Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionElio Maldonado Batiz
2010-10-15 23:34:22 UTC
+++ This bug was initially created as a clone of Bug #642433 +++
Description of problem:
try any openldap command and use the LDAPTLS_CACERTDIR to pass in an arbitrary directory containing other directories.
It will abort as soon as openldap passes down a directory as a file.
It should probably, at most, return an error, if not ignore the entry completely.
This is the backtrace:
(gdb) bt
#0 0x00132416 in __kernel_vsyscall ()
#1 0x00412501 in raise () from /lib/libc.so.6
#2 0x00413f6e in abort () from /lib/libc.so.6
#3 0x0044fa8d in __libc_message () from /lib/libc.so.6
#4 0x00457df4 in _int_free () from /lib/libc.so.6
#5 0x003bc118 in PR_Free (ptr=0x80ad3d0) at ../../../mozilla/nsprpub/pr/src/malloc/prmem.c:490
#6 0x0071ee92 in PORT_Free_Util (ptr=0x80ad3d0) at secport.c:151
#7 0x0071dfba in SECITEM_FreeItem_Util (zap=0xbfffe7c4, freeit=0) at secitem.c:264
#8 0x007062d0 in FileToItem (dst=0xbfffe7c4, src=0x80acd58) at util.c:129
#9 0x00706338 in ReadDERFromFile (derlist=0xbfffe868, filename=0x80ad1a0 "/etc/ipa/html", ascii=1, cipher=0xbfffe864, ivstring=0xbfffe860, certsonly=1)
at util.c:155
#10 0x007044e9 in pem_CreateObject (fwInstance=0x808c7e0, fwSession=0x808eca0, mdToken=0x808c938, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c)
at pobject.c:1118
#11 0x0070534f in pem_mdSession_CreateObject (mdSession=0x808ed10, fwSession=0x808eca0, mdToken=0x808c938, fwToken=0x808e0f0, mdInstance=0x731ee0,
fwInstance=0x808c7e0, arena=0x808e050, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c) at psession.c:157
#12 0x00709136 in nssCKFWSession_CreateObject (fwSession=0x808eca0, pTemplate=0xbfffee74, ulAttributeCount=4, pError=0xbfffed5c) at session.c:1353
#13 0x0070e769 in NSSCKFWC_CreateObject (fwInstance=0x808c7e0, hSession=1, pTemplate=0xbfffee74, ulCount=4, phObject=0xbfffee1c) at wrap.c:1994
#14 0x00700aed in pemC_CreateObject (hSession=1, pTemplate=0xbfffee74, ulCount=4, phObject=0xbfffee1c) at ../../../../../dist/public/nss/nssck.api:566
#15 0x0028f092 in PK11_CreateNewObject (slot=0x808dd48, session=1, theTemplate=0xbfffee74, count=4, token=0, objectID=0xbfffee1c) at pk11obj.c:412
#16 0x002905e1 in PK11_CreateGenericObject (slot=0x808dd48, pTemplate=0xbfffee74, count=4, token=0) at pk11obj.c:1347
#17 0x001691bc in tlsm_add_cert_from_file (ctx=0x8062178, filename=0x808bff8 "/etc/ipa/html", isca=1) at ../../../libraries/libldap/tls_m.c:1062
#18 0x0016ad03 in tlsm_init_ca_certs (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1188
#19 tlsm_deferred_init (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1331
#20 tlsm_deferred_ctx_init (arg=0x8062178) at ../../../libraries/libldap/tls_m.c:1684
#21 0x003c1909 in PR_CallOnceWithArg (once=0x806219c, func=0x16a360 <tlsm_deferred_ctx_init>, arg=0x8062178) at ../../../mozilla/nsprpub/pr/src/misc/prinit.c:836
#22 0x00168c4d in tlsm_session_new (ctx=0x8062178, is_server=0) at ../../../libraries/libldap/tls_m.c:1991
#23 0x00165a0c in alloc_handle (ctx_arg=<value optimized out>, is_server=<value optimized out>) at ../../../libraries/libldap/tls2.c:296
#24 0x00165b9c in ldap_int_tls_connect (ld=0x8058078, conn=<value optimized out>) at ../../../libraries/libldap/tls2.c:341
#25 0x00166727 in ldap_int_tls_start (ld=0x8058078, conn=0x8058228, srv=0x0) at ../../../libraries/libldap/tls2.c:833
#26 0x00166b3c in ldap_start_tls_s (ld=0x8058078, serverctrls=0x0, clientctrls=0x0) at ../../../libraries/libldap/tls2.c:939
#27 0x0804bc2b in tool_conn_setup (dont=0, private_setup=0) at ../../../clients/tools/common.c:1290
#28 0x0804aafc in main (argc=5, argv=0xbffff6f4) at ../../../clients/tools/ldappasswd.c:248
--- Additional comment from rcritten on 2010-10-12 18:06:02 EDT ---
In FileToItem() we call PR_GetOpenFileInfo() so I suppose we can just make sure that the type is a PR_FILE_FILE otherwise return a failure.
Comment 3Elio Maldonado Batiz
2011-01-17 20:01:27 UTC
Created attachment 473921[details]
Test for and reject files which are directories
This is the same patch used in fedora, reviewed by Rob Crittenden.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHBA-2011-0692.html