Changing cert paths may cause openldap to stop - openldap-technical

27 Mar 2014


      Hi,
On 2.4.39 (CentOS 5.10 x86_64), I found that if I attempt to change 
certificate values but there is an error in a path, openldap stops.
I would expect this should be avoided. Openldap should reject the 
modification and not stop.
Running the modification below, it hungs; we press Ctrl-C (and we print 
a full backtrace), then we find slapd is stopped.
Please check the output below.
Best regards,
Nick
Example:
-------------------------------------------------------------------------------
Modification file: /root/work/certmod2:
-------------------------------------------------------------------------------
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: 
/usr/local/openldap/etc/openldap/certs/chain-2241.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /usr/local/openldap/etc/openldap/certs/cert-2241.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: 
/usr/local/openldap/etc/openldap/certs/priv-2241.pem
-------------------------------------------------------------------------------
In this case priv-2241.pem does not exist (the correct value would be: 
key-2241.pem).
-------------------------------------------------------------------------------
Modification attempt:
-------------------------------------------------------------------------------
# /usr/local/openldap/bin/ldapmodify -h localhost -x -v -W -D 
"cn=admin,cn=config" -f /root/work/certmod2
ldap_initialize( ldap://localhost )
Enter LDAP Password:
replace olcTLSCACertificateFile:
/usr/local/openldap/etc/openldap/certs/chain-2241.pem
replace olcTLSCertificateFile:
/usr/local/openldap/etc/openldap/certs/cert-2241.pem
replace olcTLSCertificateKeyFile:
/usr/local/openldap/etc/openldap/certs/priv-2241.pem
modifying entry "cn=config"
<it hungs and we press Ctrl-C>
ldap_result: Can't contact LDAP server (-1)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(gdb) backtrace full
#0  0x00000033bf830265 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00000033bf831d10 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00000033bf829706 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#3  0x000000000044f66d in slap_send_ldap_result (op=0xcd75580, 
rs=0x2ba278651c20) at result.c:813
         tmp = <value optimized out>
         otext = 0x2ba278650664 ""
         oref = 0x0
         __PRETTY_FUNCTION__ = "slap_send_ldap_result"
#4  0x000000000042ca7f in config_back_modify (op=0xcd75580, 
rs=0x2ba278651c20) at bconfig.c:5926
         cfb = 0x8787a0
         ce = 0xffffffff
         last = 0x600000000
         ml = 0x6
         ca = {argc = 2, argv = 0xce77200, argv_size = 513, line = 
0xce75c00 "/usr/local/openldap/etc/openldap/certs/priv-2241.pem",
           tline = 0xc81a880 "\220d\224\f", fname = 0x5c7c99 "slapd", 
lineno = 0, log = "olcTLSCertificateKeyFile: value #0", '\000' <repeats 
4089 times>,
           reply = {err = 0, msg = '\000' <repeats 255 times>}, depth = 
0, valx = -1, values = {v_int = 209823808, v_uint = 209823808, v_long = 
209823808,
             v_ulong = 209823808, v_ber_t = 209823808, v_string = 
0xc81a840 "/usr/local/openldap/etc/openldap/certs/priv-2241.pem", v_bv = 
{bv_len = 209823808,
               bv_val = 0x0}, v_dn = {vdn_dn = {bv_len = 209823808, 
bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}, v_ad = 0xc81a840}, 
rvalue_vals = 0x0,
           rvalue_nvals = 0x0, op = 0, type = 8, ca_op = 0xcd75580, be = 
0x87a520, bi = 0x0, ca_entry = 0xc81ab48, ca_private = 0xc81a280,
           cleanup = 0x427850 <config_tls_cleanup>, table = Cft_Global}
         rdn = {bv_len = 2, bv_val = 0xc81a7e0 "cn=config"}
         rad = 0xc7c4e90
         do_pause = 1
#5  0x0000000000455ff7 in fe_op_modify (op=0xcd75580, rs=0x2ba278651c20) 
at modify.c:303
         repl_user = <value optimized out>
         bd = 0x87a520
         textbuf = 
"\005\000\000\000\000\000\000\000xZ\327\f\000\000\000\000h[\327\f\000\000\000\000\003\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\270Z\327\f\000\000\000\000P\271}\f\000\000\000\000\000\\347\f\000\000\000\000\320[\347\f\000\000\000\000:\213E", 
'\000' <repeats 21 times>, 
"4\000\000\000\000\000\000\000\000\\347\f\000\000\000\000\270U\327\f", 
'\000' <repeats 12 times>, "@\\347\f", '\000' <repeats 12 times>"\340, 
\272}\f\000\000\000\000\020", '\000' <repeats 15 times>"\304, 
XE\000\000\000\000\000\340:\306\f\000\000\000\000\000\001\000\000\000\000\000\000\320\032ex\242+\000\000@\034ex\242+\000\000\200U\327\f\000\000\000\000\001\000\000\000\000\000\000\000\270U\327\f\000\000\000\000\250U\327\f\000\000\000\000\340:\306\f\000\000\000\000\251\063"...
