Description of problem: python-ldap has a reference counting bug that causes a reproducible segfault in FreeIPA. It's is only triggered when an LDAP server returns multiple attribute entries with the same name. An LDAP result contains a sequence of attributes, each item has an attribute name entry and a sequence of values. python-ldap code has extra code to handle a sequence with more than one attribute with the same name. However the code for this special case was both buggy and never triggered in any test case. When python-ldap iterates over the attributes, it checks if an attribute name is already in the result dict. That was never the case before. In this special case, ipaAllowedToPerform;write_keys was already in the dict. The code retrieves the result list with PyDict_GetItem and later decreases the reference counter of the list. But that is wrong. PyDict_GetItem returns a borrowed reference, not a new reference. The ref count of the list dropped to zero and a broken object was returned to Python space. Later on when the object was accessed and the memory location was modified in the mean time, the interpreter crashed with a segfault. Version-Release number of selected component (if applicable): all versions before 3.1.0 How reproducible: always with FreeIPA Steps to Reproduce: 1. ipa host-allow-create-keytab $(hostname) --users=admin 2. repeat "ipa host-show $(hostname) --all" multiple times Actual results: segfault in HTTPD error log Expected results: No segfault
Fixed in release 3.1.0 by commit https://github.com/python-ldap/python-ldap/commit/77e934e88766002e77462d541b6e9c9599c7d410
Neither F27 nor RHEL are affected. The bug was introduced when python-ldap was ported to Python 3, see commit https://github.com/python-ldap/python-ldap/commit/fa35757fa2a425784676a91909b8f721cf13c095#diff-7edf3a425345c27675d056757a6a04c3R103 PyMapping_GetItemString() returns a new reference, PyDict_GetItem() a borrowed reference.
python-ldap-3.1.0-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-196e3ee42f
python-ldap-3.1.0-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-196e3ee42f
python-ldap-3.1.0-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.