Ubuntu
openldap2.2 package

Bug #6867
Comment #30

Comment 30 for bug 6867

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2004-07-19:

#30

Message-Id: <email address hidden>
Date: Mon, 19 Jul 2004 16:06:16 +0300
From: Modestas Vainius <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libgcrypt7: more info

Package: libgcrypt7
Version: 1.1.90-9
Followup-For: Bug #244827

Hello,

The problem persists with libgcrypt7_1.1.90-9 and libgnutls10_1.0.4-3.
However, the bug is not in gcry_mpi_get_opaque(), but in _gcry_mpi_copy()
gdb provides inaccurate backtrace when libgcrypt7 is compiled with -O2
That's what I got when I reproduced the problem with slapd, gnutls10 and
libgcrypt7 recompiled with DEB_BUILD_OPTIONS="noopt nostrip"

(gdb) bt
#0 0x402a53f5 in _gcry_mpi_copy (a=0x8116a58) at mpiutil.c:229
#1 0x402a57d0 in gcry_mpi_copy (a=0x8116a58) at mpiutil.c:343
#2 0x401ffcb8 in _gnutls_get_dh_params (dh_primes=0x8119ac8,
ret_p=0xbf7fc248, ret_g=0xbf7fc244) at gnutls_dh_primes.c:45
#3 0x401ffb8f in proc_dhe_client_kx (session=0x814a480, data=0x814d818
"", _data_size=98) at auth_dhe.c:268
#4 0x401ebc37 in _gnutls_recv_client_kx_message (session=0x814a480) at
gnutls_kx.c:329
#5 0x401e81c3 in _gnutls_handshake_server (session=0x814a480) at
gnutls_handshake.c:2241
#6 0x401e6ca9 in gnutls_handshake (session=0x814a480) at
gnutls_handshake.c:1892
#7 0x400529a7 in SSL_do_handshake (ssl=0x8147598, end=GNUTLS_SERVER) at
gnutls.c:627
#8 0x40052acd in gnutls_SSL_accept (ssl=0x8147598) at gnutls.c:670
#9 0x40050394 in ldap_pvt_tls_accept (sb=0x814e230, ctx_arg=0x0) at
tls.c:928
#10 0x08058ff0 in connection_read ()
#11 0x080564ab in slapd_daemon_destroy ()
#12 0x4032be51 in pthread_start_thread () from /lib/libpthread.so.0
#13 0x4032becf in pthread_start_thread_event () from
/lib/libpthread.so.0
#14 0x4046169a in clone () from /lib/libc.so.6

slapd segfaults, because:

(gdb) p a->d
$2 = (mpi_limb_t *) 0x10

The bug can be reproduced this way:

1) Start slapd ( slapd -d0 -h "ldap:/// ldaps:///" ). Be sure TLS is
enabled in slapd.conf

2) Run the script below concurrently in 4 (the number may vary) consoles
I=1; while ldapwhoami -ZZ -D "<your login DN>" -w "<password>" -x > /dev/null; do I=$[I+1]; done

3) Patience. Usually slapd crashes in 1-2 mins (on Pentium4
2.67ghz), however, sometimes it keeps running for 5-10 mins or even
more. If you were waiting for too long with no "success", restart slapd
and rerun the scripts. You may try increasing/decreasing the number of
concurrent instances of the script too.

By the way, I was able to trigger the bug only with the script
concurrenly running in two or more consoles, so it seems that the bug
only occurs in a threaded environment.

"info sharedlibrary" says the following:

