[Issue 10126] New: Openldap 2.5.16 Segmentation fault during start

Mon, 06 Nov 2023 00:09:57 -0800 

https://bugs.openldap.org/show_bug.cgi?id=10126

          Issue ID: 10126
           Summary: Openldap 2.5.16 Segmentation fault during start
           Product: OpenLDAP
           Version: 2.5.16
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 987
  --> https://bugs.openldap.org/attachment.cgi?id=987&action=edit
gdb stacktrace

Hi,
I have openldap cluster with 2 nodes. Openldap is compiled in docker
debian:bookworm-slim with options:

./configure --prefix=${LDAP_HOME}/openldap \
  --enable-debug \
  --enable-dynamic \
  --enable-syslog \
  --enable-ipv6 \
  --enable-local \
  --enable-slapd \
  --enable-dynacl \
  --enable-cleartext \
  --enable-crypt \
  --enable-spasswd \
  --enable-modules \
  --enable-slapi \
  --enable-wrappers \
  --enable-dnssrv=mod \
  --enable-ldap=mod \
  --enable-mdb=mod \
  --enable-meta=mod \
  --enable-asyncmeta=mod \
  --enable-relay=mod \
  --enable-overlays=mod \
  --enable-argon2=yes \
  --enable-balancer=mod \
  --with-cyrus-sasl \
  --with-threads \
  --with-argon2=auto \
  --without-systemd \
  --with-tls=openssl
make depend
make
make install
cd contrib/slapd-modules/smbk5pwd
sed -i "s|prefix=/usr/local|prefix=${LDAP_HOME}/openldap|g" Makefile
sed -i "s|SSL_LIB = -lcrypto|SSL_LIB = -lnettle|g" Makefile
sed -i "s|HEIMDAL_INC = -I/usr/heimdal/include|HEIMDAL_INC = \$(shell
krb5-config.heimdal --cflags krb5 kadm-server)|g" Makefile
sed -i "s|HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv|HEIMDAL_LIB =
\$(shell krb5-config.heimdal --libs krb5 kadm-server)|g" Makefile
sed -i "s|LIBS = \$(LDAP_LIB) \$(HEIMDAL_LIB) \$(SSL_LIB)|LIBS =
\$(HEIMDAL_LIB) \$(LDAP_LIB) \$(SSL_LIB)|g" Makefile
make
make install
cd ../passwd/pbkdf2
sed -i "s|prefix=/usr/local|prefix=${LDAP_HOME}/openldap|g" Makefile
sed -i "s|SSL_LIB = -lcrypto|SSL_LIB = -lnettle|g" Makefile
make
make install
cd ../sha2
sed -i "s|prefix=/usr/local|prefix=${LDAP_HOME}/openldap|g" Makefile
make
make install
cd ../../ppm
sed -i "s|prefix=/usr/local|prefix=${LDAP_HOME}/openldap|g" Makefile
make
make install


When I start openldap:

slapd -h 'ldap://0.0.0.0:10389 ldaps://0.0.0.0:10536
ldapi://%2Fopt%2Fldap%2Fldapi' -F /opt/ldap//openldap/etc/openldap/slapd.d

I get error:

@(#) $OpenLDAP: slapd 2.5.16 (Nov  3 2023 07:51:03)
$#012#011@f3068170494c:\/opt\/ldap\/openldap-2.5.16\/servers\/slapd
/opt\/ldap\/openldap\/etc\/openldap\/slapd.d: line 1: rootdn is always granted
unlimited privileges.
Segmentation fault (core dumped)

and in syslog:

Nov  6 08:48:17 openldap-1 kernel: [44480681.935173] slapd[3775972]: segfault
at 7f049da0375f ip 00007f049d75fc12 sp 00007fff24e77dd0 error 7 in
libcrypto.so.3[7f049d60a000+279000]
Nov  6 08:48:17 openldap-1 kernel: [44480681.935183] Code: 64 f9 ff ff eb a8 e8
ed 23 eb ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 85 ff 0f 84 a7 00 00 00
53 b8 ff ff ff ff 48 89 fb <f0> 0f c1 47 30 83 e8 01 85 c0 74 12 7e 10 5b 31 c0
31 d2 31 f6 31

