Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1071431

Summary:

ldap client library SEGVs in NSS library on SSL connect

Product:

Red Hat Enterprise Linux 6

Reporter:

Daniel Sands <dnsands>

Component:

openldap

Assignee:

Matus Honek <mhonek>

Status:

CLOSED WONTFIX

QA Contact:

BaseOS QE Security Team <qe-baseos-security>

Severity:

high

Docs Contact:

Priority:

medium

Version:

6.5

CC:

dnsands, ebenes, mkosek, nkinder, pkis

Target Milestone:

Target Release:

---

Hardware:

All

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2017-11-29 15:38:36 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

Bug Blocks:

1272422

Attachments:

Description	Flags
LDAP client certificate chain	none
Core file from RHEL-6.8	none

Description Daniel Sands 2014-02-28 18:56:55 UTC

Created attachment 869164 [details]
LDAP client certificate chain

Description of problem:
ldapsearch, and actually any client that uses LDAP, crashes within NSS for certain client certificates.

Version-Release number of selected component (if applicable):
openldap-2.4.23-34.el6_5.1.x86_64
nss-3.15.3-6.el6_5.x86_64

How reproducible:
Always (with my client certificate)

Steps to Reproduce:
1. My client certificate and key were exported from a Mozilla NSS certdb into PEM format
2. Run ldapsearch with ldaps: protocol using this certificate

Actual results:
Segmentation fault

Expected results:
Successful search

Additional info:
The backtrace shows the crash to be at line 815 in /usr/src/debug/nss-3.15.3/nss/lib/pk11wrap/pk11akey.c  It actually crashes at line 814, but optimization obscures this.  The function calls PK11_GetAttributes to get the modulus length of the certificate.  The PK11_GetAttributes call reports success, but does not set the length value in theTemplate.  This results in a crash when the NULL pointer is dereferenced to check for 0.

Since my certificate is self-signed for development use, I can provide the chain here

Comment 2 Jan Synacek 2014-05-14 09:13:00 UTC

Would you mind sharing a reproducer?

Comment 4 Daniel Sands 2014-06-13 19:38:44 UTC

I uploaded a certificate which causes ldapsearch to crash when used.  Just unpack and set LDAPTLS_CERT and LDAPTLS_KEY environment variables to point to the unpacked files, then run ldapsearch -H ldaps://<some LDAP server>

Comment 5 Jan Synacek 2014-06-16 08:35:41 UTC

It would be much more helpful if you provided the exact steps (and backtrace) instead of vaguely describing it.

What should I unpack? The cert file is a .crt and if it can somehow be unpacked, I don't know how.

I can't reproduce this.

Comment 6 Daniel Sands 2014-06-17 06:34:31 UTC

You do not need to unpack the .crt file.  Just use it.  Example on my system, where ldapclient.crt is in the current directory:

$ export LDAPTLS_CERT=ldapclient.crt
$ export LDAPTLS_KEY=ldapclient.crt
$ ldapsearch -H ldaps://myldapserver.com
Segmentation fault (core dumped)

It won't make a difference crash-wise if you want to save into a .pem and a .key file, but to do so you would use a text editor to copy:

  the lines between (and including) -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- as the .key file

  the lines between and including the first -----BEGIN CERTIFICATE----- and the first -----END CERTIFICATE----- as the .pem file

  the lines between and including the second -----BEGIN CERTIFICATE----- and the second -----END CERTIFICATE----- as the .ca file


So if you write them out to ldapclient.key, ldapclient.pem, and ldapca.ca, for instance, you'd use the following commands:

$ export LDAPTLS_CERT=ldapclient.pem
$ export LDAPTLS_KEY=ldapclient.key
$ export LDAPTLS_CACERT=ldapca.ca
$ ldapsearch -H ldaps://myldapserver.com
Segmentation fault (core dumped)


I don't have DebugInfos installed for every library at this time, but I get this backtrace:

