Re: (ITS#8797) improper use of gnutls causes segfault

Monday, 15 January 2018

On Mon, Jan 15, 2018 at 07:33:52PM +0000, lukas(a)selfnet.de wrote:
...
During initialization, libldap sets custom  gnutls mutex functions:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=librari...

PAM uses libldap via dlopen and unloads it when it's done, but openldap doesn't
undo gnutls_global_set_mutex, so any further calls to locking functions inside
openldap will segfault since these function pointers now point to nowhere since
openldap is unloaded.

I encountered this issue in cups since cups uses gnutls itself for the web
interface and segfaults when it uses gnutls after libldap. 
Thanks for this report.

This is not the first issue caused by our usage of the custom mutex 
functions; see also <https://bugs.debian.org/803197>;.

Removing the custom mutex functions and (for sufficiently recent GnuTLS) 
the calls to gnutls_global_{,de}init() looks like a more and more 
attractive solution. I am not aware of anyone using OpenLDAP with GnuTLS 
on a platform for which GnuTLS lacks built-in mutex functions...

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006