Segmentation fault on a slave slapd (sync replication with kerberos authentication)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap |
Fix Released
|
Undecided
|
Unassigned | ||
openldap (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
[Impact]
Concurrent SASL authentications could trigger a segfault. This was observed by the bug reporter during replication from a master to a slave, and can be reproduced with a test program.
The fix is applied upstream, see comment #13.
[Test Case]
* Create a fresh xenial VM or container and login. Update the apt repositories:
sudo apt update
* Create a local directory and cd into it:
mkdir test && cd test
* Download the test attachments from this bug: Makefile, sasltest.c and testscript:
wget https:/
* Build with
$ apt install libsasl2-dev libldap2-dev
$ make
* Execute the testscript with sudo once. It shall fail at the very end with a core dump:
sudo sh ./testscript
(...)
sasltest: sasltest.c:70: bind_thread: Assertion `rc == LDAP_SUCCESS' failed.
Aborted (core dumped)
* Export this var:
export LDAPSASL_
* Run the actual test script a few more times to confirm the crasH:
$ ./sasltest
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70: bind_thread: Assertion `rc == LDAP_SUCCESS' failed.
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70: bind_thread: Assertion `rc == LDAP_SUCCESS' failed.
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70: bind_thread: Assertion `rc == LDAP_SUCCESS' failed.
Aborted (core dumped)
* Install the updated packages from proposed
* Run ./sasltest again. Make sure the LDAPSASL_SECPROPS var is still exported:
$ echo $LDAPSASL_SECPROPS
none
$ ./sasltest
$
This time the test completes without crashing.
[Regression Potential]
This is SASL authentication, and with kerberos nonetheless (in the case of the bug reporter). I suspect not many people deploy this due to its complexity. The ones that have such a setup, however, tend to know what they are doing, so if they say the problem is fixed for them, I believe it is.
About this particular change, it's committed upstream and also in debian, and @rtandy was kind enough to provide a sample test script that exhibits the problem.
[Other Info]
Since the fix is applied upstream and in Debian, there shouldn't be additional surprises here.
[Original description]
I have a slapd problem on a freshly installed 16.04 machine:
slapd[17107]: segfault at 1a ip 00007f3c12c79f55 sp 00007f3c03c2d080 error 4 in libsasl2.
I'm using the server as Slave LDAP-Server and sync replication with kerberos authentication.
The service either starts and runs successfully or it fails with segmentation fault or 100% CPU.
Maybe an useful info, I'm replicating two databases. When I deactivate syncrepl for one of them (doesn't matter which one) the problem is not occuring.
Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
slapd 2.4.42+
libsasl2-2:amd64 2.1.26.
libsasl2-
libsasl2-
GDB debug:
Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -f /etc/ldap/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_
590c82ab @(#) $OpenLDAP: slapd (Ubuntu) (May 11 2016 16:12:05) $
buildd@
590c82ab slapd starting
[New Thread 0x7f2e96b7b700 (LWP 42139)]
[New Thread 0x7f2e9637a700 (LWP 42140)]
[New Thread 0x7f2e95b79700 (LWP 42141)]
[New Thread 0x7f2e95378700 (LWP 42142)]
[New Thread 0x7f2e94b77700 (LWP 42143)]
590c82ba slap_client_
590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)
Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f2e95b79700 (LWP 42141)]
0x00007f2ea53035b5 in sasl_client_
(gdb) thr apply all bt
Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
#0 pthread_
#1 0x00007f2ea59463f3 in ?? () from /usr/lib/
#2 0x00007f2ea487c6ba in start_thread (arg=0x7f2e94b7
#3 0x00007f2ea45b282d in clone () at ../sysdeps/
Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
#0 pthread_
#1 0x00007f2ea59463f3 in ?? () from /usr/lib/
#2 0x00007f2ea487c6ba in start_thread (arg=0x7f2e9537
#3 0x00007f2ea45b282d in clone () at ../sysdeps/
Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
#0 0x00007f2ea53035b5 in sasl_client_
#1 0x00007f2ea530f250 in ?? () from /usr/lib/
#2 0x00007f2ea5303d69 in sasl_client_init () from /usr/lib/
#3 0x00007f2ea594da6c in ldap_int_sasl_init () from /usr/lib/
#4 0x00007f2ea594db2c in ldap_int_sasl_open () from /usr/lib/
#5 0x00007f2ea594e2d4 in ldap_int_sasl_bind () from /usr/lib/
#6 0x00007f2ea5951828 in ldap_sasl_
#7 0x00007f2ea5951a4e in ldap_sasl_
#8 0x0000561fbc556db4 in slap_client_connect (ldp=0x561fbe1e
#9 0x0000561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) at ../../.
#10 do_syncrepl (ctx=<optimized out>, arg=0x561fbe1e5620) at ../../.
#11 0x00007f2ea59463a2 in ?? () from /usr/lib/
#12 0x00007f2ea487c6ba in start_thread (arg=0x7f2e95b7
#13 0x00007f2ea45b282d in clone () at ../sysdeps/
Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
---Type <return> to continue, or q <return> to quit---
#0 pthread_
#1 0x00007f2ea59463f3 in ?? () from /usr/lib/
#2 0x00007f2ea487c6ba in start_thread (arg=0x7f2e9637
#3 0x00007f2ea45b282d in clone () at ../sysdeps/
Thread 2 (Thread 0x7f2e96b7b700 (LWP 42139)):
#0 0x00007f2ea45b2e23 in epoll_wait () at ../sysdeps/
#1 0x0000561fbc55a8f0 in slapd_daemon_task (ptr=<optimized out>) at ../../.
#2 0x00007f2ea487c6ba in start_thread (arg=0x7f2e96b7
#3 0x00007f2ea45b282d in clone () at ../sysdeps/
Thread 1 (Thread 0x7f2ea5d96740 (LWP 42138)):
#0 0x00007f2ea487d98d in pthread_join (threadid=
#1 0x0000561fbc55cc81 in slapd_daemon () at ../../.
#2 0x0000561fbc543bea in main (argc=11, argv=<optimized out>) at ../../.
(gdb)
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 147 lines (+119/-0)4 files modifieddebian/changelog (+10/-0)
debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch (+31/-0)
debian/patches/ITS-8648-init-SASL-library-in-global-init.patch (+76/-0)
debian/patches/series (+2/-0)
Changed in openldap (Ubuntu): | |
status: | New → Fix Committed |
status: | Fix Committed → New |
Changed in openldap: | |
status: | New → Fix Committed |
Changed in openldap (Ubuntu): | |
status: | New → In Progress |
tags: | added: server-next |
Changed in openldap: | |
status: | Fix Committed → Fix Released |
Changed in openldap (Ubuntu): | |
assignee: | Ryan Tandy (rtandy) → nobody |
Changed in openldap (Ubuntu Xenial): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
description: | updated |
description: | updated |
Changed in openldap (Ubuntu Xenial): | |
status: | Triaged → In Progress |
description: | updated |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
Thanks for opening the new bug.
I have a patch under review right now for a suspiciously similar issue.
Are you able to build and test a patched package, and see if it fixes
your problem? If you need help modifying the package, I can upload it to
a PPA for you later on.