(gdb) info sharedlibrary
>From To Syms Read Shared Object Library
0x400280f0 0x40055920 Yes /usr/lib/libldap_r.so.2
0x4005e5b0 0x40066df0 Yes /usr/lib/liblber.so.2
0x40082530 0x4012c2a0 Yes /usr/lib/libdb-4.2.so
0x40144a70 0x40174250 Yes /usr/lib/libiodbc.so.2
0x40181320 0x40188090 Yes /usr/lib/libiodbcinst.so.2
0x4018cf40 0x40194870 Yes /usr/lib/libslp.so.1
0x40199540 0x401b0fd0 Yes /lib/libm.so.6
0x401bb180 0x401c98e0 Yes /usr/lib/libsasl2.so.2
0x401dd530 0x4023a000 Yes /usr/lib/libgnutls.so.10
0x4024d190 0x40258360 Yes /usr/lib/libtasn1.so.2
0x4025f3b0 0x402abf60 Yes /usr/lib/libgcrypt.so.7
0x402bfc30 0x402cbac0 Yes /lib/libnsl.so.1
0x402d1820 0x402d1d60 Yes /usr/lib/libgpg-error.so.0
0x402d6750 0x402e0f00 Yes /usr/lib/libz.so.1
0x402e6a00 0x402e9330 Yes /lib/libcrypt.so.1
0x403169a0 0x40320ee0 Yes /lib/libresolv.so.2
0x4032a1e0 0x40332d50 Yes /lib/libpthread.so.0
0x40378420 0x4037c5e0 Yes /usr/lib/libltdl.so.3
0x4037eed0 0x4037fdf0 Yes /lib/libdl.so.2
0x40383130 0x40386960 Yes /lib/libwrap.so.0
0x4039fbe0 0x404955d8 Yes /lib/libc.so.6
0x40000c00 0x40011d8f Yes /lib/ld-linux.so.2
0x404bfd90 0x404c5e50 Yes /lib/libnss_files.so.2
0x40019080 0x4001bbb0 Yes /usr/lib/sasl2/libsasldb.so.2
0x404d99e0 0x40569a40 Yes /usr/lib/libdb3.so.3
0x404c7b70 0x404c87a0 Yes /usr/lib/sasl2/libldapdb.so.2
0x40585f20 0x405b1350 Yes /usr/lib/libldap.so.2
0x40577ea0 0x4057a300 Yes /usr/lib/sasl2/libcrammd5.so.2
0x405b9300 0x405c0c50 Yes /usr/lib/sasl2/libdigestmd5.so.2
0x405f4910 0x40698780 Yes
/usr/lib/i686/cmov/libcrypto.so.0.9.7
0x406c7d90 0x406cd4b0 Yes /usr/lib/sasl2/libotp.so.2
0x405c3e00 0x405c5a30 Yes /usr/lib/sasl2/libanonymous.so.2
0x406d1e00 0x406d3b80 Yes /usr/lib/sasl2/libplain.so.2
0x406d5df0 0x406d7b20 Yes /usr/lib/sasl2/liblogin.so.2
0x406da2e0 0x406df2f0 Yes /usr/lib/sasl2/libntlm.so.2
0x406e44b0 0x406fef20 Yes /usr/lib/ldap/back_bdb.so
(gdb)

-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (499, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-ck1-mdx
Locale: LANG=lt_LT, LC_CTYPE=lt_LT

Versions of packages libgcrypt7 depends on:
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libgpg-error0 0.7-3 library for common error values an

-- no debconf information

Message-Id: <E1BmXqS-0001oI-5q@MDXdebian.takas.lt>
Date: Mon, 19 Jul 2004 16:06:16 +0300
From: Modestas Vainius <geromanas@mailas.com>
To: Debian Bug Tracking System <244827@bugs.debian.org>
Subject: libgcrypt7: more info

Package: libgcrypt7
Version: 1.1.90-9
Followup-For: Bug #244827

Hello,

(gdb) bt
#0  0x402a53f5 in _gcry_mpi_copy (a=0x8116a58) at mpiutil.c:229
#1  0x402a57d0 in gcry_mpi_copy (a=0x8116a58) at mpiutil.c:343
#2  0x401ffcb8 in _gnutls_get_dh_params (dh_primes=0x8119ac8,
ret_p=0xbf7fc248, ret_g=0xbf7fc244) at gnutls_dh_primes.c:45
#3  0x401ffb8f in proc_dhe_client_kx (session=0x814a480, data=0x814d818
"", _data_size=98) at auth_dhe.c:268
#4  0x401ebc37 in _gnutls_recv_client_kx_message (session=0x814a480) at
gnutls_kx.c:329
#5  0x401e81c3 in _gnutls_handshake_server (session=0x814a480) at
gnutls_handshake.c:2241
#6  0x401e6ca9 in gnutls_handshake (session=0x814a480) at
gnutls_handshake.c:1892
#7  0x400529a7 in SSL_do_handshake (ssl=0x8147598, end=GNUTLS_SERVER) at
gnutls.c:627
#8  0x40052acd in gnutls_SSL_accept (ssl=0x8147598) at gnutls.c:670
#9  0x40050394 in ldap_pvt_tls_accept (sb=0x814e230, ctx_arg=0x0) at
tls.c:928
#10 0x08058ff0 in connection_read ()
#11 0x080564ab in slapd_daemon_destroy ()
#12 0x4032be51 in pthread_start_thread () from /lib/libpthread.so.0
#13 0x4032becf in pthread_start_thread_event () from
/lib/libpthread.so.0
#14 0x4046169a in clone () from /lib/libc.so.6

slapd segfaults, because:

