(ITS#5218) ber_get_next at /liblber/io.c:710 - openldap-bugs

6 Nov 2007


      Full_Name: Daniel Appleby
Version: 3
OS: RHEL4 Update 5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.184.138.7)
Hi,
I am getting a signal 6 (abort) in the samba logs which reports:
[2007/11/06 19:01:06, 0, effective(0, 0), real(0, 0)]
lib/smbldap.c:smbldap_search_suffix(1155)
  smbldap_search_suffix: Problem during the LDAP search:  (Local error)
smbd: ../../../libraries/liblber/io.c:516: ber_get_next: Assertion `ber->ber_buf
== ((void *)0)' failed.
It dropped a core and here is the full backtrace:
#0  0x003db7a2 in ?? ()
#1  0x0025f7a5 in raise () from /lib/tls/libc.so.6
#2  0x00261209 in abort () from /lib/tls/libc.so.6
#3  0x007f06f4 in smb_panic2 (why=0x0, decrement_pid_count=1) at
lib/util.c:1565
#4  0x007f086c in smb_panic (why=0x0) at lib/util.c:1454
#5  0x007dcd8f in sig_fault (sig=0) at lib/fault.c:41
#6  <signal handler called>
#7  0x003db7a2 in ?? ()
#8  0x0025f7a5 in raise () from /lib/tls/libc.so.6
#9  0x00261209 in abort () from /lib/tls/libc.so.6
#10 0x00258d91 in __assert_fail () from /lib/tls/libc.so.6
#11 0x0094c1f5 in ber_get_next (sb=0x99231b0, len=0xbfe4072c, ber=0x992d880) at
../../../libraries/liblber/io.c:710
#12 0x0011a6a2 in try_read1msg (ld=0x9923100, msgid=10, all=1, sb=0x99231b0,
lcp=0xbfe407dc, result=0xbfe40d34) at ../../../libraries/libldap/result.c:473
#13 0x0011bb6f in ldap_result (ld=0x9923100, msgid=10, all=1, timeout=0x0,
result=0xbfe40d34) at ../../../libraries/libldap/result.c:378
#14 0x0011d28b in ldap_search_s (ld=0x9923100, base=0x992a618
"dc=deakin,dc=edu,dc=au", scope=2,
    filter=0x992da08 "(&(uid=pfield)(objectclass=sambaSamAccount))",
attrs=0x992c580, attrsonly=0, res=0xbfe40d34)
    at ../../../libraries/libldap/search.c:364
#15 0x0086a9ff in smbldap_search (ldap_state=0x9922e70, base=0x992a618
"dc=deakin,dc=edu,dc=au", scope=2,
    filter=0xbfe408f0 "(&(uid=pfield)(objectclass=sambaSamAccount))",
attrs=0x992c580, attrsonly=0, res=0xbfe40d34) at lib/smbldap.c:1047
#16 0x0086b116 in smbldap_search_suffix (ldap_state=0x9922e70, filter=0xbfe408f0
"(&(uid=pfield)(objectclass=sambaSamAccount))", search_attr=0x992c580,
    result=0xbfe40d34) at lib/smbldap.c:1148
#17 0x007c1cda in ldapsam_search_suffix_by_name (ldap_state=0x9922e00,
user=Variable "user" is not available.
) at passdb/pdb_ldap.c:227
#18 0x007c524d in ldapsam_getsampwnam (my_methods=0x9922d70, user=0x992c410,
sname=0x992d928 "pfield") at passdb/pdb_ldap.c:1291
#19 0x007bbaea in context_getsampwnam (context=0x9922c20, sam_acct=0x992c410,
username=0x992d928 "pfield") at passdb/pdb_interface.c:197
#20 0x007bdbcf in pdb_getsampwnam (sam_acct=0x992c410, username=0x992d928
"pfield") at passdb/pdb_interface.c:883
#21 0x0082b2ad in check_sam_security (auth_context=0x9878dd0,
my_private_data=0x0, mem_ctx=0x9924808, user_info=0x992d8b8,
server_info=0x992afc0)
    at auth/auth_sam.c:240
#22 0x0082c54a in check_samstrict_security (auth_context=0x9878dd0,
my_private_data=0x0, mem_ctx=0x0, user_info=0x992d8b8, server_info=0x0)
    at auth/auth_sam.c:372
#23 0x00829789 in check_ntlm_password (auth_context=0x9878dd0,
user_info=0x992d8b8, server_info=0x992afc0) at auth/auth.c:255
#24 0x0083372e in auth_ntlmssp_check_password (ntlmssp_state=0x992bd68,
user_session_key=0x0, lm_session_key=0x0) at auth/auth_ntlmssp.c:108
#25 0x00710a36 in ntlmssp_server_auth (ntlmssp_state=0x992bd68, request={data =
0x992c358 "NTLMSSP", length = 176, free = 0x7edc20 <free_data_blob>},
    reply=0xbfe41350) at libsmb/ntlmssp.c:663
#26 0x0070ff0a in ntlmssp_update (ntlmssp_state=0x992bd68, in={data = 0x992c358
"NTLMSSP", length = 176, free = 0x7edc20 <free_data_blob>}, out=0xbfe41350)
    at libsmb/ntlmssp.c:259
#27 0x00833aa6 in auth_ntlmssp_update (auth_ntlmssp_state=0x0, request={data =
0x992c358 "NTLMSSP", length = 176, free = 0x7edc20 <free_data_blob>},
    reply=0x0) at auth/auth_ntlmssp.c:187
#28 0x006b17a1 in reply_sesssetup_and_X_spnego (conn=0x0, inbuf=0xb7bc2008 "",
outbuf=0xb7ba1008 "", length=354, bufsize=131072) at smbd/sesssetup.c:504
#29 0x006b2eb2 in reply_sesssetup_and_X (conn=0x0, inbuf=0xb7bc2008 "",
outbuf=0xb7ba1008 "", length=354, bufsize=131072) at smbd/sesssetup.c:669
#30 0x006d95e2 in switch_message (type=115, inbuf=0xb7bc2008 "",
outbuf=0xb7ba1008 "", size=354, bufsize=0) at smbd/process.c:968
#31 0x006d9a1c in process_smb (inbuf=0xb7bc2008 "", outbuf=0xb7ba1008 "") at
smbd/process.c:998
#32 0x006da744 in smbd_process () at smbd/process.c:1560
#33 0x0086d057 in main (argc=2, argv=0xbfe44664) at smbd/server.c:900
Our openldap version is openldap-2.2.13-7.4E. I know that this is a redhat
package etc but I would like to know if this has already been fixed or not? If
it has been fixed can you let me know what version it was fixed in as I will
need to supply redhat with a patch.
Is anyone able to tell me how/why this occurs?
If you need more info please let me know
Thanks In Advance
Daniel