(ITS#7677) slapd crashes when modifying cn=config - openldap-bugs

30 Aug 2013


      Full_Name: Oliver Loch
Version: 2.4.36
OS: Ubuntu 13.04
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.134.35.240)
Hi,
when chaning TLS related configuration in cn=config, slapd crashes.
The slapd version 2.4.36 I'm using are packages that I built on my own with the
help of the original Debian (!) source packages for 2.4.35. Even if the source
packages come from Debian, they have been built on Ubuntu 13.04 and are used on
Ubuntu 13.04. There are no "binary parts" of Debian involved in any way. If you
want the source packages, just let me know.
I kicked a lot of patches including the GNUTLS stuff and linked against
OpenSSL.
# ldd $(which slapd)
        linux-vdso.so.1 =>  (0x00007fffeddfe000)
        libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
(0x00007f0a66da9000)
        liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2
(0x00007f0a66b9b000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0x00007f0a66988000)
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2
(0x00007f0a6676d000)
        libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
(0x00007f0a66534000)
        libslapi-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libslapi-2.4.so.2
(0x00007f0a66315000)
        libltdl.so.7 => /usr/lib/x86_64-linux-gnu/libltdl.so.7
(0x00007f0a6610b000)
        libwrap.so.0 => /lib/x86_64-linux-gnu/libwrap.so.0 (0x00007f0a65f01000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007f0a65ce3000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0a6591b000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x00007f0a65701000)
        libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007f0a654a3000)
        libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f0a650c8000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0a64ec4000)
        libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007f0a64ca9000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f0a6738c000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f0a64a92000)
#
I'm able to change any of the olcTLS* attributes in cn=config and only
"olcTLSCACertificateFile" crashes slapd. When adding, the data is written to the
cn=config backend and stored there (data available after a restart), when
deleting, slapd crashes before the data has been written back.
The LDIF file looks like this:
===== SNIP ===== 8< ========
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/some.cert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/private/cert.server.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/key.server.pem
-
add: olcTLSDHParamFile
olcTLSDHParamFile: /etc/ssl/private/system.dhparam
-
add: olcTLSVerifyClient
olcTLSVerifyClient: allow
-
add: olcTLSCRLCheck
olcTLSCRLCheck: all
-
add: olcTLSCRLFile
olcTLSCRLFile: /etc/ssl/certs/somecrl.crl.pem
-
======= >8 ======= SNAP ========
The files do all exist and can be accessed by slapd.
The error message before slapd core dumps:
slapd: ../../../../servers/slapd/result.c:813: slap_send_ldap_result: Assertion
`!((rs->sr_err)<0)' failed.
Aborted (core dumped)
It looks pretty similar to ITS#7676.
If you have questions, feel free to contact me.
KR,
Oliver