98322 – ldapsearch: ../../../libraries/libldap/cyrus.c:469: ldap_int_sasl_open: Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.

Bug 98322 - ldapsearch: ../../../libraries/libldap/cyrus.c:469: ldap_int_sasl_open: Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.

Summary: ldapsearch: ../../../libraries/libldap/cyrus.c:469: ldap_int_sasl_open: Asser...

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Raw Hide
Classification:	Retired
Component:	openldap
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:	Jay Turner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-07-01 00:57 UTC by Aleksey Nogin
Modified:	2015-01-08 00:05 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-18 19:28:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Aleksey Nogin 2003-07-01 00:57:02 UTC

Reproducible: in my setup - 100%
To reproduce: run any ldapsearch

# ldapsearch -d1 -v "uid=foo"
ldap_initialize( <DEFAULT> )
ldap_create
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.cs.caltech.edu:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 131.215.44.106:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=butterfish.cs.caltech.edu
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject:
/C=US/O=Caltech/OU=CS/CN=butterfish.cs.caltech.edu, issuer:
/C=US/O=Caltech/OU=CS/CN=CA/emailAddress=root.edu
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_int_open_connection
ldap_connect_to_host: TCP ldap2.cs.caltech.edu:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 131.215.44.130:636
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
ldapsearch: ../../../libraries/libldap/cyrus.c:469: ldap_int_sasl_open:
Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.
Aborted (core dumped)

# gdb -core core.1362 /usr/bin/ldapsearch
GNU gdb Red Hat Linux (5.3post-1.20021129.37rh)
...
(gdb) bt
#0  0x0000002a95ee5909 in kill () from /lib64/libc.so.6
#1  0x0000002a9567422b in pthread_kill () from /lib64/libpthread.so.0
#2  0x0000002a95674532 in raise () from /lib64/libpthread.so.0
#3  0x0000002a95ee53c1 in raise () from /lib64/libc.so.6
#4  0x0000002a95ee6c52 in abort () from /lib64/libc.so.6
#5  0x0000002a95ede622 in __assert_fail () from /lib64/libc.so.6
#6  0x000000000040f6d3 in lutil_sasl_interact ()
#7  0x000000000040aec1 in lutil_sasl_interact ()
#8  0x0000000000418f05 in lutil_sasl_interact ()
#9  0x000000000040aa5a in lutil_sasl_interact ()
#10 0x0000000000418b09 in lutil_sasl_interact ()
#11 0x000000000040d406 in lutil_sasl_interact ()
#12 0x000000000040d68b in lutil_sasl_interact ()
#13 0x0000000000410dc8 in lutil_sasl_interact ()
#14 0x0000000000410f3f in lutil_sasl_interact ()
#15 0x0000000000408c77 in SSL_write ()
#16 0x000000000040677a in SSL_write ()
#17 0x0000002a95ed292d in __libc_start_main () from /lib64/libc.so.6
#18 0x0000000000405eaa in SSL_write ()

# rpm -q openldap
openldap-2.1.21-2

Comment 1 Steven Seed 2004-06-30 21:19:10 UTC

We have seen this problem as well. I managed to track down the cause.
If you have certificates in your /usr/share/ssl/certs directory which
are not world readable, then this crash will occur. In our case, we
installed the imap package (v2001a) which created an ipop3d.pem and
imapd.pem file in the /usr/share/ssl/certs directory. The mask was set
to 600 on these files. As a result, running ldapsearch resulted in a
core dump unless you were running it as root.

Comment 2 Aleksey Nogin 2004-06-30 21:36:42 UTC

Comment #1 seems to suggest this is not x86_64-specific.

Comment 3 Bill Nottingham 2006-08-08 01:42:36 UTC

'Red Hat Raw Hide' refers to the development tree for Red Hat Linux.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues were not resolved in a more
timely manner. However, we do want to make sure that important 
don't slip through the cracks. If these issues are still present
in a current release, such as Fedora Core 5, please move these
bugs to that product and version. Note that any remaining Red Hat
Raw Hide bugs will be closed as 'CANTFIX' on September 30, 2006.
Thanks again for your help.

Comment 4 Bill Nottingham 2006-10-18 19:28:59 UTC

Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.