Issue 8492 - signal 11 in ldap_new_connection
Summary: signal 11 in ldap_new_connection
Status: VERIFIED SUSPENDED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.40
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-02 06:19 UTC by htjain@sandvine.com
Modified: 2020-03-22 23:21 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description htjain@sandvine.com 2016-09-02 06:19:40 UTC
Full_Name: hemant jain
Version: openldap-2.4.40-8
OS: RHEL 7.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (123.63.202.166)


Hi,

We are facing a strange core dump in ldap_new_connection function while trying
to bind a stopped Openldap server.

following is the stack trace:

#0  0x00007f9336898f53 in ldap_new_connection (ld=ld@entry=0x7f931f43cd60,
srvlist=srvlist@entry=0x7f931f48b298, use_ldsb=use_ldsb@entry=1,
connect=connect@entry=1, bind=bind@entry=0x0, m_req=m_req@entry=0,
m_res=m_res@entry=0)
    at request.c:481
#1  0x00007f933688530f in ldap_open_defconn (ld=ld@entry=0x7f931f43cd60) at
open.c:41
#2  0x00007f933689a248 in ldap_send_initial_request (ld=ld@entry=0x7f931f43cd60,
msgtype=msgtype@entry=96, dn=dn@entry=0x7f931f827718
"cn=Manager,dc=test,dc=com", ber=ber@entry=0x7f931f457150, msgid=msgid@entry=1)
at request.c:130
#3  0x00007f933688f178 in ldap_sasl_bind (ld=0x7f931f43cd60, dn=0x7f931f827718
"cn=Manager,dc=test,dc=com", mechanism=<optimized out>, cred=0x7f931f4296b0,
sctrls=0x0, cctrls=<optimized out>, msgidp=0x7f92243ed8dc) at sasl.c:148
#4  0x00007f9340f571da in ldap::Connection::Bind
(this=this@entry=0x7f931c043478, msg_id=@0x7f92243ed98c: -1) at
support/ldapconnection.cpp



I have installed corresponding debug rpm for Openldap library.
Following the source info. core dump is coming at line 481 of request.c
file.
A%A
for ( srvp = srvlist; *srvp != NULL; srvp = &(*srvp)->lud_next ) // Here srvp is
NULL so *srvp dumping core.

if ( connect ) {
    LDAPURLDesc   **srvp, *srv = NULL;

    async = LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_CONNECT_ASYNC );

    for ( srvp = srvlist; *srvp != NULL; srvp = &(*srvp)->lud_next ) {
        int       rc;

        rc = ldap_int_open_connection( ld, lc, *srvp, async );
        if ( rc != -1 ) {
            srv = *srvp;

            if ( ld->ld_urllist_proc && ( !async || rc != -2 ) ) {
                ld->ld_urllist_proc( ld, srvlist, srvp, ld->ld_urllist_params
);
            }

            break;
        }
    }                                                                           
   


Any idea how to fix it ?
Comment 1 htjain@sandvine.com 2016-09-02 06:35:28 UTC
After some more debugging looks like ld->ldc->ldc_options.ldo_defludp variable is causing this issue, its null when its passed to ldap_new_connection.
How does it populated?

(gdb) p ld->ldc->ldc_options
$13 = {ldo_valid = 255, ldo_debug = 0, ldo_version = 3, ldo_deref = 0, ldo_timelimit = 0, ldo_sizelimit = 0, ldo_tm_api = {tv_sec = -1, tv_usec = 0}, ldo_tm_net = {tv_sec = 5, tv_usec = 0}, ldo_defludp = 0x0, ldo_defport = 389,
  ldo_defbase = 0x0, ldo_defbinddn = 0x0, ldo_keepalive_idle = 0, ldo_keepalive_probes = 0, ldo_keepalive_interval = 0, ldo_refhoplimit = 5, ldo_sctrls = 0x0, ldo_cctrls = 0x0, ldo_rebind_proc = 0x0, ldo_rebind_params = 0x0,
  ldo_nextref_proc = 0x0, ldo_nextref_params = 0x0, ldo_urllist_proc = 0x0, ldo_urllist_params = 0x0, ldo_conn_cbs = 0x0, ldo_booleans = 34, ldo_peer = 0x0, ldo_cldapdn = 0x0, ldo_is_udp = 0, ldo_tls_ctx = 0x0,
  ldo_tls_connect_cb = 0x0, ldo_tls_connect_arg = 0x0, ldo_tls_info = {lt_certfile = 0x0, lt_keyfile = 0x0, lt_dhfile = 0x0, lt_cacertfile = 0x0, lt_cacertdir = 0x0, lt_ciphersuite = 0x0, lt_crlfile = 0x0, lt_randfile = 0x0,
    lt_protocol_min = 0}, ldo_tls_mode = 0, ldo_tls_require_cert = 2, ldo_tls_impl = 0, ldo_tls_crlcheck = 0, ldo_def_sasl_mech = 0x0, ldo_def_sasl_realm = 0x0, ldo_def_sasl_authcid = 0x0, ldo_def_sasl_authzid = 0x0,
  ldo_sasl_secprops = {min_ssf = 0, max_ssf = 2147483647, maxbufsize = 16777215, security_flags = 17, property_names = 0x0, property_values = 0x0}}
(gdb) p ld->ldc->ldc_options.ldo_defludp
$14 = (LDAPURLDesc *) 0x0

-----Original Message-----
From: openldap-its@OpenLDAP.org [mailto:openldap-its@OpenLDAP.org] 
Sent: Friday, September 2, 2016 11:50 AM
To: Hemant Jain
Subject: Re: (ITS#8492) signal 11 in ldap_new_connection


*** THIS IS AN AUTOMATICALLY GENERATED REPLY ***

Thanks for your report to the OpenLDAP Issue Tracking System.  Your report has been assigned the tracking number ITS#8492.

One of our support engineers will look at your report in due course.
Note that this may take some time because our support engineers are volunteers.  They only work on OpenLDAP when they have spare time.

If you need to provide additional information in regards to your issue report, you may do so by replying to this message.  Note that any mail sent to openldap-its@openldap.org with (ITS#8492) in the subject will automatically be attached to the issue report.

	mailto:openldap-its@openldap.org?subject=(ITS#8492)

You may follow the progress of this report by loading the following URL in a web browser:
    http://www.OpenLDAP.org/its/index.cgi?findid=8492

Please remember to retain your issue tracking number (ITS#8492) on any further messages you send to us regarding this report.  If you don't then you'll just waste our time and yours because we won't be able to properly track the report.

Please note that the Issue Tracking System is not intended to be used to seek help in the proper use of OpenLDAP Software.
Such requests will be closed.

OpenLDAP Software is user supported.
	http://www.OpenLDAP.org/support/

--------------
Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.


Comment 2 Quanah Gibson-Mount 2016-09-02 15:04:26 UTC
--On Friday, September 02, 2016 7:35 AM +0000 htjain@sandvine.com wrote:

> After some more debugging looks like ld->ldc->ldc_options.ldo_defludp
> varia= ble is causing this issue, its null when its passed to
> ldap_new_connection. How does it populated?

Please confirm your encounter the issue with a current release.  2.4.40 and 
2.4.41 both had significant issues.

--Quanah



--

Quanah Gibson-Mount

Comment 3 Quanah Gibson-Mount 2017-03-17 20:49:44 UTC
moved from Incoming to Software Bugs
Comment 4 Quanah Gibson-Mount 2020-03-22 23:21:17 UTC
Suspending, no follow up from end user