It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and immediately unbind from the server. This seems to be due to the rwm overlay not doing reference counting properly, so rwm_conn_destroy frees the session context while rwm_op_search is using it. This condition also seems to require multiple cores/CPUs to trigger. This was also reported upstream [1] and is currently unfixed. [1] http://www.openldap.org/its/index.cgi/Incoming?id=7723
Acknowledgements: Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.
(In reply to Vincent Danen from comment #0) > It was discovered that OpenLDAP, with the rwm overlay to slapd, could > segfault if a user were able to query the directory and immediately unbind > from the server. This seems to be due to the rwm overlay not doing > reference counting properly, so rwm_conn_destroy frees the session context > while rwm_op_search is using it. This condition also seems to require > multiple cores/CPUs to trigger. > > This was also reported upstream [1] and is currently unfixed. > > [1] http://www.openldap.org/its/index.cgi/Incoming?id=7723 Nor is any fix coming from us any time soon. The rwm overlay is a pretty low priority module. Patches welcome.
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1060851]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0126 https://rhn.redhat.com/errata/RHSA-2014-0126.html
openldap-2.4.39-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0206 https://rhn.redhat.com/errata/RHSA-2014-0206.html