(gdb) where
#0  0x000000345d42d192 in PK11_GetPrivateModulusLen ()
   from /usr/lib64/libnss3.so
#1  0x000000345d449705 in PK11_SignatureLen () from /usr/lib64/libnss3.so
#2  0x000000345d011d39 in ?? () from /usr/lib64/libssl3.so
#3  0x000000345d013d78 in ?? () from /usr/lib64/libssl3.so
#4  0x000000345d0175fe in ?? () from /usr/lib64/libssl3.so
#5  0x000000345d018c72 in ?? () from /usr/lib64/libssl3.so
#6  0x000000345d019ac7 in ?? () from /usr/lib64/libssl3.so
#7  0x000000345d01c3d2 in ?? () from /usr/lib64/libssl3.so
#8  0x000000345d022a75 in ?? () from /usr/lib64/libssl3.so
#9  0x000000345d0242bf in SSL_ForceHandshake () from /usr/lib64/libssl3.so
#10 0x000000345e035345 in ?? () from /lib64/libldap-2.4.so.2
#11 0x000000345e033e7a in ?? () from /lib64/libldap-2.4.so.2
#12 0x000000345e0340f8 in ldap_int_tls_start () from /lib64/libldap-2.4.so.2
#13 0x000000345e00ec33 in ldap_int_open_connection ()
   from /lib64/libldap-2.4.so.2
#14 0x000000345e0222ef in ldap_new_connection () from /lib64/libldap-2.4.so.2
#15 0x000000345e00e99d in ldap_open_defconn () from /lib64/libldap-2.4.so.2
#16 0x000000345e023334 in ldap_send_initial_request ()
   from /lib64/libldap-2.4.so.2
#17 0x000000345e012df5 in ldap_search () from /lib64/libldap-2.4.so.2
#18 0x000000345e012e9b in ldap_search_s () from /lib64/libldap-2.4.so.2
#19 0x000000345e0183e8 in ldap_pvt_sasl_getmechs ()
   from /lib64/libldap-2.4.so.2
#20 0x000000345e01861a in ldap_sasl_interactive_bind_s ()
   from /lib64/libldap-2.4.so.2
#21 0x0000000000409b1a in ?? ()
#22 0x0000000000406a03 in ?? ()
#23 0x0000003e35c1ed1d in __libc_start_main () from /lib64/libc.so.6
#24 0x0000000000403f99 in ?? ()
#25 0x00007fffffffe348 in ?? ()
#26 0x000000000000001c in ?? ()
#27 0x0000000000000003 in ?? ()
#28 0x00007fffffffe5fb in ?? ()
#29 0x00007fffffffe60f in ?? ()
#30 0x00007fffffffe612 in ?? ()
#31 0x0000000000000000 in ?? ()

Comment 10 Daniel Sands 2016-07-07 19:23:22 UTC

I came back to this bug and tried it out again with the latest RHEL6 sources.  I can no longer re-create this bug using the example key and cert chain.  Perhaps the bug has been fixed within the package or one of its dependencies.

Comment 11 Daniel Sands 2016-07-07 19:45:39 UTC

(In reply to Daniel Sands from comment #10)
> I came back to this bug and tried it out again with the latest RHEL6
> sources.  I can no longer re-create this bug using the example key and cert
> chain.  Perhaps the bug has been fixed within the package or one of its
> dependencies.

Never mind.  I had a typo in the environment variable.

It still crashes when using this certificate and key.

Comment 12 Daniel Sands 2016-07-07 21:10:29 UTC

Looking into the key itself, the key is a DSA private key in PKCS8 format.  The NSS code only seems to support RSA.  It correctly identifies that the key is the wrong format, but seems to go on anyway and crashes when the various expected key components are not available.

Comment 13 Patrik Kis 2016-07-28 14:17:03 UTC

Reproduced by the attached crt file.


openldap-2.4.40-12.el6.x86_64
nss-3.21.0-8.el6.x86_64
nspr-4.11.0-1.el6.x86_64
glibc-2.12-1.192.el6.x86_64


