(ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication

[martin.bozic@gmail.com]

Full_Name: Martin Bozic
Version: 2.4.23
OS: CentOS 6.3
URL: http://pastebin.com/hkPEcBgw
Submission from: (NULL) (2001:1470:f800::370)


Hello,

I've come across a bug that it's not critical but bug none the less. When I'm
trying to modify olcTLSVerifyClient via ldapmodify slapd crashes (segmentation
fault).

Via EXTERNAL everything works without a hitch:

ldapmodify -Y EXTERNAL -H ldapi:///  << EOF
dn: cn=config
changetype: modify
replace: olcTLSVerifyClient
olcTLSVerifyClient: demand
EOF


Via TLS connection slapd crashes:

ldapmodify -x -H ldaps://ldap.test.com -D cn=admin,cn=config -W << EOF
dn: cn=config
changetype: modify
replace: olcTLSVerifyClient
olcTLSVerifyClient: never 
EOF


Configuration in cn=config:

dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/share/openldap-servers/slapd.conf.obsolete
olcConfigDir: /etc/openldap/slapd.d/
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcDisallows: bind_anon
olcGentleHUP: FALSE
olcIdleTimeout: 30
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 128
olcLogLevel: config stats shell filter
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noanonymous,noplain
olcSecurity: ssf=128
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/openldap/cacerts/ca.crt
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: /etc/openldap/cacerts/slapd.crt
olcTLSCertificateKeyFile: /etc/openldap/cacerts/slapd.key
olcTLSCipherSuite: HIGH:MEDIUM:-SSLv2
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0

The slapd debug log is pasted in the URL below.

Regards,
Martin Bozic