On Mon, Feb 6, 2012 at 10:45 AM, Remco <[email protected]> wrote: > On a beta system: > $ dmesg |head -n2 > OpenBSD 5.1-beta (GENERIC.MP) #178: Thu Feb 2 02:44:59 MST 2012 > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC.MP > > I have openldap clients segfault on me using GSSAPI, e.g.: > $ ldapwhoami > SASL/GSSAPI authentication started > SASL username: [email protected] > SASL SSF: 56 > SASL data security layer installed. > Segmentation fault (core dumped) > $ gdb ldapwhoami > GNU gdb 6.3 > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-unknown-openbsd5.1"...(no debugging symbols > found) > > (gdb) run > Starting program: /usr/local/bin/ldapwhoami > (no debugging symbols found) > SASL/GSSAPI authentication started > SASL username: [email protected] > SASL SSF: 56 > SASL data security layer installed. > > Program received signal SIGSEGV, Segmentation fault. > 0x093b099e in sasl_gss_encode () from /usr/local/lib/sasl2/libgssapiv2.so.2.22 > (gdb) bt > #0 0x093b099e in sasl_gss_encode () > from /usr/local/lib/sasl2/libgssapiv2.so.2.22 > #1 0x06ff1311 in _sasl_encodev () from /usr/local/lib/libsasl2.so.2.23 > #2 0x06ff1832 in sasl_encodev () from /usr/local/lib/libsasl2.so.2.23 > #3 0x06ff19fa in sasl_encode () from /usr/local/lib/libsasl2.so.2.23 > #4 0x1c023d9a in ?? () > #5 0x7edf74d0 in ?? () > #6 0x7edf2020 in ?? () > #7 0x00000020 in ?? () > #8 0x7edf3944 in ?? () > #9 0xcfbe83ac in ?? () > #10 0x00000061 in ?? () > #11 0x000001ff in ?? () > #12 0x2a826c98 in ?? () from /usr/lib/libc.so.62.0 > #13 0x00000000 in ?? () > (gdb) q > The program is running. Exit anyway? (y or n) y > > > From reading http://www.spinics.net/lists/cyrus-sasl/msg02004.html, I > understand the issue probably is a pointer being assigned to a buffer, that > buffer potentially being a NULL pointer, or getting reallocated, invalidating > the pointer. Dereferencing the pointer after that (hopefully) segfaults. > > Since it makes sense to me, I tried the suggestion from that message > (assigning the pointer after the potential reallocation) and it seems to > solve the problem. > > > What I did: > > modify the plugins/gssapi.c file and use 'make update-patches' to create the > file patches/patch-plugins_gssapi_c: > $OpenBSD$ > --- plugins/gssapi.c.orig Mon Feb 6 09:30:58 2012 > +++ plugins/gssapi.c Mon Feb 6 09:31:47 2012 > @@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const struct iovec *inv > } > > if (output_token->value && output) { > - unsigned char * p = (unsigned char *) text->encode_buf; > + unsigned char * p; > > ret = _plug_buf_alloc(text->utils, > &(text->encode_buf), > @@ -384,6 +384,8 @@ sasl_gss_encode(void *context, const struct iovec *inv > return ret; > } > > + p = (unsigned char *) text->encode_buf; > + > p[0] = (output_token->length>>24) & 0xFF; > p[1] = (output_token->length>>16) & 0xFF; > p[2] = (output_token->length>>8) & 0xFF; > > updated the package revision: > ? patches/patch-plugins_gssapi_c
You forgot to 'cvs add patches/patch-plugins_gssapi_c'. Dunno if this can make 5.1 (I doubt), but for sure it's a candidate for the -stable branch post-lock. ciao, David