(gdb) bt
#0  PK11_GetPrivateModulusLen (key=<value optimized out>) at pk11akey.c:814
#1  0x00007f9f81077c15 in PK11_SignatureLen (key=0x2280a80) at pk11obj.c:531
#2  0x00007f9f81058e96 in SGN_Digest (privKey=0x2280a80, algtag=<value optimized out>, result=0x7ffc95daa550, digest=<value optimized out>) at secsign.c:408
#3  0x00007f9f815ad656 in ssl3_SignHashes (hash=<value optimized out>, key=0x2280a80, buf=0x7ffc95daa550, isTLS=<value optimized out>) at ssl3con.c:1032
#4  0x00007f9f815aff78 in ssl3_SendCertificateVerify (ss=0x22651a0) at ssl3con.c:6352
#5  ssl3_SendClientSecondRound (ss=0x22651a0) at ssl3con.c:7565
#6  0x00007f9f815b3bea in ssl3_HandleServerHelloDone (ss=0x22651a0, b=0x226d4ea "", length=0) at ssl3con.c:7475
#7  ssl3_HandleHandshakeMessage (ss=0x22651a0, b=0x226d4ea "", length=0) at ssl3con.c:11593
#8  0x00007f9f815b4fd2 in ssl3_HandleHandshake (ss=<value optimized out>, cText=<value optimized out>, databuf=0x2265560) at ssl3con.c:11694
#9  ssl3_HandleRecord (ss=<value optimized out>, cText=<value optimized out>, databuf=0x2265560) at ssl3con.c:12363
#10 0x00007f9f815b5ebf in ssl3_GatherCompleteHandshake (ss=0x22651a0, flags=0) at ssl3gthr.c:378
#11 0x00007f9f815b8832 in ssl_GatherRecord1stHandshake (ss=0x22651a0) at sslcon.c:1213
#12 0x00007f9f815bfb75 in ssl_Do1stHandshake (ss=0x22651a0) at sslsecur.c:109
#13 0x00007f9f815c13af in SSL_ForceHandshake (fd=<value optimized out>) at sslsecur.c:468
#14 0x00007f9f8208d9d5 in tlsm_session_accept_or_connect (session=0x22638d0, is_accept=0) at ../../../libraries/libldap/tls_m.c:2707
#15 0x00007f9f8208c522 in ldap_int_tls_connect (ld=0x21df130, conn=<value optimized out>) at ../../../libraries/libldap/tls2.c:366
#16 0x00007f9f8208c7be in ldap_int_tls_start (ld=0x21df130, conn=<value optimized out>, srv=<value optimized out>) at ../../../libraries/libldap/tls2.c:864
#17 0x00007f9f8206671f in ldap_int_open_connection (ld=0x21df130, conn=0x21df260, srv=0x21df1c0, async=<value optimized out>) at ../../../libraries/libldap/open.c:448
#18 0x00007f9f8207a0ff in ldap_new_connection (ld=0x21df130, srvlist=0x21e03f8, use_ldsb=1, connect=<value optimized out>, bind=0x0, m_req=<value optimized out>, m_res=0) at ../../../libraries/libldap/request.c:484
#19 0x00007f9f8206646f in ldap_open_defconn (ld=0x21df130) at ../../../libraries/libldap/open.c:41
#20 0x00007f9f8207b208 in ldap_send_initial_request (ld=0x21df130, msgtype=96, dn=0x21df070 "cn=Manager,dc=my-domain,dc=com", ber=0x21df3d0, msgid=1) at ../../../libraries/libldap/request.c:130
#21 0x00007f9f82070864 in ldap_sasl_bind (ld=0x21df130, dn=0x21df070 "cn=Manager,dc=my-domain,dc=com", mechanism=0x0, cred=0x6146a0, sctrls=0x0, cctrls=<value optimized out>, msgidp=0x7ffc95daaf7c)
    at ../../../libraries/libldap/sasl.c:148
#22 0x000000000040b747 in tool_bind (ld=0x21df130) at ../../../clients/tools/common.c:1504
#23 0x0000000000406d8f in main (argc=<value optimized out>, argv=<value optimized out>) at ../../../clients/tools/ldapsearch.c:893
(gdb) bt full
#0  PK11_GetPrivateModulusLen (key=<value optimized out>) at pk11akey.c:814
        theTemplate = {type = 288, pValue = 0x0, ulValueLen = 0}
        slot = <value optimized out>
        crv = 0
        length = 0
#1  0x00007f9f81077c15 in PK11_SignatureLen (key=0x2280a80) at pk11obj.c:531
        val = <value optimized out>
        attributeItem = {type = siBuffer, data = 0x0, len = 0}
        rv = <value optimized out>
        length = <value optimized out>
