Bug 482909

Summary: server seg fault if doing SSLCLIENTAUTH without being an ssl server
Product: Red Hat Directory Server Reporter: Michael Gregg <mgregg>
Component: Security - SSLAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 8.1CC: benl, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 8.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-29 23:09:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 249650, 493682    
Attachments:
Description Flags
diffs
none
cvs commit log
none
report from reliab15 run on DS 8.1 none

Description Michael Gregg 2009-01-28 19:16:41 UTC 
Description of problem:
During the replication setup section of reliab15, the master servers crash

How reproducible:
always

Steps to Reproduce:
1. run reliab15
2. 1 min into step 3, servers start crashing
3.
  
gdb bt from the first master at crash time. This doesn't look very helpful. I can supply a machine with this problem for testing if needed.

Additional info:
(gdb) c
Continuing.
[New Thread -1671869536 (LWP 28066)]
[New Thread -1682359392 (LWP 28067)]
[New Thread -1692849248 (LWP 28068)]
[New Thread -1703339104 (LWP 28069)]
[New Thread -1713828960 (LWP 28070)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1713828960 (LWP 28070)]
0x00abe204 in SVRCORE_StdPinGetPin () from /usr/lib/libsvrcore.so.0
(gdb) bt
#0  0x00abe204 in SVRCORE_StdPinGetPin () from /usr/lib/libsvrcore.so.0
#1  0x00c42665 in slapd_SSL_client_auth (ld=0xb4507500) at ldap/servers/slapd/ssl.c:1164
#2  0x00c4db33 in slapi_ldap_bind (ld=0xb4507500, bindid=0xb450a170 "", creds=0xb47f7b58 "", mech=Variable "mech" is not available.
) at ldap/servers/slapd/util.c:1150
#3  0x008a1539 in conn_connect (conn=0x9422130) at ldap/servers/plugins/replication/repl5_connection.c:1564
#4  0x008a99bf in acquire_replica (prp=0x93ff8c0, prot_oid=Variable "prot_oid" is not available.
) at ldap/servers/plugins/replication/repl5_protocol_util.c:168
#5  0x008a424b in repl5_inc_run (prp=0x93ff8c0) at ldap/servers/plugins/replication/repl5_inc_protocol.c:800
#6  0x008a9315 in prot_thread_main (arg=0x950eea8) at ldap/servers/plugins/replication/repl5_protocol.c:313
#7  0x0014b21d in PR_Select () from /usr/lib/libnspr4.so
#8  0x00aad3cc in start_thread () from /lib/tls/libpthread.so.0
#9  0x00a1796e in clone () from /lib/tls/libc.so.6
(gdb)
Comment 1 Rich Megginson 2009-01-28 20:40:50 UTC 
Created attachment 330282 [details]
diffs
Comment 2 Rich Megginson 2009-01-28 22:00:13 UTC 
Created attachment 330290 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Fix Description: When I changed the code to allow the DS to be an SSL client without having to be an SSL server, I missed the svrcore setup for EXTERNAL (ssl client auth).  The fix is to check to see if svrcore has been set up, and initialize it if not, before attempting to use it.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Comment 3 Michael Gregg 2009-04-13 21:47:50 UTC 
Created attachment 339384 [details]
report from reliab15 run on DS 8.1
Comment 4 Michael Gregg 2009-04-13 21:49:04 UTC 
reliab15 ran properly.

Report from:
https://wiki.idm.lab.bos.redhat.com/dirsec/archives-mp1/archives/ds/81/reliability/reliab15/

verified against 8.1.0-0.6.el5dsrv
Comment 5 Chandrasekar Kannan 2009-04-29 23:09:54 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html