[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8294) slappasswd can use SHA256 for hash but not SHA384 or SHA512...segfault

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8294) slappasswd can use SHA256 for hash but not SHA384 or SHA512...segfault
From: ktmdms@gmail.com
Date: Wed, 28 Oct 2015 17:13:33 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

--001a11c39c4eeea62d05232d4fc9
Content-Type: text/plain; charset=UTF-8

adding the -fstack-protector-all option to the compile of the pw-sha2 on
the 3.18 machine and recompiling just the pw-sha2 appears to have fixed the
issue.

Regards,

Kevin Martin



---


Regards,

Kevin Martin

On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu <hyc@symas.com> wrote:

> Howard Chu wrote:
>
>> ktmdms@gmail.com wrote:
>>
>>> --089e0115ec1091312605232ac99f
>>> Content-Type: text/plain; charset=UTF-8
>>>
>>> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
>>> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
>>> generate SHA512/384 hashed passwords with no issues.  What should I be
>>> looking for between the two platforms that might cause the core?
>>>
>>
>> Strange that the kernel would make any difference - more likely it's your
>> C
>> compiler making the difference.
>>
>
> I may have misread your message. If the same binary works on a newer
> system, that tends to imply something weird in the runtime environment.
> Perhaps a problem with ASLR.
>
>
> I ran a test on one machine and got an abort in glibc saying there was a
>> stack
>> overrun. On a different machine I got no such error, and running on the
>> problem system under valgrind produced no errors.
>>
>> On the machine that aborted, when I compiled with gcc
>> -fstack-protector-all,
>> the glibc abort disappeared as well. So, this hasn't helped me identify
>> the
>> problem yet. (gcc 4.8.4-2ubuntu1~14.04)
>>
>>
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--001a11c39c4eeea62d05232d4fc9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">adding the -fstack-protector-all option to the compile of =
the pw-sha2 on the 3.18 machine and recompiling just the pw-sha2 appears to=
 have fixed the issue.<div><br></div><div>Regards,</div><div><br></div><div=
>Kevin Martin<br><div><br></div><div><br></div></div></div><div class=3D"gm=
ail_extra"><br clear=3D"all"><div><div class=3D"gmail_signature"><div dir=
=3D"ltr">---<div><span style=3D"font-size:12.8px"><br></span></div><div><sp=
an style=3D"font-size:12.8px"><br></span></div><div><span style=3D"font-siz=
e:12.8px">Regards,</span></div><div><div><br></div><div>Kevin Martin</div><=
/div></div></div></div>
<br><div class=3D"gmail_quote">On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu =
<span dir=3D"ltr">&lt;<a href=3D"mailto:hyc@symas.com"; target=3D"_blank">hy=
c@symas.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span c=
lass=3D"">Howard Chu wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<a href=3D"mailto:ktmdms@gmail.com"; target=3D"_blank">ktmdms@gmail.com</a> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
--089e0115ec1091312605232ac99f<br>
Content-Type: text/plain; charset=3DUTF-8<br>
<br>
To add fuel to the fire, if I use pw-sha2 libraries that were built on a<br=
>
2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can<b=
r>
generate SHA512/384 hashed passwords with no issues.=C2=A0 What should I be=
<br>
looking for between the two platforms that might cause the core?<br>
</blockquote>
<br>
Strange that the kernel would make any difference - more likely it&#39;s yo=
ur C<br>
compiler making the difference.<br>
</blockquote>
<br></span>
I may have misread your message. If the same binary works on a newer system=
, that tends to imply something weird in the runtime environment. Perhaps a=
 problem with ASLR.<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
I ran a test on one machine and got an abort in glibc saying there was a st=
ack<br>
overrun. On a different machine I got no such error, and running on the<br>
problem system under valgrind produced no errors.<br>
<br>
On the machine that aborted, when I compiled with gcc -fstack-protector-all=
,<br>
the glibc abort disappeared as well. So, this hasn&#39;t helped me identify=
 the<br>
problem yet. (gcc 4.8.4-2ubuntu1~14.04)<br>
<br>
</blockquote>
<br>
<br>
-- <br>
=C2=A0 -- Howard Chu<br>
=C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"=
http://www.symas.com"; rel=3D"noreferrer" target=3D"_blank">http://www.symas=
.com</a><br>
=C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland=
sun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun.com/h=
yc/</a><br>
=C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p=
roject/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/proje=
ct/</a><br>
</div></div></blockquote></div><br></div>

--001a11c39c4eeea62d05232d4fc9--

Prev by Date: Re: (ITS#8296) slapd suddenly crash when using syncprov
Next by Date: Re: (ITS#8294) slappasswd can use SHA256 for hash but not SHA384 or SHA512...segfault
Index(es):
- Chronological
- Thread