(gdb) p a->d
$2 = (mpi_limb_t *) 0x10

The bug can be reproduced this way:

1) Start slapd ( slapd -d0 -h "ldap:/// ldaps:///" ). Be sure TLS is
enabled in slapd.conf

2) Run the script below concurrently in 4 (the number may vary) consoles
	I=1; while ldapwhoami -ZZ -D "<your login DN>" -w "<password>" -x > /dev/null; do I=$[I+1]; done

By the way, I was able to trigger the bug only with the script
concurrenly running in two or more consoles, so it seems that the bug
only occurs in a threaded environment.

"info sharedlibrary" says the following:

(gdb) info sharedlibrary
>From        To          Syms Read   Shared Object Library
0x400280f0  0x40055920  Yes         /usr/lib/libldap_r.so.2
0x4005e5b0  0x40066df0  Yes         /usr/lib/liblber.so.2
0x40082530  0x4012c2a0  Yes         /usr/lib/libdb-4.2.so
0x40144a70  0x40174250  Yes         /usr/lib/libiodbc.so.2
0x40181320  0x40188090  Yes         /usr/lib/libiodbcinst.so.2
0x4018cf40  0x40194870  Yes         /usr/lib/libslp.so.1
0x40199540  0x401b0fd0  Yes         /lib/libm.so.6
0x401bb180  0x401c98e0  Yes         /usr/lib/libsasl2.so.2
0x401dd530  0x4023a000  Yes         /usr/lib/libgnutls.so.10
0x4024d190  0x40258360  Yes         /usr/lib/libtasn1.so.2
0x4025f3b0  0x402abf60  Yes         /usr/lib/libgcrypt.so.7
0x402bfc30  0x402cbac0  Yes         /lib/libnsl.so.1
0x402d1820  0x402d1d60  Yes         /usr/lib/libgpg-error.so.0
0x402d6750  0x402e0f00  Yes         /usr/lib/libz.so.1
0x402e6a00  0x402e9330  Yes         /lib/libcrypt.so.1
0x403169a0  0x40320ee0  Yes         /lib/libresolv.so.2
0x4032a1e0  0x40332d50  Yes         /lib/libpthread.so.0
0x40378420  0x4037c5e0  Yes         /usr/lib/libltdl.so.3
0x4037eed0  0x4037fdf0  Yes         /lib/libdl.so.2
0x40383130  0x40386960  Yes         /lib/libwrap.so.0
0x4039fbe0  0x404955d8  Yes         /lib/libc.so.6
0x40000c00  0x40011d8f  Yes         /lib/ld-linux.so.2
0x404bfd90  0x404c5e50  Yes         /lib/libnss_files.so.2
0x40019080  0x4001bbb0  Yes         /usr/lib/sasl2/libsasldb.so.2
0x404d99e0  0x40569a40  Yes         /usr/lib/libdb3.so.3
0x404c7b70  0x404c87a0  Yes         /usr/lib/sasl2/libldapdb.so.2
0x40585f20  0x405b1350  Yes         /usr/lib/libldap.so.2
0x40577ea0  0x4057a300  Yes         /usr/lib/sasl2/libcrammd5.so.2
0x405b9300  0x405c0c50  Yes         /usr/lib/sasl2/libdigestmd5.so.2
0x405f4910  0x40698780  Yes
/usr/lib/i686/cmov/libcrypto.so.0.9.7
0x406c7d90  0x406cd4b0  Yes         /usr/lib/sasl2/libotp.so.2
0x405c3e00  0x405c5a30  Yes         /usr/lib/sasl2/libanonymous.so.2
0x406d1e00  0x406d3b80  Yes         /usr/lib/sasl2/libplain.so.2
0x406d5df0  0x406d7b20  Yes         /usr/lib/sasl2/liblogin.so.2
0x406da2e0  0x406df2f0  Yes         /usr/lib/sasl2/libntlm.so.2
0x406e44b0  0x406fef20  Yes         /usr/lib/ldap/back_bdb.so
(gdb)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (499, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-ck1-mdx
Locale: LANG=lt_LT, LC_CTYPE=lt_LT

Versions of packages libgcrypt7 depends on:
ii  libc6                       2.3.2.ds1-13 GNU C Library: Shared libraries an
ii  libgpg-error0               0.7-3        library for common error values an

-- no debconf information

Ubuntuopenldap2.2 package

Comment 30 for bug 6867

Ubuntu
openldap2.2 package