I am using Openssh 3.8.1p1 on Solaris 2.8 compiled with gcc 3.2.3. I have
nsswitch configured to use file and PADLs ldap module.
When I use nss_ldap without SSL In can login without problem, but with SSL
enabled sshd crashes. When I use openssl 0.9.8b sshd crashes in
obj_name_cmp(line
101):
87 static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
88 {
89 int ret;
90
91 ret=a->type-b->type;
92 if (ret == 0)
93 {
94 if ((name_funcs_stack != NULL)
95 && (sk_NAME_FUNCS_num(name_funcs_stack) >
a->type))
96 {
97
ret=sk_NAME_FUNCS_value(name_funcs_stack,a->type)
98 ->cmp_func(a->name,b->name);
99 }
100 else
101 ret=strcmp(a->name,b->name);
102 }
103 return(ret);
104 }
#0 0xff132d58 in strcmp () from /usr/lib/libc.so.1
#1 0x96660 in obj_name_cmp (a=0x121788, b=0x142290) at o_names.c:101
#2 0x950d8 in getrn (lh=0x120c50, data=0x142290, rhash=0x142278) at
lhash.c:418
#3 0x94d40 in lh_insert (lh=0x120c50, data=0x142290) at lhash.c:189
#4 0x96208 in OBJ_NAME_add (name=0x0, type=2, data=0xfee7163c "") at
o_names.c:175
#5 0x6d978 in EVP_add_cipher (c=0xfee7163c) at names.c:71
#6 0xfeeb4f70 in SSL_library_init () from /opt/DBssllib/lib/libssl.so.0.9.8
#7 0xff04478c in ldap_pvt_tls_init () at tls.c:169
#8 0xff046298 in ldap_int_tls_start (ld=0x12cb00, conn=0x12cb90,
srv=0x12dbe8) at tls.c:1332
#9 0xff02906c in ldap_int_open_connection (ld=0x12cb00, conn=0x12cb90,
srv=0x12cbf0, async=0) at open.c:365
#10 0xff038a3c in ldap_new_connection (ld=0x12cb00, srvlist=0x12cbf0,
use_ldsb=1, connect=1231856, bind=0x0) at request.c:315
#11 0xff028af0 in ldap_open_defconn (ld=0x12cb00) at open.c:30
#12 0xff0385c0 in ldap_send_initial_request (ld=0x12cb00, msgtype=96,
dn=0xff08c1a3 "uid=unixclient,dc=group,dc=com", ber=0x12cc20) at
request.c:98
#13 0xff02ef60 in ldap_sasl_bind (ld=0x12cb00, dn=0xff08c1a3
"uid=unixclient,dc=group,dc=com", mechanism=0x0, cred=0xffbebe58,
sctrls=0x0, cctrls=0x12cc20, msgidp=0xffbebe54) at sasl.c:148
#14 0xff02f720 in ldap_simple_bind (ld=0x12cb00, dn=0xff08c1a3
"uid=unixclient,dc=group,dc=com", passwd=0xff08c1f8 "dummy") at sbind.c:81
#15 0xff072c90 in do_bind (ld=0x12cb00, timelimit=5, dn=0xff08c1a3
"uid=unixclient,dc=group,dc=com", pw=0xff08c1f8 "dummy", with_sasl=0) at
ldap-nss.c:1420
#16 0xff07292c in do_open () at ldap-nss.c:1277
#17 0xff073ad0 in _nss_ldap_search_s (args=0xffbec860,
filterprot=0xff08e798
"(&(objectclass=posixGroup)(memberUid=%s))",
sel=LM_GROUP, sizelimit=0, res=0xffbec85c) at ldap-ns.c:2285
#18 0xff074f68 in _nss_ldap_getgroupsbymember_r (be=0x12db88,
args=0xffbecd5c) at ldap-grp.c:305
#19 0xff1498c4 in nss_search () from /usr/lib/libc.so.1
#20 0xff1986a0 in _getgroupsbymember () from /usr/lib/libc.so.1
#21 0xff140f08 in initgroups () from /usr/lib/libc.so.1
#22 0x30314 in temporarily_use_uid (pw=0x12b320) at uidswap.c:88
#23 0x37b54 in user_key_allowed2 (pw=0x12b320, key=0x12db70, file=0x12f280
"/home/moelma/.ssh/authorized_keys2") at auth2-pubkey.c:179
#24 0x37eb0 in user_key_allowed (pw=0x12b320, key=0x12db70) at
auth2-pubkey.c:264
#25 0x37aa4 in userauth_pubkey (authctxt=0x123408) at auth2-pubkey.c:142
#26 0x320b4 in input_userauth_request (type=50, seq=6, ctxt=0x123408) at
auth2.c:195
#27 0x5119c in dispatch_run (mode=0, done=0x123408, ctxt=0x123408) at
dispatch.c:93
#28 0x31cf0 in do_authentication2 (authctxt=0x123408) at auth2.c:94
#29 0x2ac3c in main (ac=11, av=0x2a) at sshd.c:1481
It seems sshd calls ldap with ssl in the main process and in a forked process.
And I think one process might delete the others pointers, but couldn't confirm
it
yet.
BTW If I use an older opesnssl version I get the error in err_cmp and it has
been also reported on RedHat
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=121734 for pam_ldap.
and I think it is similar to the open ticket #678
Regards
Markus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
