Bug 107145

Summary: nss_ldap crasches with SegFault when connecting to ldaps:// URL
Product: [Retired] Red Hat Linux Reporter: Erik Forsberg <forsberg+rhbgzilla>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 9Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:59:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Erik Forsberg 2003-10-15 13:45:49 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Description of problem:
Trying to connect to a Netware eDirectory server using ldaps, nss_ldap crasches
with a Segmentation Fault. I'm using the following configuration file
(/etc/ldap.conf):

# The distinguished name of the search base.
base o=example

uri ldaps://foo.example.com/
binddn cn=admin,o=example
bindpw foobar
scope sub
pam_password nds
ssl on
tls_checkpeer yes
tls_cacertfile /root/TrustedRootCert.pem

The following configuration file will also produce the error:

uri ldaps://foo.example.com
binddn cn=admin,o=example
bindpw foobar
scope sub
ssl on
pam_password nds

..so the crasch doesn't seem to be related to the checkpeer option nor the
cacertfile option.

I'm able to connect to this host without trouble using either stunnel or
nss_ldap on a RedHat Linux 8.0 box. Also, I've tried downloading the latest
nss_ldap (rel 211) from PADL.com and compiled myself, this also crasches with
SegFault on RH9. Debug info from this release:

nss_ldap: ==> _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_getent
nss_ldap: ==> _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_search
nss_ldap: ==> do_open
nss_ldap: ==> do_close_no_unbind
nss_ldap: <== do_close_no_unbind (connection was not open)
nss_ldap: ==> ldap_initialize
nss_ldap: <== ldap_initialize
nss_ldap: ==> do_ssl_options
nss_ldap: <== do_ssl_options
nss_ldap: ==> do_bind
Segmentation fault (core dumped)

Since this bug makes it impossible to use transport-layer security, it is a
security risk since it will make people transport their passwords in cleartext
over the net.

Version-Release number of selected component (if applicable):
202-5

How reproducible:
Always

Steps to Reproduce:
Use the configuration file as above in the Descriptions field, and connect to a
ldaps:// URI.

Additional info:
Comment 1 Erik Forsberg 2003-10-16 11:58:16 UTC 
After discussion on the nssldap mailing list, I found that this bug is a
duplicate of bug 85728, so please fix that instead :-).

*** This bug has been marked as a duplicate of 85728 ***
Comment 2 Red Hat Bugzilla 2006-02-21 18:59:09 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.