[Bug 1026057] [NEW] Segfault when setting bad olcTLSCipherSuite
Joonas Koivunen
joonas.koivunen at gmail.com
Wed Jul 18 10:10:31 UTC 2012
Public bug reported:
Steps to reproduce:
1. Configure olcTLSCertificateFile & olcTLSCertificateKeyFile:
dn: cn=config
changeType: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /some/valid/pemfile/path
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /some/valid/pemfile/path
(At this point openldap started to support STARTTLS and began working as
a sssd authentication backend.)
2. Try configuring olcTLSCipherSuite to an openssl kind, for example:
dn: cn=config
changeType: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:!NULL:!EXP
Expected result in gnutls compiled openldap: some kind of refusal of
configuration change (gnutls does not apparently support any kind of
ciphersuite names like openssl).
Actual result: segfault [01-slapd-stderr.log]
Syslog message about crash: kernel: [ 4158.532053] slapd[2696]: segfault
at 7fa824106008 ip 00007fa837ad10b5 sp 00007fa830df8110 error 4 in
libc-2.15.so[7fa837a52000+1b3000]
>From administrators perspective openldap would be easier to configure
should it be compiled against openssl instead of gnutls as ciphersuites
would be simpler to specify. I'm not aware if openssl build would crash
here as well. Crash is however rather bad indicator of "unsupported
configuration value".
# apt-cache policy slapd
slapd:
Installed: 2.4.28-1.1ubuntu4
Candidate: 2.4.28-1.1ubuntu4
Version table:
*** 2.4.28-1.1ubuntu4 0
500 http://fi.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
100 /var/lib/dpkg/status
# lsb_release -rd
Description: Ubuntu 12.04 LTS
Release: 12.04
# slapd -VVV
@(#) $OpenLDAP: slapd (Apr 5 2012 16:22:20) $
buildd at allspice:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
Included static backends:
config
ldif
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1026057
Title:
Segfault when setting bad olcTLSCipherSuite
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1026057/+subscriptions
More information about the Ubuntu-server-bugs
mailing list