Re: (ITS#4723) SEGV in syncprov search - openldap-bugs

21 Nov 2006


      Since test033 didn't replicate, I ran librtc against a full production 
config. The SEGV occurred here (note we're not inside malloc due to librtc 
redzone features):
<rtc> Write to unallocated (wua) on thread 11:
Attempting to write 1 byte at address 0xc886b0
     which is just past heap block of size 128 bytes at 0xc88630
This block was allocated from:
    [1] default_malloc_ex() at line 79 in "mem.c"
    [2] CRYPTO_malloc() at line 304 in "mem.c"
    [3] RSA_eay_private_decrypt() at line 488 in "rsa_eay.c"
    [4] RSA_private_decrypt() at line 292 in "rsa_lib.c"
    [5] ssl3_get_client_key_exchange() at line 1454 in "s3_srvr.c"
    [6] ssl3_accept() at line 448 in "s3_srvr.c"
    [7] SSL_accept() at line 816 in "ssl_lib.c"
    [8] ldap_pvt_tls_accept() at line 863 in "tls.c"
Location of error:
current thread: t@11
=>[1] BN_bn2bin(a = 0xd93ff3d4, to = 0xc886b0 ""), line 649 in "bn_lib.c"
   [2] RSA_eay_private_decrypt(flen = 128, from = 0xc76066 "6^D\xf3\xd8\xfb\xa4\x83^H5\xd8b\xa2\xe2\xd9\xdf_0`(^T:w\xd8\xff^C\xf7W\xe2_\xaar\xec\xc7\xf5~\xf1\xf1E{^NX\xe2.\xf5\xa4B^L\xf6$\xb7=\x8er\xde\xee\xce^R^W\x95^?^?", to = 0xc76066 "6^D\xf3\xd8\xfb\xa4\x83^H5\xd8b\xa2\xe2\xd9\xdf_0`(^T:w\xd8\xff^C\xf7W\xe2_\xaar\xec\xc7\xf5~\xf1\xf1E{^NX\xe2.\xf5\xa4B^L\xf6$\xb7=\x8er\xde\xee\xce^R^W\x95^?^?", rsa = 0xbb5a08, padding = 1), line 576 in "rsa_eay.c"
   [3] RSA_private_decrypt(flen = 128, from = 0xc76066 "6^D\xf3\xd8\xfb\xa4\x83^H5\xd8b\xa2\xe2\xd9\xdf_0`(^T:w\xd8\xff^C\xf7W\xe2_\xaar\xec\xc7\xf5~\xf1\xf1E{^NX\xe2.\xf5\xa4B^L\xf6$\xb7=\x8er\xde\xee\xce^R^W\x95^?^?", to = 0xc76066 "6^D\xf3\xd8\xfb\xa4\x83^H5\xd8b\xa2\xe2\xd9\xdf_0`(^T:w\xd8\xff^C\xf7W\xe2_\xaar\xec\xc7\xf5~\xf1\xf1E{^NX\xe2.\xf5\xa4B^L\xf6$\xb7=\x8er\xde\xee\xce^R^W\x95^?^?", rsa = 0xbb5a08, padding = 1), line 292 in "rsa_lib.c"
   [4] ssl3_get_client_key_exchange(s = 0xc74500), line 1454 in "s3_srvr.c"
   [5] ssl3_accept(s = 0xc74500), line 448 in "s3_srvr.c"
   [6] SSL_accept(s = 0xc74500), line 816 in "ssl_lib.c"
   [7] ldap_pvt_tls_accept(sb = 0xc74068, ctx_arg = 0xb53bd8), line 863 in "tls.c"
   [8] connection_read(s = 46), line 1337 in "connection.c"
   [9] slapd_daemon_task(ptr = (nil)), line 2352 in "daemon.c"
This system is running OpenSSL 0.9.7l, although I've seen the #4723 
segfault (not under debugger, alas) on 0.9.7d systems as well.
Is there any easy way to turn on traffic encryption in 'make test', 
possibly with some on-the-fly self-gen certs?