[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7207) Re-binding to a failed connection segfaults

Full_Name: Jan Synacek
Version: 2.4.30
OS: Fedora 16
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I've created a small reproducer, that calls ldap_sasl_interactive_bind_s after
it has been called once and failed, which causes a segfault.

I've traced this bug with gdb:
$ gdb ./reproducer

GNU gdb (GDB) Fedora (
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
Reading symbols from
(gdb) r
Starting program: /home/jsynacek/work/bz784989-openldap-rebinding/reproducer 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ldap_sasl_interactive_bind: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP localhost:636
ldap_new_socket: 7
ldap_prepare_socket: 7
ldap_connect_to_host: Trying ::1 636
ldap_pvt_connect: fd: 7 tm: -1 async: 0
TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory
TLS: error: connect - force handshake failure: errno 21 - moznss error -5938
TLS: can't connect: TLS error -5938:Encountered end of file.
bind failed: Can't contact LDAP server, retrying for fun and profit!
ldap_sasl_interactive_bind: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI

Program received signal SIGSEGV, Segmentation fault.
ldap_int_sasl_bind (ld=0x603130, dn=0x0, mechs=0x401a30 "GSSAPI", sctrls=0x0,
cctrls=0x0, flags=1, 
    interact=0x401660 <lutil_sasl_interact>, defaults=0x60cae0, result=0x0,
	msgid=0x7fffffffd88c) at ../../../libraries/libldap/cyrus.c:444
444                     oldctx = ld->ld_defconn->lconn_sasl_authctx;
(gdb) p ld->ldc->ldc_defconn 
$1 = (LDAPConn *) 0x0

If you set slapd to use TLS certs (uncomment the 'TLS*' lines in the config),
there is no segfault.

The reproducer and the config can be found here:
URL1: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/reproducer.c
URL2: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/cn=config.ldif