[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8294) slappasswd can use SHA256 for hash but not SHA384 or SHA512...segfault
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8294) slappasswd can use SHA256 for hash but not SHA384 or SHA512...segfault
- From: hyc@symas.com
- Date: Thu, 29 Oct 2015 02:07:51 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
ktmdms@gmail.com wrote:
> --001a11c39c4eeea62d05232d4fc9
> Content-Type: text/plain; charset=UTF-8
>
> adding the -fstack-protector-all option to the compile of the pw-sha2 on
> the 3.18 machine and recompiling just the pw-sha2 appears to have fixed the
> issue.
Using -fstack-protector-all wasn't intended to fix the issue, it was intended
to make the cause more visible. Instead it has hidden it. Needless to say,
that's not an acceptable resolution for us.
>
> Regards,
>
> Kevin Martin
>
>
>
> ---
>
>
> Regards,
>
> Kevin Martin
>
> On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu <hyc@symas.com> wrote:
>
>> Howard Chu wrote:
>>
>>> ktmdms@gmail.com wrote:
>>>
>>>> --089e0115ec1091312605232ac99f
>>>> Content-Type: text/plain; charset=UTF-8
>>>>
>>>> To add fuel to the fire, if I use pw-sha2 libraries that were built on a
>>>> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can
>>>> generate SHA512/384 hashed passwords with no issues. What should I be
>>>> looking for between the two platforms that might cause the core?
>>>>
>>>
>>> Strange that the kernel would make any difference - more likely it's your
>>> C
>>> compiler making the difference.
>>>
>>
>> I may have misread your message. If the same binary works on a newer
>> system, that tends to imply something weird in the runtime environment.
>> Perhaps a problem with ASLR.
>>
>>
>> I ran a test on one machine and got an abort in glibc saying there was a
>>> stack
>>> overrun. On a different machine I got no such error, and running on the
>>> problem system under valgrind produced no errors.
>>>
>>> On the machine that aborted, when I compiled with gcc
>>> -fstack-protector-all,
>>> the glibc abort disappeared as well. So, this hasn't helped me identify
>>> the
>>> problem yet. (gcc 4.8.4-2ubuntu1~14.04)
>>>
>>>
>>
>> --
>> -- Howard Chu
>> CTO, Symas Corp. http://www.symas.com
>> Director, Highland Sun http://highlandsun.com/hyc/
>> Chief Architect, OpenLDAP http://www.openldap.org/project/
>>
>
> --001a11c39c4eeea62d05232d4fc9
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">adding the -fstack-protector-all option to the compile of =
> the pw-sha2 on the 3.18 machine and recompiling just the pw-sha2 appears to=
> have fixed the issue.<div><br></div><div>Regards,</div><div><br></div><div=
>> Kevin Martin<br><div><br></div><div><br></div></div></div><div class=3D"gm=
> ail_extra"><br clear=3D"all"><div><div class=3D"gmail_signature"><div dir=
> =3D"ltr">---<div><span style=3D"font-size:12.8px"><br></span></div><div><sp=
> an style=3D"font-size:12.8px"><br></span></div><div><span style=3D"font-siz=
> e:12.8px">Regards,</span></div><div><div><br></div><div>Kevin Martin</div><=
> /div></div></div></div>
> <br><div class=3D"gmail_quote">On Wed, Oct 28, 2015 at 9:58 AM, Howard Chu =
> <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com"; target=3D"_blank">hy=
> c@symas.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" styl=
> e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span c=
> lass=3D"">Howard Chu wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> <a href=3D"mailto:ktmdms@gmail.com"; target=3D"_blank">ktmdms@gmail.com</a> =
> wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> --089e0115ec1091312605232ac99f<br>
> Content-Type: text/plain; charset=3DUTF-8<br>
> <br>
> To add fuel to the fire, if I use pw-sha2 libraries that were built on a<br=
>>
> 2.6 kernel (specifically 2.6.32-358.el6.x86_64) on the 3.18 machine I can<b=
> r>
> generate SHA512/384 hashed passwords with no issues.=C2=A0 What should I be=
> <br>
> looking for between the two platforms that might cause the core?<br>
> </blockquote>
> <br>
> Strange that the kernel would make any difference - more likely it's yo=
> ur C<br>
> compiler making the difference.<br>
> </blockquote>
> <br></span>
> I may have misread your message. If the same binary works on a newer system=
> , that tends to imply something weird in the runtime environment. Perhaps a=
> problem with ASLR.<div class=3D"HOEnZb"><div class=3D"h5"><br>
> <br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">
> I ran a test on one machine and got an abort in glibc saying there was a st=
> ack<br>
> overrun. On a different machine I got no such error, and running on the<br>
> problem system under valgrind produced no errors.<br>
> <br>
> On the machine that aborted, when I compiled with gcc -fstack-protector-all=
> ,<br>
> the glibc abort disappeared as well. So, this hasn't helped me identify=
> the<br>
> problem yet. (gcc 4.8.4-2ubuntu1~14.04)<br>
> <br>
> </blockquote>
> <br>
> <br>
> -- <br>
> =C2=A0 -- Howard Chu<br>
> =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"=
> http://www.symas.com"; rel=3D"noreferrer" target=3D"_blank">http://www.symas=
> .com</a><br>
> =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland=
> sun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun.com/h=
> yc/</a><br>
> =C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p=
> roject/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/proje=
> ct/</a><br>
> </div></div></blockquote></div><br></div>
>
> --001a11c39c4eeea62d05232d4fc9--
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/