phpgwapi/cron/asyncservices.p
> hp [Domainname]
>
> any clues ?
>
>
> On 2011-03-28 20:28, Quanah Gibson-Mount wrote:
>> --On Sunday, March 27, 2011 2:50 AM +0000 mro@rocam.com wrote:
>>
>>> Full_Name: Marcus Rottensteiner
>>> Version: 2.4.24
>>> OS: gentoo
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (188.20.205.34)
>>>
>>>
>>> running a php program, openldap 2.4.24 has a problem in
>>> libldap_r-2.4.so.2
>>>
>>> in conjunction with php 5.3 (tested 5.3.5 , 5.3.6) ?
>>
>> Did you rebuild PHP against the new 2.4.24 libldap(_r)?  This would be
>> required...
>>
>> --Quanah
>>
>>
>>
>> --
>>
>> Quanah Gibson-Mount
>> Sr. Member of Technical Staff
>> Zimbra, Inc
>> A Division of VMware, Inc.
>> --------------------
>> Zimbra ::  the leader in open source messaging and collaboration



--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Reply 1

Resend
From: Howard Chu <openldap-its@OpenLDAP.org>
To: mro@rocam.com
Subject: Re: (ITS#6880) SECURITY: ldap_free_urllist segfault
Date: Thu Jun  9 01:41:44 2011
> Full_Name: Marcus Rottensteiner
> Version: 2.4.24
> OS: gentoo
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.20.205.34)
> 
> 
> running a php program, openldap 2.4.24 has a problem in libldap_r-2.4.so.2
> 
> in conjunction with php 5.3 (tested 5.3.5 , 5.3.6) ?
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff39bcb4b in ldap_free_urllist () from /usr//lib/libldap-2.4.so.2
> (gdb) backtrace
> #0 0x00007ffff39bcb4b in ldap_free_urllist () from
/usr//lib/libldap-2.4.so.2
> #1 0x00007ffff1a60c1b in ?? () from /usr/lib64/libldap_r-2.4.so.2
> #2 0x00007ffff1a4680e in ?? () from /usr/lib64/libldap_r-2.4.so.2
> #3 0x0000000000000030 in ?? ()
> #4 0x0000000000000000 in ?? ()
> 
> Reverting to openldap 2.4.23 does not cause a problem !

Your trace shows that both libldap and libldap_r are present. Your PHP is built
incorrectly. You cannot link both libraries into the same program; they are not
compatible. Closing this ITS.

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org