[email protected] wrote: > Full_Name: Jan Synacek > Version: 2.4.30 > OS: Fedora 16 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.132.186.34) > > > I've created a small reproducer, that calls ldap_sasl_interactive_bind_s after > it has been called once and failed, which causes a segfault.
Fixed now in git master, thanks for the report. > > I've traced this bug with gdb: > $ gdb ./reproducer > > GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16) > Copyright (C) 2011 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later<http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from > /home/jsynacek/work/bz784989-openldap-rebinding/reproducer...done. > (gdb) r > Starting program: /home/jsynacek/work/bz784989-openldap-rebinding/reproducer > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > ldap_sasl_interactive_bind: user selected: GSSAPI > ldap_int_sasl_bind: GSSAPI > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP localhost:636 > ldap_new_socket: 7 > ldap_prepare_socket: 7 > ldap_connect_to_host: Trying ::1 636 > ldap_pvt_connect: fd: 7 tm: -1 async: 0 > TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory > TLS: error: connect - force handshake failure: errno 21 - moznss error -5938 > TLS: can't connect: TLS error -5938:Encountered end of file. > ldap_msgfree > ldap_err2string > bind failed: Can't contact LDAP server, retrying for fun and profit! > ldap_sasl_interactive_bind: user selected: GSSAPI > ldap_int_sasl_bind: GSSAPI > > Program received signal SIGSEGV, Segmentation fault. > ldap_int_sasl_bind (ld=0x603130, dn=0x0, mechs=0x401a30 "GSSAPI", sctrls=0x0, > cctrls=0x0, flags=1, > interact=0x401660<lutil_sasl_interact>, defaults=0x60cae0, result=0x0, > rmech=0x7fffffffd878, > msgid=0x7fffffffd88c) at ../../../libraries/libldap/cyrus.c:444 > 444 oldctx = ld->ld_defconn->lconn_sasl_authctx; > (gdb) p ld->ldc->ldc_defconn > $1 = (LDAPConn *) 0x0 > > If you set slapd to use TLS certs (uncomment the 'TLS*' lines in the config), > there is no segfault. > > The reproducer and the config can be found here: > URL1: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/reproducer.c > URL2: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/cn=config.ldif > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