#2  0x00007f9f81058e96 in SGN_Digest (privKey=0x2280a80, algtag=<value optimized out>, result=0x7ffc95daa550, digest=<value optimized out>) at secsign.c:408
        modulusLen = <value optimized out>
        rv = <value optimized out>
        digder = {type = 191, data = 0x2285920 "010\r\006\t`\206H\001e\003\004\002\001\005", len = 51}
        arena = 0x227ab00
        di = 0x227fa60
#3  0x00007f9f815ad656 in ssl3_SignHashes (hash=<value optimized out>, key=0x2280a80, buf=0x7ffc95daa550, isTLS=<value optimized out>) at ssl3con.c:1032
        hashOID = <value optimized out>
        rv = SECFailure
        doDerEncode = <value optimized out>
        signatureLen = <value optimized out>
        hashItem = {type = 36057744, data = 0x7ffc95daa588 "r\246\332\372\221\254\343\203'j\214\221Qsv\265\321 \016\006H6E\300{\266\342\006\231\341O2", len = 32}
#4  0x00007f9f815aff78 in ssl3_SendCertificateVerify (ss=0x22651a0) at ssl3con.c:6352
        rv = <value optimized out>
        isTLS = 1
        buf = {type = siBuffer, data = 0x0, len = 0}
        hashes = {len = 32, hashAlg = ssl_hash_sha256, u = {
            raw = "r\246\332\372\221\254\343\203'j\214\221Qsv\265\321 \016\006H6E\300{\266\342\006\231\341O2\000\000\000\000\000\000\000\000`\252'\002\000\000\000\000@\364'\002\000\000\000\000\370\246ڕ\374\177\000", s = {
              md5 = "r\246\332\372\221\254\343\203'j\214\221Qsv\265", sha = "\321 \016\006H6E\300{\266\342\006\231\341O2\000\000\000"}}}
        keyType = rsaKey
        len = <value optimized out>
        sigAndHash = {hashAlg = ssl_hash_sha256, sigAlg = ssl_sign_null}
        isTLS12 = 1
#5  ssl3_SendClientSecondRound (ss=0x22651a0) at ssl3con.c:7565
        rv = <value optimized out>
        sendClientCert = <value optimized out>
#6  0x00007f9f815b3bea in ssl3_HandleServerHelloDone (ss=0x22651a0, b=0x226d4ea "", length=0) at ssl3con.c:7475
        rv = <value optimized out>
        ws = <value optimized out>
#7  ssl3_HandleHandshakeMessage (ss=0x22651a0, b=0x226d4ea "", length=0) at ssl3con.c:11593
        rv = <value optimized out>
        type = <value optimized out>
        hashes = {len = 2170134528, hashAlg = 32671, u = {
            raw = "\240a+\202\237\177\000\000\001", '\000' <repeats 16 times>"\200, 䁟\177\000\000p$\340\200\237\177\000\000\001\000\000\000\000\000\000\000`U&\002\000\000\000\000\240Q&\002\000\000\000", s = {
              md5 = "\240a+\202\237\177\000\000\001\000\000\000\000\000\000", sha = "\000\000\000\000\000\000\000\000\000\200䁟\177\000\000p$", <incomplete sequence \340\200>}}}
        hashesPtr = 0x0
        hdr = "\016\000\000"
        dtlsData = " \303\\\201\237\177\000"
#8  0x00007f9f815b4fd2 in ssl3_HandleHandshake (ss=<value optimized out>, cText=<value optimized out>, databuf=0x2265560) at ssl3con.c:11694
        buf = 0x22658f0
        rv = <value optimized out>
#9  ssl3_HandleRecord (ss=<value optimized out>, cText=<value optimized out>, databuf=0x2265560) at ssl3con.c:12363
        cipher_def = <value optimized out>
        crSpec = <value optimized out>
        rv = <value optimized out>
        hashBytes = 0
        isTLS = <value optimized out>
        rType = content_handshake
        hash = "\177\000\000\000|\000\000\000w\000\000\000r\000\000\000\001\000\000\000\000\000\000\000 A{\200\237\177\000\000\000H\000\000\000\000\000\000\203b\215\333=\236:\260\000\000\000\000\000\000\000\000\n\b\000\000\000\000\000"
        givenHashBuf = "`\033'\002r\000\000\000 \001\000\000\000\000\000\000$", '\000' <repeats 23 times>, "\004\000\000\000\000\000\000\000\060H\000\000\000\000\000\000\201\004\000\000P\001\000"
