Full_Name: Kevin Martin
Version: 2.4.44
OS: Oracle Linux 7
URL:
Submission from: (NULL) (160.34.110.215)
Running Openldap 2.4.42 and/or 2.4.44 I am able to crash slapd at will running
ldappasswd as root changing another users password. On another openldap server
running 2.4.42 the same change works flawlessly. Here's my setup:
Command run:
ldappasswd -d1 -ZZ "uid=chaliburt,ou=People,dc=ccd,dc=com" -D
"cn=Manager,dc=ccd,dc=com" -H ldap://ldapx.mgt.ccd -W -S
New password:
Re-enter new password:
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
Bad Server:
Oracle Linux 7 3.8.13-118.2.5.el7uek.x86_64
openldap 2.4.44
]# ldd /usr/local/libexec/slapd
linux-vdso.so.1 => (0x00007ffca8b85000)
libltdl.so.7 => /lib64/libltdl.so.7 (0x00007f8a8ea45000)
libdb-5.3.so => /lib64/libdb-5.3.so (0x00007f8a8e687000)
l libssl.so.10 => /lib64/libssl.so.10 (0x00007f8a8e41a000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f8a8e033000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f8a8de19000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f8a8dbfd000)
libc.so.6 => /lib64/libc.so.6 (0x00007f8a8d83f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f8a8d63b000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f8a8d3ef000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f8a8d10a000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f8a8cf06000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f8a8ccd4000)
libz.so.1 => /lib64/libz.so.1 (0000007f8a8cabe000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8a8ec4f000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f8a8c8af000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f8a8c6ab000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f8a8c487000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f8a8c226000)
liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f8a8c001000)
last bits of an strace of slapd shows:
[pid 26360] sendto(3, "<167>Feb 11 15:30:01 slapd[26357"..., 109, MSG_NOSIGNAL,
NULL, 0 <unfinished ...>
[pid 26359] epoll_wait(6, <unfinished ...>
[pid 26360] <... sendto resumed> ) = 109
[pid 26360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
[pid 26361] +++ killed by SIGSEGV +++
[pid 260%5] +++ killed by SIGSEGV +++
[pid 26359] +++ killed by SIGSEGV +++
+++ killed by SIGSEGV +++
slapd.log shows:
Feb 12 06:53:48 ldapx slapd[30367]: conn=1000 fd=19 ACCEPT from
IP=172.17.206.55:42250 (IP=0.0.0.0:389)
b b 12 06:53:48 ldapx slapd[30367]: conn=1000 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Feb 12 06:53:48 ldapx slapd[30367]: conn=1000 op=0 STARTTLS
Feb 12 06:53:48 ldapx slapd[30367]: conn=1000 op=0 RESULT oid= err=0 text=
Feb 12 06:53:48 ldapx slapd[30367]: conn=1000 fd=19 TLS established tls_ssf=256
ssf=256
Feb 12 06:53:56 ldapx slapd[30367]: conn=1000 op=1 BIND
dn="cn=Manager,dc=ccd,dc=com" method=128
Feb 12 06:53:56 ldapx slapd[30367]: conn=1000 op=1 BIND
dn="cn=Manager,dc=ccd,dc=com" mech=SIMPLE ssf=0
Feb 12 06:53:56 ldapx slapd[30367]: co%3=1000 op=1 RESULT tag=97 err=0 text=
Feb 12 06:53:56 ldapx slapd[30367]: conn=1000 op=2 EXT
oid=1.3.6.1.4.1.4203.1.11.1
Feb 12 06:53:56 ldapx slapd[30367]: conn=1000 op=2 PASSMOD
id="uid=chaliburt,ou=People,dc=ccd,dc=com" new
then ththing after this.
Good openldap server:
Oracle Linux 7 3.8.13-118.2.5.el7uek.x86_64
openldap 2.4.42
# ldd /usr/local/libexec/slapd
linux-vdso.so.1 => (0x00007ffd17779000)
libltdl.so.7 => /lib64/libltdl.so.7 (0x00007f5e152e2000)
libdb-5.3.so => /lib64/libdb-5.3.so (0x00007f5e14f24000)
libssl.so.10 => /lib64/libssl.so.10 (0x00007f5e14cb7000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f5e148d0000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f5e146b6000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5e1449a000)
libc.so.6 => /lib64/libc.so.6 (0x00007f5e140dc000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f5e13ed8000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f5e13c8c000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f5e139a7000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5e137a3000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5e13571000)
libz.so.1 => /lib64/libz.so.1 (0x00007f5e1335b000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5e154ec000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f5e1314c000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f5e12f48000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5e12d24000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f5e12ac3000)
liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f5e1289e000)
What else would you like to help figure this out?