Next start with gdb:

ldap@openldap-1:~$ gdb --args /opt/ldap/openldap/libexec/slapd -d 0 -h
ldap://0.0.0.0:10389 -F /opt/ldap//openldap/etc/openldap/slapd.d
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /opt/ldap/openldap/libexec/slapd...
(No debugging symbols found in /opt/ldap/openldap/libexec/slapd)
(gdb) run
Starting program: /opt/ldap/openldap/libexec/slapd -d 0 -h ldap://0.0.0.0:10389
-F /opt/ldap//openldap/etc/openldap/slapd.d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff79bfc12 in EVP_PKEY_free () from
/lib/x86_64-linux-gnu/libcrypto.so.3
(gdb) bt full
#0  0x00007ffff79bfc12 in EVP_PKEY_free () from
/lib/x86_64-linux-gnu/libcrypto.so.3
No symbol table info available.
#1  0x00007ffff79fa393 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
No symbol table info available.
#2  0x00007ffff79fa8cd in PEM_read_bio_Parameters_ex () from
/lib/x86_64-linux-gnu/libcrypto.so.3
No symbol table info available.
#3  0x00007ffff7fa1b38 in tlso_ctx_init (lo=0x5555556fd550, lt=0x7fffffffe280,
is_server=1) at tls_o.c:546
        dh = 0x7ffff7c6372f <SSL_CTX_new_ex+815>
        bio = 0x5555558afab0
        ctx = 0x55555586b760
        i = <optimized out>
#4  0x00007ffff7f9de08 in ldap_int_tls_init_ctx (lo=0x5555556fd550,
is_server=1) at tls2.c:264
        rc = 0
        ti = <optimized out>
        lts = {lt_certfile = 0x555555773350
"/opt/ldap/openldap/etc/openldap/certs/ldap.crt", lt_keyfile = 0x555555773390
"/opt/ldap/openldap/etc/openldap/certs/ldap.key", 
          lt_dhfile = 0x555555773470
"/opt/ldap/openldap/etc/openldap/certs/dhparam", lt_cacertfile = 0x555555773310
"/opt/ldap/openldap/etc/openldap/certs/ca.crt", lt_cacertdir = 0x0, 
          lt_ciphersuite = 0x5555557733d0
"TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM",
lt_crlfile = 0x0, 
          lt_randfile = 0x0, lt_ecname = 0x0, lt_protocol_min = 771,
lt_protocol_max = 0, lt_cacert = {bv_len = 0, bv_val = 0x0}, lt_cert = {bv_len
= 0, bv_val = 0x0}, lt_key = {
            bv_len = 0, bv_val = 0x0}}
#5  0x00005555555759e7 in main ()
No symbol table info available.
(gdb) thread apply all bt

Thread 1 (Thread 0x7ffff75ce7c0 (LWP 64) "slapd"):
#0  0x00007ffff79bfc12 in EVP_PKEY_free () from
/lib/x86_64-linux-gnu/libcrypto.so.3
#1  0x00007ffff79fa393 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#2  0x00007ffff79fa8cd in PEM_read_bio_Parameters_ex () from
/lib/x86_64-linux-gnu/libcrypto.so.3
#3  0x00007ffff7fa1b38 in tlso_ctx_init (lo=0x5555556fd550, lt=0x7fffffffe280,
is_server=1) at tls_o.c:546
#4  0x00007ffff7f9de08 in ldap_int_tls_init_ctx (lo=0x5555556fd550,
is_server=1) at tls2.c:264
#5  0x00005555555759e7 in main ()


Next I rebuild openldap adding flags to configure step:

./configure CFLAGS=-g

When I run slapd in new image:

slapd -h 'ldap://0.0.0.0:10389 ldaps://0.0.0.0:10536
ldapi://%2Fopt%2Fldap%2Fldapi' -F /opt/ldap//openldap/etc/openldap/slapd.d

all working well and I didn't get segementation fault.
Can someone tell me what I'm doing wrong and how to investigate the problem?

Regards
BS

-- 
You are receiving this mail because:
You are on the CC list for the issue.

Reply via email to