#6  0x0000000000456762 in do_modify (op=0xcd75580, rs=0x2ba278651c20) at 
modify.c:177
         dn = {bv_len = 9, bv_val = 0xcd75459 "cn=config"}
         textbuf = 
"\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000 
\000\000\000\000\000\000\000\004", '\000' <repeats 15 times>"\377, 
\017\000\000\000\000\000\000\260\005\002", '\000' <repeats 14 
times>"\360, \377\377\377\377\377\377\000\000\000\000~", '\000' <repeats 
27 times>"\271, \312\065\062"", '\000' <repeats 11 times>"\340, 
I\265\277\063\000\000\000\000\000\020\000\000\000\000\000\000\000\020\000\000\000\000\000\001\000\000\000\000\000\000\000\340:\306\f\000\000\000\000\000\000\020\000\000\000\000\000\236@\207\277\063", 
'\000' <repeats 13 times>, 
"\020\000\000\000\000\000p\035ex\242+\000\000Mc[\000\000\000\000\000\000\000\020\000\000\000\000\000\373\210E\000\000\000\000\000\001\000\000\000\000\000\000\000\330\002I\000\000\000\000\000\200U\327\f\000\000\000\000]\226F---Type 
<return> to continue, or q <return> to quit---
000\000\000\000"
         tmp = 0x0
#7  0x000000000043f0d5 in connection_operation (ctx=0x2ba278651d70, 
arg_v=<value optimized out>) at connection.c:1155
         rc = <value optimized out>
         cancel = <value optimized out>
         op = 0xcd75580
         rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 
-1, sr_matched = 0x0, sr_text = 0x2ba278650664 "", sr_ref = 0x0, 
sr_ctrls = 0x0,
           sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, 
r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 
0x0}, sru_sasl = {
               r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, 
r_rspdata = 0x0}}, sr_flags = 0}
         tag = 102
         opidx = SLAP_OP_MODIFY
         conn = 0xc9c2d20
         memctx = 0xcc63ae0
         memctx_null = 0x0
         __PRETTY_FUNCTION__ = "connection_operation"
#8  0x000000000043f6af in connection_read_thread (ctx=0x2ba278651d70, 
argv=<value optimized out>) at connection.c:1291
         s = 12
#9  0x000000000058d92c in ldap_int_thread_pool_wrapper (xpool=0xc7c8430) 
at tpool.c:688
         task = 0xcd752f0
         work_list = <value optimized out>
         ctx = {ltu_id = 47976804591936, ltu_key = {{ltk_key = 0x43e040, 
ltk_data = 0xcd75950, ltk_free = 0x43e110 <conn_counter_destroy>}, {
               ltk_key = 0x48ff50, ltk_data = 0xcc63ae0, ltk_free = 
0x48ff70 <slap_sl_mem_destroy>}, {ltk_key = 0x0, ltk_data = 0x0,
               ltk_free = 0} <repeats 30 times>}}
         kctx = <value optimized out>
         keyslot = 435
         hash = <value optimized out>
         __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#10 0x00002ba23235583d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#11 0x00000033bf8d526d in clone () from /lib64/libc.so.6
No symbol table info available.
-------------------------------------------------------------------------------