[Date Prev][Date Next] [Chronological] [Thread] [Top]

certificateExactMatch discrepancies (a bit long)



Dear All, 

Using OpenLDAP 2.1.22 I have some problems giving multiple certificates to 
a single user. Creating two files with different certificates like:

cert1:
dn: uid=szilva,ou=People,o=Bingo
changetype: modify
add: userCertificate;binary
userCertificate;binary::
[...some base64 stuff..]
-

cert2:
dn: uid=szilva,ou=People,o=Bingo
changetype: modify
add: userCertificate;binary
userCertificate;binary:: 
[...some base64 stuff..]
-                                                                                                                                            

and setting "certificateExactMatch" in core.scheme like:

attributetype ( 2.5.4.36 NAME 'userCertificate'
    EQUALITY certificateExactMatch
    DESC 'RFC2256: X.509 user certificate, use ;binary'
    SYNTAX 1... )

I attempted to add the first like:

$ ldapmodify -x -w mypass -D "cn=admin, o=Bingo" -f ./cert1
modifying entry "uid=szilva,ou=People,o=Bingo"

is apparently OK. Than giving the second:

$ ldapmodify -x -w mypass -D "cn=admin, o=Bingo" -f ./cert2
modifying entry "uid=szilva,ou=People,o=Bingo"
ldap_modify: Can't contact LDAP server

ldif_record() = 81

and sldap dumps core. Even worse after restarting slapd the database is in
inconsistent state and ldapsearch is stuck, slapd eating 99% cpu for a
while than dies. Apparently the problem is at certificateExactMatch(..) in
servers/slapd/schema_init.c (line 3816). Problems are ie that the return 
value of serial_and_issuer_parse() is not checked so it is assumed that 
the parsing is always OK. The "traceback" by gdb is like:

Core was generated by `/usr/sbin/slapd -h ldap://0.0.0.0:389/'.
Program terminated with signal 11, Segmentation fault.
#0  0x081aec66 in free ()
(gdb) bt
#0  0x081aec66 in free ()
#1  0x08070dc9 in certificateExactMatch (...) at schema_init.c:3893
#2  0x0806066c in value_match (...)    at value.c:356
#3  0x0807a062 in modify_add_values (...) at mods.c:410
#4  0x0807d8b7 in bdb_modify_internal (...) at modify.c:59
#5  0x0807dcfc in bdb_modify (...) at modify.c:430
#7  0x0804d1ca in connection_operation (...) at connection.c:942
#8  0x0809582c in ldap_int_thread_pool_wrapper (...) at tpool.c:426
#9  0x08194ff1 in pthread_start_thread ()

Seems there is a mismatch of octal and extracted representation of 
certificates. It also occurs if I am trying to delete a certificate with
a rather similar scenario (dying at free() in certificateExactMatch).

So is it a feature or (more likely) a bug? What would be the correct 
solution, I think checking the buffers (wether the cert is extracted or 
still in octal representation) would be handy to avoid these segfaults.

Cheers:
Szilva