Bug 727533 - OpenLDAP 2.4.23 segfaults when using back-sql
Summary: OpenLDAP 2.4.23 segfaults when using back-sql
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.1
Hardware: All
OS: Linux
urgent
high
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 733077 790914
TreeView+ depends on / blocked
 
Reported: 2011-08-02 11:56 UTC by Rene Snajder
Modified: 2013-03-04 01:29 UTC (History)
6 users (show)

Fixed In Version: openldap-2.4.23-17.el6
Doc Type: Bug Fix
Doc Text:
- OpenLDAP with SQL backend installed. - The server crashes with segmentation fault after a few operations. - Upstream patch was applied which updates data types used for storing the length of the values by ODBC. - The server no longer crashes with segmentation fault when SQL backend is used.
Clone Of:
: 733077 (view as bug list)
Environment:
Last Closed: 2011-12-06 11:49:31 UTC


Attachments (Terms of Use)
The patch that fixes this issue. (3.11 KB, patch)
2011-08-02 11:56 UTC, Rene Snajder
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1514 normal SHIPPED_LIVE openldap bug fix and enhancement update 2011-12-06 00:51:20 UTC

Description Rene Snajder 2011-08-02 11:56:43 UTC
Created attachment 516308 [details]
The patch that fixes this issue.

Description of problem:
The bug makes openldap with back-sql unusable at least since version 2.4.22. 
Whenever a user tries to authenticate the server segfaults. The issue is described here:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6657;selectid=6657

and a fix has been provided in OpenLDAP 2.4.26. Please either release 2.4.26 in the yum repositories OR include the attached patch which fixes this issue.

Version-Release number of selected component (if applicable): 2.4.23-15


How reproducible:
Set up OpenLDAP 2.4.23 with back-sql and then run ldapwhoami with one of the users from the database (not the Manager user from the slapd.conf).

Actual results:
The slapd daemon segfaults.

Expected results:
The DN of the authenticated user, and (of course) slapd not segfaulting.

Additional info:
I provided a patch in the attachment which works if applied to 2.4.23 (the current version in the repository). The patch is an adapted version of Howard Chu's commit in the OpenLDAP GIT repository:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=0a9f51f58d1e20f92ad2f6a21c70ca04304a7f93

It was meant to be applied on 2.4.25. I adapted it to work with 2.4.23.

An update to 2.4.26 would of course also be a solution.

Comment 2 Jan Vcelak 2011-08-09 17:12:22 UTC
It can be reproduced, the fix works and is included upstream. Thank you for your report.

Comment 5 Jan Vcelak 2011-08-15 08:24:50 UTC
Resolved in openldap-2.4.23-17.el6

Comment 6 Jan Vcelak 2011-08-15 11:48:41 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- OpenLDAP with SQL backend installed.
- The server crashes with segmentation fault after a few operations.
- Upstream patch was applied which updates data types used for storing the length of the values by ODBC.
- The server no longer crashes with segmentation fault when SQL backend is used.

Comment 9 errata-xmlrpc 2011-12-06 11:49:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1514.html


Note You need to log in before you can comment on or make changes to this bug.