7868 – Sock overlay segfault when reading sockname from configfile

Issue 7868 - Sock overlay segfault when reading sockname from configfile

Summary: Sock overlay segfault when reading sockname from configfile

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.39
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-02 07:51 UTC by orcus@pwr.wroc.pl
Modified:	2014-12-11 01:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description orcus@pwr.wroc.pl 2014-06-02 07:51:10 UTC

Full_Name: Daniel Dobrijalowski
Version: 2.4.39
OS: 2.6.32-431.17.1.el6.centos.plus.x86_64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (156.17.1.3)


Hi,

servers/slapd/config.c:
line 477: if ( *(char **)ptr )
ptr is NULL so it triggers SIGSEGV
line: 461: ptr = c->bi->bi_private;
bi_private is NULL

My knowledge of openldap internals is to weak to find where and if bi_private
should be initialized in this case.

Steps to reproduce:
After downloading openldap-2.4.39 and configuring it with options:
./configure --prefix=/usr/ --enable-slapd --enable-overlays --enable-bdb
--enable-meta --enable-monitor --enable-sock --enable-crypt --enable-cleartext
--enable-ldap --with-tls=openssl --sysconfdir=/etc
I have added only slapo-sock related options at the end of default slapd.conf:
overlay sock
extensions peername
socketpath "/tmp/ldap.sock"
sockops bind
sockresps result

Comment 1 Howard Chu 2014-07-18 19:04:12 UTC

orcus@pwr.wroc.pl wrote:
> Full_Name: Daniel Dobrijalowski
> Version: 2.4.39
> OS: 2.6.32-431.17.1.el6.centos.plus.x86_64
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (156.17.1.3)
>
>
> Hi,

Thanks for the report. This crash is now fixed in git master, please test.
>
> servers/slapd/config.c:
> line 477: if ( *(char **)ptr )
> ptr is NULL so it triggers SIGSEGV
> line: 461: ptr = c->bi->bi_private;
> bi_private is NULL
>
> My knowledge of openldap internals is to weak to find where and if bi_private
> should be initialized in this case.
>
> Steps to reproduce:
> After downloading openldap-2.4.39 and configuring it with options:
> ./configure --prefix=/usr/ --enable-slapd --enable-overlays --enable-bdb
> --enable-meta --enable-monitor --enable-sock --enable-crypt --enable-cleartext
> --enable-ldap --with-tls=openssl --sysconfdir=/etc
> I have added only slapo-sock related options at the end of default slapd.conf:
> overlay sock
> extensions peername
> socketpath "/tmp/ldap.sock"
> sockops bind
> sockresps result
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 Howard Chu 2014-08-15 06:12:31 UTC

changed notes
changed state Open to Test
moved from Incoming to Software Bugs

Comment 3 Quanah Gibson-Mount 2014-12-11 01:00:22 UTC

changed notes
changed state Test to Release

Comment 4 OpenLDAP project 2014-12-11 01:12:16 UTC

fixed in master
fixed in RE25
fixed in RE24

Comment 5 Quanah Gibson-Mount 2014-12-11 01:12:16 UTC

changed notes
changed state Release to Closed