Red Hat Bugzilla – Bug 138234
signal handling bug in nss_ldap causes application failure
Last modified: 2007-11-30 17:10:53 EST
Depending on the environment the severity of this issue can range from
high to low.
Description of problem:
There is a signal handling bug in nss_ldap in versions <200 and
213-219. The bug in the library causes the SIGPIPE signal to become
unblocked even after the application has blocked the signal.
This can create all sorts of problems if the ldap server disconnects
the client application, ranging from denial of service conditions to
corruption of data, for any application that uses the library.
In my particular case, I have been using openldap for several years
with the option idletimeout set to disconnect idle ldap sessions.
After upgrading to FC2, using this option causes samba to disconnect
the client workstation unexpectedly, causing data loss.
Easy to reproduce
Steps to Reproduce:
1. kill -13 (pid of smbd client process)
process should remain running becuase smbd blocks that signal.
This bug is documented as bug #173 at bugzilla.padl.com
I configured a test machine similiarily to my production machine.
After installing all the FC2 updates, I confirmed that the problem
I then updated the nss_ldap to version 220 (from FC3test3, ignoring
dependencies). After restarting samba, the problem no longer existed.
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Closing per lack of response. Also note that FC1 and FC2 are no longer
supported even by Fedora Legacy. If this still occurs on FC3 or FC4, please
assign to that version and Fedora Legacy. If it still occurs on FC5 or FC6,
please reopen and assign to the correct version.
Sounds like updating to FC3 fixed it, though.