Bug 772890 - slapd segfaults when PEM certificate is used and olcTLSCertificateKeyFile is not set
slapd segfaults when PEM certificate is used and olcTLSCertificateKeyFile is ...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Vcelak
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 796808
  Show dependency treegraph
 
Reported: 2012-01-10 04:10 EST by Jan Vcelak
Modified: 2013-03-03 20:29 EST (History)
3 users (show)

See Also:
Fixed In Version: openldap-2.4.26-6.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 796808 (view as bug list)
Environment:
Last Closed: 2012-02-16 19:57:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
proposed patch (against git master) (802 bytes, patch)
2012-01-10 04:15 EST, Jan Vcelak
rmeggins: review+
Details | Diff

  None (edit)
Description Jan Vcelak 2012-01-10 04:10:52 EST
Description of problem:

slapd segfaults when PEM certificate is used and olcTLSCertificateKeyFile is not set

Version-Release number of selected component (if applicable):

openldap-2.4.26-5.fc16.x86_64, upstream git master

Steps to Reproduce:
# ldapmodify -H ldapi:// -Y external 
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile

# systemctl slapd stop
# slapd -u ldap -d1

$ ldapsearch -x -ZZ -H ldap://server
  
Actual results:

TLS: loaded CA certificate file /etc/pki/tls/certs/ca-bundle.crt.
TLS: error: could not find the private key for certificate PEM Token #0:slapd.pem - 0 - error -12285:Unable to find the certificate or key necessary for authentication.
TLS: error: unable to find and verify server's cert and key for certificate PEM Token #0:slapd.pem - 0
Segmentation fault

Expected results:

server will not crash

Additional info:
Comment 1 Jan Vcelak 2012-01-10 04:15:37 EST
Created attachment 551797 [details]
proposed patch (against git master)

Crashes due to randomly initialized *serverKey pointer, which is untouched in tlsm_find_and_verify_cert_key and then tried to be freed with SECKEY_DestroyPrivateKey
Comment 2 Jan Vcelak 2012-01-20 06:29:50 EST
Not critical, changing version to "rawhide".
Comment 3 Jan Vcelak 2012-01-25 10:59:19 EST
Thank you for the review, Rich.

Patch submitted upstream:
http://www.openldap.org/its/index.cgi?findid=7135
Comment 4 Jan Vcelak 2012-01-31 12:48:34 EST
Fixed in:
openldap-2.4.26-6.fc16
openldap-2.4.28-3.fc17
Comment 5 Fedora Update System 2012-01-31 12:51:07 EST
openldap-2.4.26-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openldap-2.4.26-6.fc16
Comment 6 Fedora Update System 2012-02-01 14:26:52 EST
Package openldap-2.4.26-6.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openldap-2.4.26-6.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-1135/openldap-2.4.26-6.fc16
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2012-02-16 19:57:55 EST
openldap-2.4.26-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.