Bug 727533

Summary: OpenLDAP 2.4.23 segfaults when using back-sql
Product: Red Hat Enterprise Linux 6 Reporter: Rene Snajder <rene.snajder>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.1CC: cww, jplans, jvcelak, omoris, ovasik, tsmetana
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openldap-2.4.23-17.el6 Doc Type: Bug Fix
Doc Text:
- OpenLDAP with SQL backend installed. - The server crashes with segmentation fault after a few operations. - Upstream patch was applied which updates data types used for storing the length of the values by ODBC. - The server no longer crashes with segmentation fault when SQL backend is used.
Story Points: ---
Clone Of:
: 733077 (view as bug list) Environment:
Last Closed: 2011-12-06 11:49:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 733077, 790914    
Attachments:
Description Flags
The patch that fixes this issue. none

Description Rene Snajder 2011-08-02 11:56:43 UTC
Created attachment 516308 [details]
The patch that fixes this issue.

Description of problem:
The bug makes openldap with back-sql unusable at least since version 2.4.22. 
Whenever a user tries to authenticate the server segfaults. The issue is described here:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6657;selectid=6657

and a fix has been provided in OpenLDAP 2.4.26. Please either release 2.4.26 in the yum repositories OR include the attached patch which fixes this issue.

Version-Release number of selected component (if applicable): 2.4.23-15


How reproducible:
Set up OpenLDAP 2.4.23 with back-sql and then run ldapwhoami with one of the users from the database (not the Manager user from the slapd.conf).

Actual results:
The slapd daemon segfaults.

Expected results:
The DN of the authenticated user, and (of course) slapd not segfaulting.

Additional info:
I provided a patch in the attachment which works if applied to 2.4.23 (the current version in the repository). The patch is an adapted version of Howard Chu's commit in the OpenLDAP GIT repository:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=0a9f51f58d1e20f92ad2f6a21c70ca04304a7f93

It was meant to be applied on 2.4.25. I adapted it to work with 2.4.23.

An update to 2.4.26 would of course also be a solution.

Comment 2 Jan Vcelak 2011-08-09 17:12:22 UTC
It can be reproduced, the fix works and is included upstream. Thank you for your report.

Comment 5 Jan Vcelak 2011-08-15 08:24:50 UTC
Resolved in openldap-2.4.23-17.el6

Comment 6 Jan Vcelak 2011-08-15 11:48:41 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- OpenLDAP with SQL backend installed.
- The server crashes with segmentation fault after a few operations.
- Upstream patch was applied which updates data types used for storing the length of the values by ODBC.
- The server no longer crashes with segmentation fault when SQL backend is used.

Comment 9 errata-xmlrpc 2011-12-06 11:49:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1514.html