        givenHash = <value optimized out>
        plaintext = <value optimized out>
        temp_buf = {buf = 0x3 <Address 0x3 out of bounds>, len = 2155561248, space = 32671}
        dtls_seq_num = <value optimized out>
        ivLen = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        originalLen = <value optimized out>
        good = <value optimized out>
        minLength = <value optimized out>
        header = "\000\000\000\000\000\000\000\000\026\003\003\b\n"
        headerLen = <value optimized out>
#10 0x00007f9f815b5ebf in ssl3_GatherCompleteHandshake (ss=0x22651a0, flags=0) at ssl3gthr.c:378
        handleRecordNow = <value optimized out>
        cText = {type = content_handshake, version = 771, seq_num = {high = 2170259014, low = 32671}, buf = 0x2265598}
        rv = <value optimized out>
        keepGoing = 1
#11 0x00007f9f815b8832 in ssl_GatherRecord1stHandshake (ss=0x22651a0) at sslcon.c:1213
        rv = <value optimized out>
#12 0x00007f9f815bfb75 in ssl_Do1stHandshake (ss=0x22651a0) at sslsecur.c:109
        rv = 0
        loopCount = <value optimized out>
#13 0x00007f9f815c13af in SSL_ForceHandshake (fd=<value optimized out>) at sslsecur.c:468
        ss = 0x22651a0
        rv = SECFailure
#14 0x00007f9f8208d9d5 in tlsm_session_accept_or_connect (session=0x22638d0, is_accept=0) at ../../../libraries/libldap/tls_m.c:2707
        s = 0x22638d0
        rc = <value optimized out>
        op = <value optimized out>
#15 0x00007f9f8208c522 in ldap_int_tls_connect (ld=0x21df130, conn=<value optimized out>) at ../../../libraries/libldap/tls2.c:366
        sb = 0x21df470
        err = <value optimized out>
        ssl = 0x22638d0
#16 0x00007f9f8208c7be in ldap_int_tls_start (ld=0x21df130, conn=<value optimized out>, srv=<value optimized out>) at ../../../libraries/libldap/tls2.c:864
        sb = 0x21df470
        host = 0x21df220 "my-domain.com"
        ssl = <value optimized out>
        ret = <value optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_tls_start"
#17 0x00007f9f8206671f in ldap_int_open_connection (ld=0x21df130, conn=0x21df260, srv=0x21df1c0, async=<value optimized out>) at ../../../libraries/libldap/open.c:448
        rc = 0
        proto = <value optimized out>
#18 0x00007f9f8207a0ff in ldap_new_connection (ld=0x21df130, srvlist=0x21e03f8, use_ldsb=1, connect=<value optimized out>, bind=0x0, m_req=<value optimized out>, m_res=0) at ../../../libraries/libldap/request.c:484
        rc = <value optimized out>
        srvp = <value optimized out>
        srv = 0x0
        lc = 0x21df260
        async = 0
        __PRETTY_FUNCTION__ = "ldap_new_connection"
#19 0x00007f9f8206646f in ldap_open_defconn (ld=0x21df130) at ../../../libraries/libldap/open.c:41
No locals.
#20 0x00007f9f8207b208 in ldap_send_initial_request (ld=0x21df130, msgtype=96, dn=0x21df070 "cn=Manager,dc=my-domain,dc=com", ber=0x21df3d0, msgid=1) at ../../../libraries/libldap/request.c:130
        rc = 1
        sd = -1
#21 0x00007f9f82070864 in ldap_sasl_bind (ld=0x21df130, dn=0x21df070 "cn=Manager,dc=my-domain,dc=com", mechanism=0x0, cred=0x6146a0, sctrls=0x0, cctrls=<value optimized out>, msgidp=0x7ffc95daaf7c)
    at ../../../libraries/libldap/sasl.c:148
        ber = 0x21df3d0
        rc = <value optimized out>
        id = 1
        __PRETTY_FUNCTION__ = "ldap_sasl_bind"
#22 0x000000000040b747 in tool_bind (ld=0x21df130) at ../../../clients/tools/common.c:1504
