To add fuel to the fire, if I use pw-sha2 libraries that were built on a
2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
generate SHA512/384 hashed passwords with no issues.  What should I be
looking for between the two platforms that might cause the core?

Thanks.

Kevin Martin

---


Regards,

Kevin Martin

On Tue, Oct 27, 2015 at 3:11 PM, <openldap-its@openldap.org> wrote:

>
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#8294.
>
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
>
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#8294)
> in the subject will automatically be attached to the issue report.
>
>         mailto:openldap-its@openldap.org?subject=(ITS#8294)
>
> You may follow the progress of this report by loading the following
> URL in a web browser:
>     http://www.OpenLDAP.org/its/index.cgi?findid=8294
>
> Please remember to retain your issue tracking number (ITS#8294)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
>
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
>
> OpenLDAP Software is user supported.
>         http://www.OpenLDAP.org/support/
>
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
>

ktmdms@gmail.com wrote:
> --089e0115ec1091312605232ac99f
> Content-Type: text/plain; charset=UTF-8
>
> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
> generate SHA512/384 hashed passwords with no issues.  What should I be
> looking for between the two platforms that might cause the core?

Strange that the kernel would make any difference - more likely it's your C 
compiler making the difference.

I ran a test on one machine and got an abort in glibc saying there was a stack 
overrun. On a different machine I got no such error, and running on the 
problem system under valgrind produced no errors.

On the machine that aborted, when I compiled with gcc -fstack-protector-all, 
the glibc abort disappeared as well. So, this hasn't helped me identify the 
problem yet. (gcc 4.8.4-2ubuntu1~14.04)

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Howard Chu wrote:
> ktmdms@gmail.com wrote:
>> --089e0115ec1091312605232ac99f
>> Content-Type: text/plain; charset=UTF-8
>>
>> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
>> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
>> generate SHA512/384 hashed passwords with no issues.  What should I be
>> looking for between the two platforms that might cause the core?
>
> Strange that the kernel would make any difference - more likely it's your C
> compiler making the difference.

I may have misread your message. If the same binary works on a newer system, 
that tends to imply something weird in the runtime environment. Perhaps a 
problem with ASLR.

> I ran a test on one machine and got an abort in glibc saying there was a stack
> overrun. On a different machine I got no such error, and running on the
> problem system under valgrind produced no errors.
>
> On the machine that aborted, when I compiled with gcc -fstack-protector-all,
> the glibc abort disappeared as well. So, this hasn't helped me identify the
> problem yet. (gcc 4.8.4-2ubuntu1~14.04)
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

adding the -fstack-protector-all option to the compile of the pw-sha2 on
the 3.18 machine and recompiling just the pw-sha2 appears to have fixed the
issue.

Regards,

Kevin Martin



---


Regards,

Kevin Martin

On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu <hyc@symas.com> wrote:

> Howard Chu wrote:
>
>> ktmdms@gmail.com wrote:
>>
>>> --089e0115ec1091312605232ac99f
>>> Content-Type: text/plain; charset=UTF-8
>>>
>>> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
>>> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
>>> generate SHA512/384 hashed passwords with no issues.  What should I be
>>> looking for between the two platforms that might cause the core?
>>>
>>
>> Strange that the kernel would make any difference - more likely it's your
>> C
>> compiler making the difference.
>>
>
> I may have misread your message. If the same binary works on a newer
> system, that tends to imply something weird in the runtime environment.
> Perhaps a problem with ASLR.
>
>
> I ran a test on one machine and got an abort in glibc saying there was a
>> stack
>> overrun. On a different machine I got no such error, and running on the
>> problem system under valgrind produced no errors.
>>
>> On the machine that aborted, when I compiled with gcc
>> -fstack-protector-all,
>> the glibc abort disappeared as well. So, this hasn't helped me identify
>> the
>> problem yet. (gcc 4.8.4-2ubuntu1~14.04)
>>
>>
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

ktmdms@gmail.com wrote:
> --001a11c39c4eeea62d05232d4fc9
> Content-Type: text/plain; charset=UTF-8
>
> adding the -fstack-protector-all option to the compile of the pw-sha2 on
> the 3.18 machine and recompiling just the pw-sha2 appears to have fixed the
> issue.

