[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8797) improper use of gnutls causes segfault
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8797) improper use of gnutls causes segfault
- From: ryan@nardis.ca
- Date: Mon, 15 Jan 2018 19:52:38 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
On Mon, Jan 15, 2018 at 07:33:52PM +0000, lukas@selfnet.de wrote:
>During initialization, libldap sets custom gnutls mutex functions:
>https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_g.c;h=adcb6be04076a91d3a0bf94cf8357f4e51f5b9da;hb=HEAD#l113
>
>PAM uses libldap via dlopen and unloads it when it's done, but openldap doesn't
>undo gnutls_global_set_mutex, so any further calls to locking functions inside
>openldap will segfault since these function pointers now point to nowhere since
>openldap is unloaded.
>
>I encountered this issue in cups since cups uses gnutls itself for the web
>interface and segfaults when it uses gnutls after libldap.
Thanks for this report.
This is not the first issue caused by our usage of the custom mutex
functions; see also <https://bugs.debian.org/803197>.
Removing the custom mutex functions and (for sufficiently recent GnuTLS)
the calls to gnutls_global_{,de}init() looks like a more and more
attractive solution. I am not aware of anyone using OpenLDAP with GnuTLS
on a platform for which GnuTLS lacks built-in mutex functions...