Bug 2264534

Summary: RHDS LDAP server Segmentation fault, apparent heap corruption, crashes in OpenSSL after SSL_do_handshake
Product: Red Hat Directory Server Reporter: Bijesh Thekkepat <bthekkep>
Component: 389-ds-baseAssignee: LDAP Maintainers <idm-ds-dev-bugs>
Status: CLOSED ERRATA QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: urgent Docs Contact: Evgenia Martynyuk <emartyny>
Priority: urgent    
Version: 11.6CC: cilmar, dbelyavs, dchen, ibodunov, idm-ds-dev-bugs, jverreng, knakai, msauton, musoni, progier, pwallend, rmarigny, tbordaz, tmihinto, tscherf, vashirov
Target Milestone: DS11.9Keywords: Triaged
Target Release: dirsrv-11.9   
Hardware: Unspecified   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-1.4.3.39-3.module+el8dsrv+21677+4b22807b Doc Type: Bug Fix
Doc Text:
.The `ns-slapd` binary is now linked with the thread-safe `libldap_r` library, no longer causing segmentation fault An upstream change in the build system introduced a regression by linking the `ns-slapd` binary with the non thread-safe `libldap` library instead of the thread-safe `libldap_r`. Consequently, the `ns-slapd` process could fail with a segmentation fault. This update fixes the problem with the build system code and the `ns-slapd` binary is now linked back with the thread-safe `libldap_r` library. As a result, the segmentation fault no longer occurs.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-21 00:09:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 34 Ding-Yi Chen 2024-02-29 05:38:49 UTC 
% ack segfault sosreport-sprintlab309vm3-2024-02-28-jjpvexj/var/log/messages

~~~
Feb 14 06:32:42 sprintlab309vm3 kernel: ns-slapd[215190]: segfault at 250 ip 00007f39200b4e64 sp 00007fff2de7f3e8 error 6 in libslapd.so.0.1.0[7f391ffda000+1a0000]
Feb 28 12:56:34 sprintlab309vm3 kernel: ns-slapd[2724746]: segfault at 7f322802d ip 00007f326830b83b sp 00007f32167f9dc0 error 4 in libcrypto.so.1.1.1k[7f3268260000+2b6000]
Feb 28 13:04:34 sprintlab309vm3 kernel: ns-slapd[2737971]: segfault at 8 ip 00007f54359427b2 sp 00007f53f1ff9fc0 error 4
Feb 28 13:08:56 sprintlab309vm3 kernel: ns-slapd[2744073]: segfault at 10000 ip 00007f76d74f4100 sp 00007f769e696fe0 error 4
Feb 28 13:23:12 sprintlab309vm3 kernel: ns-slapd[2763221]: segfault at 7f39c7e0c0b8 ip 00007f3e7e3406b2 sp 00007f3e42e8fd20 error 4 in libcrypto.so.1.1.1k[7f3e7e295000+2b6000]
~~~

% ack segfault sosreport-sprintlab309vm3-2024-02-28-wupurlr/var/log/messages
~~~
Feb 14 06:32:42 sprintlab309vm3 kernel: ns-slapd[215190]: segfault at 250 ip 00007f39200b4e64 sp 00007fff2de7f3e8 error 6 in libslapd.so.0.1.0[7f391ffda000+1a0000]
Feb 28 12:56:34 sprintlab309vm3 kernel: ns-slapd[2724746]: segfault at 7f322802d ip 00007f326830b83b sp 00007f32167f9dc0 error 4 in libcrypto.so.1.1.1k[7f3268260000+2b6000]
Feb 28 13:04:34 sprintlab309vm3 kernel: ns-slapd[2737971]: segfault at 8 ip 00007f54359427b2 sp 00007f53f1ff9fc0 error 4
Feb 28 13:08:56 sprintlab309vm3 kernel: ns-slapd[2744073]: segfault at 10000 ip 00007f76d74f4100 sp 00007f769e696fe0 error 4
Feb 28 13:23:12 sprintlab309vm3 kernel: ns-slapd[2763221]: segfault at 7f39c7e0c0b8 ip 00007f3e7e3406b2 sp 00007f3e42e8fd20 error 4 in libcrypto.so.1.1.1k[7f3e7e295000+2b6000]
~~~

% addr2line -e /lib64/libcrypto.so.1.1.1k -afCi $(python3 -c 'print(hex(0x7f3e7e3406b2 - 0x7f3e7e295000 ))')
~~~
0x00000000000ab6b2
ERR_load_BIO_strings
/usr/src/debug/openssl-1.1.1k-12.el8_9.x86_64/crypto/bio/bio_lib.c:255 (discriminator 2)
~~~
Comment 41 thierry bordaz 2024-03-13 16:52:35 UTC 
*** Bug 2261940 has been marked as a duplicate of this bug. ***
Comment 47 errata-xmlrpc 2024-05-21 00:09:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (redhat-ds:11 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2024:2934