Using -fstack-protector-all wasn't intended to fix the issue, it was intended 
to make the cause more visible. Instead it has hidden it. Needless to say, 
that's not an acceptable resolution for us.
>
> Regards,
>
> Kevin Martin
>
>
>
> ---
>
>
> Regards,
>
> Kevin Martin
>
> On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu <hyc@symas.com> wrote:
>
>> Howard Chu wrote:
>>
>>> ktmdms@gmail.com wrote:
>>>
>>>> --089e0115ec1091312605232ac99f
>>>> Content-Type: text/plain; charset=UTF-8
>>>>
>>>> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
>>>> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
>>>> generate SHA512/384 hashed passwords with no issues.  What should I be
>>>> looking for between the two platforms that might cause the core?
>>>>
>>>
>>> Strange that the kernel would make any difference - more likely it's your
>>> C
>>> compiler making the difference.
>>>
>>
>> I may have misread your message. If the same binary works on a newer
>> system, that tends to imply something weird in the runtime environment.
>> Perhaps a problem with ASLR.
>>
>>
>> I ran a test on one machine and got an abort in glibc saying there was a
>>> stack
>>> overrun. On a different machine I got no such error, and running on the
>>> problem system under valgrind produced no errors.
>>>
>>> On the machine that aborted, when I compiled with gcc
>>> -fstack-protector-all,
>>> the glibc abort disappeared as well. So, this hasn't helped me identify
>>> the
>>> problem yet. (gcc 4.8.4-2ubuntu1~14.04)
>>>
>>>
>>
>> --
>>    -- Howard Chu
>>    CTO, Symas Corp.           http://www.symas.com
>>    Director, Highland Sun     http://highlandsun.com/hyc/
>>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>>
>
> --001a11c39c4eeea62d05232d4fc9
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">adding the -fstack-protector-all option to the compile of =
> the pw-sha2 on the 3.18 machine and recompiling just the pw-sha2 appears to=
>   have fixed the issue.<div><br></div><div>Regards,</div><div><br></div><div=
>> Kevin Martin<br><div><br></div><div><br></div></div></div><div class=3D"gm=
> ail_extra"><br clear=3D"all"><div><div class=3D"gmail_signature"><div dir=
> =3D"ltr">---<div><span style=3D"font-size:12.8px"><br></span></div><div><sp=
> an style=3D"font-size:12.8px"><br></span></div><div><span style=3D"font-siz=
> e:12.8px">Regards,</span></div><div><div><br></div><div>Kevin Martin</div><=
> /div></div></div></div>
> <br><div class=3D"gmail_quote">On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu =
> <span dir=3D"ltr">&lt;<a href=3D"mailto:hyc@symas.com" target=3D"_blank">hy=
> c@symas.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" styl=
> e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span c=
> lass=3D"">Howard Chu wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> <a href=3D"mailto:ktmdms@gmail.com" target=3D"_blank">ktmdms@gmail.com</a> =
> wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> --089e0115ec1091312605232ac99f<br>
> Content-Type: text/plain; charset=3DUTF-8<br>
> <br>
> To add fuel to the fire, if I use pw-sha2 libraries that were built on a<br=
>>
> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can<b=
> r>
> generate SHA512/384 hashed passwords with no issues.=C2=A0 What should I be=
> <br>
> looking for between the two platforms that might cause the core?<br>
> </blockquote>
> <br>
> Strange that the kernel would make any difference - more likely it&#39;s yo=
> ur C<br>
> compiler making the difference.<br>
> </blockquote>
> <br></span>
> I may have misread your message. If the same binary works on a newer system=
> , that tends to imply something weird in the runtime environment. Perhaps a=
>   problem with ASLR.<div class=3D"HOEnZb"><div class=3D"h5"><br>
> <br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> I ran a test on one machine and got an abort in glibc saying there was a st=
> ack<br>
> overrun. On a different machine I got no such error, and running on the<br>
> problem system under valgrind produced no errors.<br>
> <br>
> On the machine that aborted, when I compiled with gcc -fstack-protector-all=
> ,<br>
> the glibc abort disappeared as well. So, this hasn&#39;t helped me identify=
>   the<br>
> problem yet. (gcc 4.8.4-2ubuntu1~14.04)<br>
> <br>
> </blockquote>
> <br>
> <br>
> -- <br>
> =C2=A0 -- Howard Chu<br>
> =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"=
> http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas=
> .com</a><br>
> =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland=
> sun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun.com/h=
> yc/</a><br>
> =C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p=
> roject/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/proje=
> ct/</a><br>
> </div></div></blockquote></div><br></div>
>
> --001a11c39c4eeea62d05232d4fc9--
>
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

changed notes
changed state Open to Release
moved from Incoming to Contrib

Fixed in master
Fixed in RE25
Fixed in RE24 (2.4.43)

changed notes
changed state Release to Closed