Bug 107145 - nss_ldap crasches with SegFault when connecting to ldaps:// URL
nss_ldap crasches with SegFault when connecting to ldaps:// URL
Status: CLOSED DUPLICATE of bug 85728
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
9
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-15 09:45 EDT by Erik Forsberg
Modified: 2007-04-18 12:58 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:59:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Erik Forsberg 2003-10-15 09:45:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Description of problem:
Trying to connect to a Netware eDirectory server using ldaps, nss_ldap crasches
with a Segmentation Fault. I'm using the following configuration file
(/etc/ldap.conf):

# The distinguished name of the search base.
base o=example

uri ldaps://foo.example.com/
binddn cn=admin,o=example
bindpw foobar
scope sub
pam_password nds
ssl on
tls_checkpeer yes
tls_cacertfile /root/TrustedRootCert.pem

The following configuration file will also produce the error:

uri ldaps://foo.example.com
binddn cn=admin,o=example
bindpw foobar
scope sub
ssl on
pam_password nds

..so the crasch doesn't seem to be related to the checkpeer option nor the
cacertfile option.

I'm able to connect to this host without trouble using either stunnel or
nss_ldap on a RedHat Linux 8.0 box. Also, I've tried downloading the latest
nss_ldap (rel 211) from PADL.com and compiled myself, this also crasches with
SegFault on RH9. Debug info from this release:

nss_ldap: ==> _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_getent
nss_ldap: ==> _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_leave
nss_ldap: <== _nss_ldap_leave
nss_ldap: <== _nss_ldap_ent_context_init
nss_ldap: ==> _nss_ldap_enter
nss_ldap: <== _nss_ldap_enter
nss_ldap: ==> _nss_ldap_search
nss_ldap: ==> do_open
nss_ldap: ==> do_close_no_unbind
nss_ldap: <== do_close_no_unbind (connection was not open)
nss_ldap: ==> ldap_initialize
nss_ldap: <== ldap_initialize
nss_ldap: ==> do_ssl_options
nss_ldap: <== do_ssl_options
nss_ldap: ==> do_bind
Segmentation fault (core dumped)

Since this bug makes it impossible to use transport-layer security, it is a
security risk since it will make people transport their passwords in cleartext
over the net.

Version-Release number of selected component (if applicable):
202-5

How reproducible:
Always

Steps to Reproduce:
Use the configuration file as above in the Descriptions field, and connect to a
ldaps:// URI.

Additional info:
Comment 1 Erik Forsberg 2003-10-16 07:58:16 EDT
After discussion on the nssldap mailing list, I found that this bug is a
duplicate of bug 85728, so please fix that instead :-).

*** This bug has been marked as a duplicate of 85728 ***
Comment 2 Red Hat Bugzilla 2006-02-21 13:59:09 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.