        err = <value optimized out>
        msgbuf = "\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\220Da\000\000\000\000\000\001", '\000' <repeats 31 times>, "X\300@\000\000\000\000\000\320\067C\200\237\177\000\000ȤK\202\237\177\000\000H\362ڕ\374\177\000\000hFa\000\000\000\000\000\350\036A\000\000\000\000\000\300G@\000\000\000\000\000h\260ڕ\374\177\000\000\000\000\000\000\000\000\000\000`\260ڕ\374\177\000\000\211\024ە\374\177\000\000\000\000\000\000\000\000\000\000lb+\202\237\177\000\000\001\000\000\000\374\177\000\000\000\000\000\000\000\000\000\000|\260ڕ\374\177\000\000\320\067C\200\237\177\000\000\001\000\000\000\271\v\000\000H\362ڕ\374\177\000\000\001\000\000\000\000\000\000\000\230\362ڕ\374\177\000\000\n\000\000\000\000\000\000\000\325\311+\202\237\177\000\000\000\000\000\000\000\000\000\000\060\361\035\002\000\000\000"
        info = 0x0
        refs = 0x0
        msgid = <value optimized out>
        rc = <value optimized out>
        result = <value optimized out>
        ctrls = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        matched = 0x0
        sctrlsp = 0x0
        sctrls = {0x1, 0x0, 0x0}
        sctrl = {{ldctl_oid = 0x1 <Address 0x1 out of bounds>, ldctl_value = {bv_len = 1, bv_val = 0x24fea8 <Address 0x24fea8 out of bounds>}, ldctl_iscritical = 0 '\000'}, {ldctl_oid = 0x7f9f8205bb30 "\323\002", ldctl_value = {
              bv_len = 140323062572632, bv_val = 0x7f9f82057000 "\177ELF\002\001\001"}, ldctl_iscritical = -1 '\377'}, {ldctl_oid = 0x1 <Address 0x1 out of bounds>, ldctl_value = {bv_len = 1, bv_val = 0x6140c0 "\300\022\b\202\237\177"}, 
            ldctl_iscritical = 0 '\000'}}
        nsctrls = <value optimized out>
        __PRETTY_FUNCTION__ = "tool_bind"
#23 0x0000000000406d8f in main (argc=<value optimized out>, argv=<value optimized out>) at ../../../clients/tools/ldapsearch.c:893
        filtpattern = 0x40ff40 "(objectclass=*)"
        attrs = 0x7ffc95daf298
        line = '\000' <repeats 520 times>, "\\p+\202\237\177\000\000\000\000\000\000\000\000\000\000\340T\236\177\237\177\000\000 \202K\202\237\177\000\000\252\002+\202\237\177", '\000' <repeats 34 times>, "`\366\001\200\237\177\000\000\001", '\000' <repeats 191 times>, "\\p+\202\237\177\000\000\000\000\000\000\000\000\000\000FӾ\177\237\177\000\000`\232K\202\237\177\000\000\252\002+\202\237\177", '\000' <repeats 34 times>, "\002\a|\200\237\177\000\000\001", '\000' <repeats 159 times>, "\\p+\202\237\177\000\000\000\000\000\000\000\000\000\000\244`\340\177\237\177\000\000\230\225K\202\237\177\000\000\252\002+\202\237\177", '\000' <repeats 34 times>, "\002\a|\200\237\177\000\000\001", '\000' <repeats 191 times>, "\\p+\202\237\177\000\000\000\000\000\000\000\000\000\000V\366\001\200\237\177\000\000p\220K\202\237\177\000\000\252\002+\202\237\177", '\000' <repeats 34 times>...
        fp = 0x0
        rc = <value optimized out>
        rc1 = <value optimized out>
        i = <value optimized out>
        first = <value optimized out>
        ld = 0x21df130
        seber = 0x0
        vrber = 0x0
        syncber = 0x0
        syncbvalp = 0x0
        err = <value optimized out>
        __PRETTY_FUNCTION__ = "main"
(gdb) q

Comment 14 Patrik Kis 2016-07-28 14:18:48 UTC

Created attachment 1185138 [details]
Core file from RHEL-6.8

Comment 19 Matus Honek 2017-11-29 15:38:36 UTC

Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/

---

Should you be able to reproduce this on RHEL-7, please feel free to file a new bug accordingly.
Thanks.