[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd segfault with -d-1 option when TLSCertificateFile in slapd.conf not found (ITS#1406)

Full_Name: Timothy N Murphy
Version: 2.0.15
OS: Solaris 2.7
Submission from: (NULL) (

Problem: Sementation fault
Binary: slapd
relevant options: -d-1 

I have a slapd which has been configured to offer TLS connections. When I ran
the program with the -d-1 option to switch on all debugging output the program
segfaulted (stack trace appended) 100% reproducably.

I discovered that the problem was due to an incorrect specification of the
TLSCCACertificateFile parameter in slapd.conf.  I had:

   TLSCACertificateFile    /usr/local/etc/open/ldap/server.pem

where the '/' between 'open' and 'ldap' is a typing mistake.

Correcting this mistake prevented the segfault.  Not using -d-1 also prevented
the segfault.

The stack trace indicates that a debugging function in libldap called
ldap_log_printf() is where the crash occurs.

Here are the last few lines of debug output prior to the segfault:

line 20 (sasl-secprops none	)
line 21 (sasl-host nan.bsg.net)
line 28 (pidfile		/usr/local/var/run/slapd.pid)
line 29 (argsfile	/usr/local/var/run/slapd.args)
line 42 (database	ldbm)
line 43 (suffix		"dc=nocompany,dc=com")
line 45 (rootdn		"uid=root,dc=nocompany,dc=com")
line 49 (rootpw		secret)
line 52 (directory	/usr/local/var/openldap-ldbm)
line 54 (index	objectClass	eq)
index objectClass 0x0004
line 56 (TLSCertificateFile      /usr/local/etc/openldap/server.pem)
line 57 (TLSCertificateKeyFile   /usr/local/etc/openldap/server.pem)
line 58 (TLSCACertificateFile    /usr/local/etc/open/ldap/server.pem)
TLS: PRNG not been seeded with enough data
Segmentation Fault (core dumped)


(gdb) bt
#0  0xfefb6f2c in strlen ()
#1  0xff001890 in _doprnt ()
#2  0xff003904 in vsnprintf ()
#3  0xbb04c in ldap_log_printf ()
#4  0xc1f80 in ldap_pvt_tls_init_def_ctx ()
#5  0x2ea18 in main ()