[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap library crash



I suggest you submit this as an ITS <http://www.openldap.org/its/>; it
would be great if you could provide a simple setup, in terms of essential
slapd.conf and corresponding LDIF data, that recreates the problem.

p.


> Hi,
>
> First of all, I'd like to thank your effort on making this free software,
> which
> has benefited us a lot in our product, an industry leading SSL VPN
> product.
>
> Recently our customers(at least 2) started to complain user authentication
> failure through ldap with recursive referral settings. The problem does
> not
> happen everytime, but can be reproduced with reasonable number of
> re-try's(<20).
>
> We are using openldap 2.1.22 in our product. We tried the latest download
> but it doesn't fix the problem either. We only use the openldap library in
> the authentication side as an ldap client, authenticate against Active
> Directory.
>
> Because the ldapsearch command provided by openldap does not support
> non-anonymous rebinding in referral chasing, I am not able to provide an
> stack trace output from that command. Here is what we have:
>
> Source
>                 Function
> ------                                        --------
> ??:0                                          ??
> ??:0                                          ldap_result
> ??:0                                          ldap_sasl_bind
> ??:0                                          ldap_sasl_interactive_bind_s
> install/include/dsutil/str.h:595
> DSLdapServer::connect(DSStatus *)
> install/include/dsutil/str.h:595
> DSLdapServer::connect(DSStatus *)
> ??:0                                          ldap_new_connection
> ??:0                                          ldap_send_server_request
> ??:0                                          ldap_chase_v3referrals
> ??:0                                          try_read1msg
> ??:0                                          wait4msg
> ??:0                                          ldap_result
>
> It shows the code entered referral chasing, and then rebind proc provided
> by
> us, and then ldap_sasl_bind. Our debugging shows the code actually crashes
> in
> libraries/libldap/result.c at
>
>                    while (rc == -2) {
>                                     :
>                                     :
>                                     for ( lc = ld->ld_conns; rc == -2
> && lc != NULL;
>                                         lc = nextlc ) {
>                                             nextlc = lc->lconn_next;
>                                             if ( lc->lconn_status ==
>                                                 LDAP_CONNST_CONNECTED &&
>                                                 ldap_is_read_ready( ld,
>                                                 lc->lconn_sb )) {
>                                                     rc = try_read1msg(
> ld, msgid, all,
>                                                         lc->lconn_sb,
> lc, result );
>                                             }
>                                       }
>                                       :
>                     }
>
> In the for loop, the 'nextlc' in some cases is not NULL but invalid.
> It either causes
> an assertion in ldap_is_read_ready() or SEGV in access to its pointer.
> Further
> debugging shows in the case of assertion failure or SEGV crash, the
> address of
> 'nextlc' (assigned to 'lc' the next round) is freed in
> ldap_free_connection() before
> it reaches this loop. Not clear yet why ld->ld_conns still points to
> that address which
> has already been freed earlier.  Would it be possible that some other
> variables also
> hold that value and resets it back(to ld_conns) after it is freed ?
>
> Saw some code changes in 2.3.19 release in this area but obviously it
> doesn't fix this
> problem.
>
> It would be greatly appreciated if you could provide us some clue &
> help on this issue.
> Our QA also has verified, by using a java based ldap open source
> library, the same
> authentication problem does not occur.
>
> Regards,
> -binlu
>
>




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------